RSS   Vulnerabilities for 'Cloudforms'   RSS

2017-06-08
 
CVE-2016-4471

 

 
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.

 
2016-08-26
 
CVE-2016-5383

 

 
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."

 
2016-04-11
 
CVE-2015-7502

 

 
Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users to obtain sensitive data and consequently gain privileges by leveraging access to (1) database exports or (2) log files.

 
2014-03-18
 
CVE-2014-0057

CWE-94
 

 
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors.

 
2014-02-20
 
CVE-2014-0081

 

 
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.

 
2014-01-22
 
CVE-2013-6443

CWE-352
 

 
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.

 
2013-03-01
 
CVE-2012-5604

 

 
The ldap_fluff gem for Ruby, as used in Red Hat CloudFroms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors.

 
2013-01-04
 
CVE-2012-5605

CWE-264
 

 
Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.

 
 
CVE-2012-5603

 

 
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.

 
 
CVE-2012-4574

CWE-255
 

 
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.

 


Copyright 2018, cxsecurity.com

 

Back to Top