Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudforms vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2012-5605
Grinder in Red Hat CloudForms prior to 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
Redhat Cloudforms
5.5
CVSSv2
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms prior to 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID"...
Redhat Cloudforms
3.3
CVSSv2
CVE-2012-3538
Pulp in Red Hat CloudForms prior to 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
Redhat Cloudforms
6.8
CVSSv2
CVE-2020-14369
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by craftin...
Redhat Cloudforms
6.4
CVSSv2
CVE-2020-14325
Red Hat CloudForms prior to 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious malicious user to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator,...
Redhat Cloudforms
2.1
CVSSv2
CVE-2013-4423
CloudForms stores user passwords in recoverable format
Redhat Cloudforms 3.0
4.3
CVSSv2
CVE-2012-5604
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote malicious users to bypass authentication via unspecified vectors.
Redhat Cloudforms 1.1
7.1
CVSSv2
CVE-2019-16892
In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).
Rubyzip Project Rubyzip
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Cloudforms 4.7
Redhat Cloudforms 5.11
6.5
CVSSv2
CVE-2020-14324
A high severity vulnerability was found in all active versions of Red Hat CloudForms prior to 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This fla...
Redhat Cloudforms Management Engine
5
CVSSv2
CVE-2017-15123
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created v...
Redhat Cloudforms Management Engine
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »