Cern
Products
3- Rucio2 CVEspypi
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1000203 | Hig | 0.58 | 8.8 | 0.04 | Nov 17, 2017 | ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution | ||
| CVE-2026-29090 | Hig | 0.50 | 8.8 | 0.00 | May 6, 2026 | ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database… | ||
| CVE-2026-29080 | Hig | 0.50 | 8.8 | 0.00 | May 6, 2026 | A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys… | ||
| CVE-2000-0079 | 0.00 | — | 0.02 | Jan 18, 2000 | The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. |
- risk 0.58cvss 8.8epss 0.04
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
- risk 0.50cvss 8.8epss 0.00
### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database…
- risk 0.50cvss 8.8epss 0.00
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys…
- CVE-2000-0079Jan 18, 2000risk 0.00cvss —epss 0.02
The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL.