Search
Search Results (131 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 9.1 Critical |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | ||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 Medium |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | ||||
| CVE-2014-0197 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | 8.8 High |
| CFME: CSRF protection vulnerability via permissive check of the referrer header | ||||
| CVE-2014-0087 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | ||||
| CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | ||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | ||||
| CVE-2013-4423 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 5.5 Medium |
| CloudForms stores user passwords in recoverable format | ||||
| CVE-2013-2049 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
| Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret. | ||||
| CVE-2013-0186 | 1 Redhat | 3 Cloudforms, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0185 | 1 Redhat | 2 Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager | 2024-11-21 | N/A |
| Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. | ||||
| CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
| Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||