Check CVE Id
Check CWE Id
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
(Permissions, Privileges, and Access Controls)
Cloudforms 3.0.5 management engine
Cloudforms 3.0.4 management engine
Cloudforms 3.0.3 management engine
Cloudforms 3.0.2 management engine
Cloudforms 3.0.1 management engine
Cloudforms 3.0 management engine
CVSS Base Score
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
OpenShift Origin: Improperly validated team names could allow stored XSS attacks
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Back to Top