Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat cloudforms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-2639
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an malicious user to spoof RHEV or OpenShift systems and po...
Redhat Cloudforms 4.5
Redhat Cloudforms Management Engine 5.8
6.5
CVSSv3
CVE-2017-2664
CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails application portion of CloudForms to escalate...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.6
Redhat Cloudforms 4.2
8.8
CVSSv3
CVE-2017-7530
In CloudForms Management Engine (cfme) prior to 5.7.3 and 5.8.x prior to 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execut...
Redhat Cloudforms Management Engine
Redhat Cloudforms 4.5
6.1
CVSSv3
CVE-2018-11627
Sinatra prior to 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
Sinatrarb Sinatra
Redhat Cloudforms 4.7
Redhat Cloudforms 4.6
7.5
CVSSv3
CVE-2013-2049
Red Hat CloudForms 2 Management Engine (CFME) allows remote malicious users to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
Redhat Cloudforms Management Engine 2.0
5.6
CVSSv3
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308
Intel Atom C C2316
Intel Atom C C2338
Intel Atom C C2350
Intel Atom C C2358
Intel Atom C C2508
Intel Atom C C2516
Intel Atom C C2518
Intel Atom C C2530
Intel Atom C C2538
Intel Atom C C2550
Intel Atom C C2558
Intel Atom C C2718
Intel Atom C C2730
Intel Atom C C2738
Intel Atom C C2750
Intel Atom C C2758
Intel Atom C C3308
Intel Atom C C3338
Intel Atom C C3508
Intel Atom C C3538
Intel Atom C C3558
1 EDB exploit
42 Github repositories
9 Articles
5.6
CVSSv3
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Intel Pentium N N3700
Intel Pentium N N3710
Intel Celeron N N3000
Intel Celeron N N3010
Intel Celeron N N3050
Intel Celeron N N2930
Intel Celeron N N2920
Intel Celeron N N2808
Intel Celeron N N2807
Intel Celeron J J3060
Intel Celeron J J1900
Intel Atom X3 C3295rk
Intel Atom X3 C3235rk
Intel Atom Z Z3775d
Intel Atom Z Z3775
Intel Atom Z Z3736f
Intel Atom Z Z3735g
Intel Atom Z Z3560
Intel Atom Z Z3530
Intel Atom Z Z2480
Intel Atom Z Z2460
Intel Atom C C3308
41 Github repositories
8 Articles
5.6
CVSSv3
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Atom C C2308
Intel Atom C C2316
Intel Atom C C2338
Intel Atom C C2350
Intel Atom C C2358
Intel Atom C C2508
Intel Atom C C2516
Intel Atom C C2518
Intel Atom C C2530
Intel Atom C C2538
Intel Atom C C2550
Intel Atom C C2558
Intel Atom C C2718
Intel Atom C C2730
Intel Atom C C2738
Intel Atom C C2750
Intel Atom C C2758
Intel Atom C C3308
Intel Atom C C3338
Intel Atom C C3508
Intel Atom C C3538
Intel Atom C C3558
1 EDB exploit
47 Github repositories
9 Articles
6.5
CVSSv3
CVE-2014-7813
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack of garbage collection of inserted symbols.
Redhat Cloudforms 3.0 Management Engine -
NA
CVE-2014-0136
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote malicious users to insert arbitrary text into log files via unspecified vectors.
Redhat Cloudforms 3.0 Management Engine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »