Filtered by vendor Redhat Subscriptions
Filtered by product Cloudforms Managementengine Subscriptions
Total 106 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-11358 11 Backdropcms, Debian, Drupal and 8 more 114 Backdrop, Debian Linux, Drupal and 111 more 2024-11-15 6.1 Medium
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2018-1053 4 Canonical, Debian, Postgresql and 1 more 6 Ubuntu Linux, Debian Linux, Postgresql and 3 more 2024-09-17 N/A
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file.
CVE-2018-1058 3 Canonical, Postgresql, Redhat 5 Ubuntu Linux, Postgresql, Cloudforms and 2 more 2024-09-17 8.8 High
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected.
CVE-2018-1101 1 Redhat 3 Ansible Tower, Cloudforms, Cloudforms Managementengine 2024-09-17 N/A
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system.
CVE-2018-1104 1 Redhat 3 Ansible Tower, Cloudforms, Cloudforms Managementengine 2024-09-16 N/A
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
CVE-2018-3760 3 Debian, Redhat, Sprockets Project 6 Debian Linux, Cloudforms, Cloudforms Managementengine and 3 more 2024-09-16 N/A
There is an information leak vulnerability in Sprockets. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower, 2.12.4 and lower. Specially crafted requests can be used to access files that exists on the filesystem that is outside an application's root directory, when the Sprockets server is used in production. All users running an affected release should either upgrade or use one of the work arounds immediately.
CVE-2012-6685 2 Nokogiri, Redhat 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more 2024-08-06 7.5 High
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2013-6443 1 Redhat 3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine 2024-08-06 N/A
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVE-2013-6417 2 Redhat, Rubyonrails 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more 2024-08-06 N/A
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
CVE-2013-4492 2 I18n Project, Redhat 2 I18n, Cloudforms Managementengine 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call.
CVE-2013-4423 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2024-08-06 5.5 Medium
CloudForms stores user passwords in recoverable format
CVE-2013-4389 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Opensuse, Cloudforms Managementengine and 1 more 2024-08-06 N/A
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
CVE-2013-4172 1 Redhat 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
CVE-2013-4164 2 Redhat, Ruby-lang 6 Cloudforms Managementengine, Enterprise Linux, Openstack and 3 more 2024-08-06 N/A
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse.
CVE-2013-2049 1 Redhat 2 Cloudforms Management Engine, Cloudforms Managementengine 2024-08-06 N/A
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
CVE-2013-2050 1 Redhat 3 Cloudforms Management Engine, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager 2024-08-06 N/A
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.
CVE-2013-1899 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2024-08-06 N/A
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).
CVE-2013-1900 3 Canonical, Postgresql, Redhat 4 Ubuntu Linux, Postgresql, Cloudforms Managementengine and 1 more 2024-08-06 N/A
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
CVE-2013-1901 3 Canonical, Postgresql, Redhat 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine 2024-08-06 N/A
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
CVE-2013-0185 1 Redhat 2 Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager 2024-08-06 N/A
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.