Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2018-01-10 CVE-2014-5001 Information Exposure vulnerability in Kcapifony Project Kcapifony 2.1.6
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.
local
low complexity
kcapifony-project CWE-200
7.8
2018-01-10 CVE-2014-5000 Information Exposure vulnerability in Lawn-Login Project Lawn-Login 0.0.7
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
lawn-login-project CWE-200
7.8
2018-01-10 CVE-2014-4999 Information Exposure vulnerability in Kajam Project Kajam 1.0.3
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
local
low complexity
kajam-project CWE-200
7.8
2018-01-10 CVE-2014-4998 Information Exposure vulnerability in Lean-Ruport Project Lean-Ruport 0.3.8
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
lean-ruport-project CWE-200
7.8
2018-01-10 CVE-2014-4997 Information Exposure vulnerability in Point-Cli Project Point-Cli 0.0.1
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
point-cli-project CWE-200
7.8
2018-01-10 CVE-2014-4995 Race Condition vulnerability in Vladtheenterprising Project Vladtheenterprising 0.2.0
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
local
high complexity
vladtheenterprising-project CWE-362
7.0
2018-01-10 CVE-2014-4993 Information Exposure vulnerability in multiple products
(1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and (2) lib/backup/cli/utility.rb in the backup_checksum gem 3.0.23 for Ruby place credentials on the openssl command line, which allows local users to obtain sensitive information by listing the process.
7.8
2018-01-10 CVE-2014-4992 Information Exposure vulnerability in Cap-Strap Project Cap-Strap 0.1.5
lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places credentials on the useradd command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
cap-strap-project CWE-200
7.8
2018-01-10 CVE-2014-4991 Information Exposure vulnerability in Codders-Dataset Project Codders-Dataset 1.3.2.1
(1) lib/dataset/database/mysql.rb and (2) lib/dataset/database/postgresql.rb in the codders-dataset gem 1.3.2.1 for Ruby place credentials on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
local
low complexity
codders-dataset-project CWE-200
7.8
2018-01-10 CVE-2017-7536 Unsafe Reflection vulnerability in Redhat products
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur.
local
high complexity
redhat CWE-470
7.0