Search for packages
| purl | pkg:rpm/redhat/rh-ruby23-rubygem-redhat_access_cfme@2.0.3-1?arch=el7cf |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-q4bk-1qay-ffbh
Aliases: CVE-2018-10905 |
cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root | There are no reported fixed by versions. |
|
VCID-s6cp-dk5r-v3aw
Aliases: CVE-2018-3760 GHSA-pr3h-jjhj-573x |
Information Exposure The package sprockets may leak confidential information. Specially crafted requests can be used to access files that exist on the filesystem that are outside an application's root directory when the server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:23:54.623010+00:00 | RedHat Importer | Affected by | VCID-s6cp-dk5r-v3aw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3760.json | 38.0.0 |
| 2026-04-01T14:23:18.157196+00:00 | RedHat Importer | Affected by | VCID-q4bk-1qay-ffbh | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10905.json | 38.0.0 |