Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rubygem-delayed_job@2.1.4-3?arch=el6cf
purl pkg:rpm/redhat/rubygem-delayed_job@2.1.4-3?arch=el6cf
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (11)
Vulnerability Summary Fixed by
VCID-6h6n-7frd-1ked
Aliases:
CVE-2012-6116
Candlepin: bootstrap RPM deploys CA certificate file with mode 666 There are no reported fixed by versions.
VCID-91xe-ev7t-akb9
Aliases:
CVE-2012-6109
GHSA-h77x-m5q8-c29h
OSV-89317
Uncontrolled Resource Consumption lib/rack/multipart.rb in Rack uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. There are no reported fixed by versions.
VCID-9qc2-be2u-vfgv
Aliases:
CVE-2013-1823
Katello: Notifications page Username XSS There are no reported fixed by versions.
VCID-9uh8-upzm-7bgd
Aliases:
CVE-2013-0184
GHSA-v882-ccj6-jc48
OSV-89327
Uncontrolled Resource Consumption Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." There are no reported fixed by versions.
VCID-c3cm-h13f-jubq
Aliases:
CVE-2012-6119
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. There are no reported fixed by versions.
VCID-ebq1-gkhe-pua7
Aliases:
CVE-2013-0269
GHSA-x457-cw4h-hq5f
OSV-101137
Denial of Service and SQL Injection This package allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka. There are no reported fixed by versions.
VCID-hbtn-7423-m3gb
Aliases:
CVE-2013-0276
GHSA-gr44-7grc-37vq
OSV-90072
Circumvention of attr_protected The attr_protected method allows developers to specify a denylist of model attributes which users should not be allowed to assign to. By using a specially crafted request, attackers could circumvent this protection and alter values that were meant to be protected. There are no reported fixed by versions.
VCID-pb4n-q6u8-syds
Aliases:
CVE-2013-0256
GHSA-v2r9-c84j-v7xm
OSV-90004
XSS exploit of RDoc documentation generated by rdoc This exploit may lead to cookie disclosure to third parties. The exploit exists in darkfish.js which is copied from the RDoc install location to the generated documentation. RDoc is a static documentation generation tool. Patching the library itself is insufficient to correct this exploit. There are no reported fixed by versions.
VCID-teq8-nqhf-xbbq
Aliases:
CVE-2013-0183
GHSA-3pxh-h8hw-mj8w
OSV-89320
Improper Restriction of Operations within the Bounds of a Memory Buffer multipart/parser.rb in Rack allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. There are no reported fixed by versions.
VCID-vspr-h3ds-dudq
Aliases:
CVE-2013-0162
GHSA-8mvw-22r7-w6fq
OSV-90561
Incorrect temporary file usage The ruby_parser Gem does not create temporary files securely. In the `diff_pp` function contained in `lib/gauntlet_rubyparser.rb` function, it creates files as `/tmp/a.[pid]` and `/tmp/b.[pid]` which can be predicted and used for either a denial of service (file cannot be overwritten), or to change the contents of files that are writable. There are no reported fixed by versions.
VCID-y12d-fjpf-uubh
Aliases:
CVE-2013-0263
GHSA-xc85-32mf-xpv8
OSV-89939
Timing attack against Rack::Session::Cookie Affected versions allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving am HMAC comparison function that does not run in constant time. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:55:39.646481+00:00 RedHat Importer Affected by VCID-9uh8-upzm-7bgd https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json 38.0.0
2026-04-01T14:55:39.278734+00:00 RedHat Importer Affected by VCID-91xe-ev7t-akb9 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json 38.0.0
2026-04-01T14:54:38.490566+00:00 RedHat Importer Affected by VCID-c3cm-h13f-jubq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6119.json 38.0.0
2026-04-01T14:53:21.457387+00:00 RedHat Importer Affected by VCID-teq8-nqhf-xbbq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0183.json 38.0.0
2026-04-01T14:53:16.952354+00:00 RedHat Importer Affected by VCID-vspr-h3ds-dudq https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json 38.0.0
2026-04-01T14:52:32.075102+00:00 RedHat Importer Affected by VCID-pb4n-q6u8-syds https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0256.json 38.0.0
2026-04-01T14:52:31.585592+00:00 RedHat Importer Affected by VCID-y12d-fjpf-uubh https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0263.json 38.0.0
2026-04-01T14:52:30.847242+00:00 RedHat Importer Affected by VCID-hbtn-7423-m3gb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0276.json 38.0.0
2026-04-01T14:52:30.518789+00:00 RedHat Importer Affected by VCID-ebq1-gkhe-pua7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0269.json 38.0.0
2026-04-01T14:52:16.166308+00:00 RedHat Importer Affected by VCID-6h6n-7frd-1ked https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6116.json 38.0.0
2026-04-01T14:52:01.319082+00:00 RedHat Importer Affected by VCID-9qc2-be2u-vfgv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1823.json 38.0.0