Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/rubygem-sinatra@1:1.3.6-27?arch=el6sat
purl pkg:rpm/redhat/rubygem-sinatra@1:1.3.6-27?arch=el6sat
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (15)
Vulnerability Summary Fixed by
VCID-1yu9-avtx-cybv
Aliases:
CVE-2015-1844
foreman: API not scoping resources to taxonomies There are no reported fixed by versions.
VCID-7f1h-1fw8-k7c4
Aliases:
CVE-2015-3155
foreman: the _session_id cookie is issued without the Secure flag There are no reported fixed by versions.
VCID-8wen-twwa-8khm
Aliases:
CVE-2014-3653
foreman: cross-site scripting (XSS) flaw in template preview screen There are no reported fixed by versions.
VCID-b9ad-t22m-9ya8
Aliases:
CVE-2016-3108
pulp: Insecure temporary file used when generating certificate for Pulp Nodes There are no reported fixed by versions.
VCID-j162-yzbc-cycs
Aliases:
CVE-2016-3111
pulp: Race condition when generating RSA keys for authenticating messages between server and consumers There are no reported fixed by versions.
VCID-pwuz-vu73-b7f2
Aliases:
CVE-2016-3107
pulp: Node certificate containing private key stored in world-readable file There are no reported fixed by versions.
VCID-qj42-dfhb-mqep
Aliases:
CVE-2016-3112
pulp: Agent certificate containing private key is stored in world-readable file There are no reported fixed by versions.
VCID-rc65-py17-kuhm
Aliases:
CVE-2015-1816
foreman: lack of SSL certificate validation when performing LDAPS authentication There are no reported fixed by versions.
VCID-sh6q-bacd-4fah
Aliases:
CVE-2015-5282
foreman: XSS in hidden parameter value switcher There are no reported fixed by versions.
VCID-sqjb-qpyd-p7gn
Aliases:
CVE-2015-3235
foreman: edit_users permission allows changing of admin passwords There are no reported fixed by versions.
VCID-tbug-mv5x-uucb
Aliases:
CVE-2013-4346
GHSA-4433-4cxq-vv73
PYSEC-2014-85
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. There are no reported fixed by versions.
VCID-utxw-251d-gfff
Aliases:
CVE-2014-3590
rhn_satellite_6: cross-site request forgery (CSRF) can force logout There are no reported fixed by versions.
VCID-w6f4-zp2b-7bbp
Aliases:
CVE-2016-3728
foreman: Missing input validation in Smart Proxy allows RCE via TFTP file variant parameter There are no reported fixed by versions.
VCID-yymw-3u57-4ueu
Aliases:
CVE-2015-5152
Foreman: API permits HTTP requests when require_ssl is enabled There are no reported fixed by versions.
VCID-zkgb-14kz-33dz
Aliases:
CVE-2013-4347
GHSA-rv8h-p43r-4x5r
PYSEC-2014-86
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:52:35.151256+00:00 RedHat Importer Affected by VCID-tbug-mv5x-uucb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4346.json 38.0.0
2026-04-01T14:51:35.095519+00:00 RedHat Importer Affected by VCID-zkgb-14kz-33dz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4347.json 38.0.0
2026-04-01T14:46:30.991798+00:00 RedHat Importer Affected by VCID-utxw-251d-gfff https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3590.json 38.0.0
2026-04-01T14:46:08.823487+00:00 RedHat Importer Affected by VCID-8wen-twwa-8khm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3653.json 38.0.0
2026-04-01T14:43:13.438426+00:00 RedHat Importer Affected by VCID-rc65-py17-kuhm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1816.json 38.0.0
2026-04-01T14:42:16.173898+00:00 RedHat Importer Affected by VCID-1yu9-avtx-cybv https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1844.json 38.0.0
2026-04-01T14:41:24.674413+00:00 RedHat Importer Affected by VCID-7f1h-1fw8-k7c4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3155.json 38.0.0
2026-04-01T14:40:41.781388+00:00 RedHat Importer Affected by VCID-sqjb-qpyd-p7gn https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3235.json 38.0.0
2026-04-01T14:40:18.607434+00:00 RedHat Importer Affected by VCID-yymw-3u57-4ueu https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5152.json 38.0.0
2026-04-01T14:40:02.493969+00:00 RedHat Importer Affected by VCID-sh6q-bacd-4fah https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5282.json 38.0.0
2026-04-01T14:37:17.860194+00:00 RedHat Importer Affected by VCID-j162-yzbc-cycs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3111.json 38.0.0
2026-04-01T14:37:16.177803+00:00 RedHat Importer Affected by VCID-qj42-dfhb-mqep https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3112.json 38.0.0
2026-04-01T14:37:14.529472+00:00 RedHat Importer Affected by VCID-b9ad-t22m-9ya8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3108.json 38.0.0
2026-04-01T14:37:12.819417+00:00 RedHat Importer Affected by VCID-pwuz-vu73-b7f2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3107.json 38.0.0
2026-04-01T14:36:40.771292+00:00 RedHat Importer Affected by VCID-w6f4-zp2b-7bbp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3728.json 38.0.0