VulnerableCode Package Details - pkg:rpm/redhat/rubygem-rake@0.8.7-2.1?arch=el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-1935-brew-2ka7 Aliases: CVE-2012-2684	cumin: SQL injection flaw	There are no reported fixed by versions.
VCID-1r79-ts6t-hufh Aliases: CVE-2014-3674	Enterprise: gears fail to properly isolate network traffic	There are no reported fixed by versions.
VCID-2h9v-ygzk-subd Aliases: CVE-2012-3493	condor: GIVE_REQUEST_AD leaks privileged ClaimId information	There are no reported fixed by versions.
VCID-2wvq-kmeb-mqfm Aliases: CVE-2012-4458	qpid-cpp: long arrays of zero-width types cause a denial of service	There are no reported fixed by versions.
VCID-3cem-ukxc-xff1 Aliases: CVE-2012-2685	cumin: DoS via large image requests	There are no reported fixed by versions.
VCID-4nhn-xh71-5qhr Aliases: CVE-2012-4459	qpid-cpp: crash due to qpid::framing::Buffer::checkAvailable() wraparound	There are no reported fixed by versions.
VCID-5ey2-dm5w-y7a6 Aliases: CVE-2014-3602	OpenShift: /proc/net/tcp information disclosure	There are no reported fixed by versions.
VCID-62p2-dmen-jqap Aliases: CVE-2012-2683	cumin: multiple XSS flaws	There are no reported fixed by versions.
VCID-9n53-ms2m-r7cf Aliases: CVE-2012-3459	cumin: allows for editing internal Condor job attributes	There are no reported fixed by versions.
VCID-b6rd-kvqr-93gr Aliases: CVE-2012-3491	condor: local users can abort any idle jobs	There are no reported fixed by versions.
VCID-c883-yge1-yygb Aliases: CVE-2014-0084 GHSA-756m-3qf2-hp58	openshift-origin-node Improper Input Validation vulnerability Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly.	There are no reported fixed by versions.
VCID-g2j7-23qw-3fdn Aliases: CVE-2012-2734	cumin: CSRF flaw	There are no reported fixed by versions.
VCID-gb62-cbpn-5fbe Aliases: CVE-2012-3492	condor: lock directories created mode 0777 allow for FS-based authentication challenge bypass	There are no reported fixed by versions.
VCID-nbnz-9r6v-j7fk Aliases: CVE-2012-2680	cumin: authentication bypass flaws	There are no reported fixed by versions.
VCID-rrwv-dzq7-9ybd Aliases: CVE-2013-2034 GHSA-fg4r-f9j2-36mw	Jenkins Cross-Site Request Forgery vulnerabilities Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.	There are no reported fixed by versions.
VCID-s2ka-cp49-q3hz Aliases: CVE-2014-0175	mcollective: default password set at install	There are no reported fixed by versions.
VCID-txhd-b6t6-nuhy Aliases: CVE-2012-2735	cumin: session fixation flaw	There are no reported fixed by versions.
VCID-vnm4-gfjh-8qa7 Aliases: CVE-2014-0234	openshift-origin-broker: default password creation	There are no reported fixed by versions.
VCID-xenc-mfdw-mucm Aliases: CVE-2013-1808	stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer	There are no reported fixed by versions.
VCID-yc33-fvyw-guf3 Aliases: CVE-2012-2681	cumin: weak session keys	There are no reported fixed by versions.
VCID-yk5h-r1m4-ckds Aliases: CVE-2012-4446 GHSA-mrgh-6x42-x6xf	Improper Authentication The default configuration for Apache Qpid 0.20 and earlier, when the federation_tag attribute is enabled, accepts AMQP connections without checking the source user ID, which allows remote attackers to bypass authentication and have other unspecified impact via an AMQP request.	There are no reported fixed by versions.
VCID-z46p-c93u-auav Aliases: CVE-2013-2033 GHSA-826f-32qm-vm3j	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2013-2033 Jenkins: Build Description XSS	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1935-brew-2ka7
Aliases:
CVE-2012-2684

cumin: SQL injection flaw