Filtered by vendor Redhat
Subscriptions
Filtered by product Cloudforms
Subscriptions
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-7047 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access. | ||||
CVE-2016-5383 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-06 | N/A |
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | ||||
CVE-2016-5402 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. | ||||
CVE-2016-4471 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-06 | N/A |
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | ||||
CVE-2017-12191 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-05 | N/A |
A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to. | ||||
CVE-2017-12148 | 1 Redhat | 3 Ansible Tower, Cloudforms, Cloudforms Managementengine | 2024-08-05 | N/A |
A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as. | ||||
CVE-2017-11610 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Cloudforms and 2 more | 2024-08-05 | N/A |
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | ||||
CVE-2017-7530 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to (e.g. destroying VMs). | ||||
CVE-2017-2664 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate privileges. | ||||
CVE-2017-2653 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
A number of unused delete routes are present in CloudForms before 5.7.2.1 which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protect_from_forgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting or similar attacks in order to execute. | ||||
CVE-2017-2639 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and potentially harvest sensitive information from CloudForms. | ||||
CVE-2017-2632 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges. | ||||
CVE-2018-1000544 | 3 Debian, Redhat, Rubyzip Project | 4 Debian Linux, Cloudforms, Cloudforms Managementengine and 1 more | 2024-08-05 | 9.8 Critical |
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem.. | ||||
CVE-2018-16476 | 2 Redhat, Rubyonrails | 3 Cloudforms, Cloudforms Managementengine, Rails | 2024-08-05 | N/A |
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. This vulnerability has been fixed in versions 4.2.11, 5.0.7.1, 5.1.6.1, and 5.2.1.1. | ||||
CVE-2018-11627 | 2 Redhat, Sinatrarb | 3 Cloudforms, Cloudforms Managementengine, Sinatra | 2024-08-05 | N/A |
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | ||||
CVE-2018-10905 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-08-05 | N/A |
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user. | ||||
CVE-2018-10855 | 3 Canonical, Debian, Redhat | 8 Ubuntu Linux, Debian Linux, Ansible Engine and 5 more | 2024-08-05 | 5.9 Medium |
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. | ||||
CVE-2018-7750 | 3 Debian, Paramiko, Redhat | 18 Debian Linux, Paramiko, Ansible Engine and 15 more | 2024-08-05 | 9.8 Critical |
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. | ||||
CVE-2019-16892 | 3 Fedoraproject, Redhat, Rubyzip Project | 4 Fedora, Cloudforms, Cloudforms Managementengine and 1 more | 2024-08-05 | 5.5 Medium |
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). | ||||
CVE-2019-11358 | 11 Backdropcms, Debian, Drupal and 8 more | 114 Backdrop, Debian Linux, Drupal and 111 more | 2024-08-04 | 6.1 Medium |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |