Filtered by vendor Redhat Subscriptions
Filtered by product Cloudforms Managementengine Subscriptions
Total 106 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0062 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2024-08-06 N/A
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.
CVE-2014-0060 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2024-08-06 N/A
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
CVE-2014-0078 1 Redhat 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2024-08-06 N/A
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
CVE-2014-0064 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2024-08-06 N/A
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
CVE-2014-0087 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action.
CVE-2014-0063 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2024-08-06 N/A
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065.
CVE-2014-0082 2 Redhat, Rubyonrails 4 Cloudforms Managementengine, Rhel Software Collections, Rails and 1 more 2024-08-06 N/A
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.
CVE-2015-7502 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.
CVE-2015-3448 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2024-08-06 N/A
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
CVE-2015-1820 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2024-08-06 N/A
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
CVE-2016-10735 2 Getbootstrap, Redhat 9 Bootstrap, Cloudforms Managementengine, Enterprise Linux and 6 more 2024-08-06 N/A
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CVE-2016-7071 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM.
CVE-2016-7047 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access.
CVE-2016-7040 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections.
CVE-2016-5383 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2024-08-06 N/A
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
CVE-2016-5402 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as.
CVE-2016-4471 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2024-08-06 N/A
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
CVE-2016-4457 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate.
CVE-2017-1000385 3 Debian, Erlang, Redhat 4 Debian Linux, Erlang\/otp, Cloudforms Managementengine and 1 more 2024-08-05 N/A
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack).
CVE-2017-15125 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-08-05 N/A
A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP.