MidnightBSD

Advisories for vladtheenterprising_project

CVE-2014-4995 LOW

Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to obtain sensitive information by reading the MySQL root password from a temporary file before it is removed.

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,CWE-362,

Products Affected

Vendor Product Version
vladtheenterprising_project vladtheenterprising 0.2.0
CVE-2014-4996 LOW

lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby allows local users to write to arbitrary files via a symlink attack on /tmp/my.cnf.#{target_host}.

CVSS 2.0

Severity: LOW

Problem Type: CWE-59,

Products Affected

Vendor Product Version
vladtheenterprising_project vladtheenterprising 0.2.0