Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In January 2018
CVE-2014-4995
Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.
CVSS Score
7.0
EPSS Score
0.001
Published
2018-01-10
CVE-2014-4996
lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-01-10
CVE-2014-4997
lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-4998
test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the mysql user password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-4999
vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem 1.0.3.rc2 for Ruby places the mysql user password on the (1) mysqldump command line in the capture function and (2) mysql command line in the restore function, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-5000
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-5001
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensitive information by listing the processes.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-5002
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10
CVE-2014-5003
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlbrew-installer.
CVSS Score
5.5
EPSS Score
0.001
Published
2018-01-10
CVE-2014-5004
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved