RHSA-2012:1542Medium

Red Hat Security Advisory: CloudForms Commons 1.1 security update

Published
December 4, 2012
Last Modified
June 27, 2026

🔗 CVE IDs covered (16)

📋 Description

CVE-2012-1986 — puppet: Filebucket arbitrary file read CVE-2012-1987 — puppet: Filebucket denial of service CVE-2012-1988 — puppet: Filebucket arbitrary code execution CVE-2012-2139 — rubygem-mail: directory traversal CVE-2012-2140 — rubygem-mail: arbitrary command execution when using exim or sendmail from commandline CVE-2012-2660 — rubygem-actionpack: Unsafe query generation CVE-2012-2661 — rubygem-activerecord: SQL injection when processing nested query paramaters CVE-2012-2694 — rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660) CVE-2012-2695 — rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661) CVE-2012-3424 — rubygem-actionpack: DoS vulnerability in authenticate_or_request_with_http_digest CVE-2012-3463 — rubygem-actionpack: potential XSS vulnerability in select_tag prompt CVE-2012-3464 — rubygem-actionpack: potential XSS vulnerability CVE-2012-3465 — rubygem-actionpack: XSS Vulnerability in strip_tags CVE-2012-3864 — puppet: authenticated clients allowed to read arbitrary files from the puppet master CVE-2012-3865 — puppet: authenticated clients allowed to delete arbitrary files on the puppet master CVE-2012-3867 — puppet: insufficient validation of agent names in CN of SSL certificate requests

🔗 References (18)