Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat cloudforms vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2014-3536
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
Redhat Cloudforms Management Engine 5.0
7.8
CVSSv2
CVE-2019-5419
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
Rubyonrails Rails
Debian Debian Linux 8.0
Redhat Software Collections 1.0
Redhat Cloudforms 4.6
Redhat Cloudforms 4.7
Opensuse Leap 15.0
Opensuse Leap 15.1
Fedoraproject Fedora 30
3 Github repositories
2.6
CVSSv2
CVE-2020-1738
A flaw was found in Ansible Engine when the module package or service is used and the parameter 'use' is not specified. If a previous task is executed with a malicious user, the module sent can be selected by the attacker using the ansible facts file. All versions in 2....
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
7.5
CVSSv2
CVE-2013-2050
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter...
Redhat Cloudforms Management Engine 5.1
Redhat Manageiq Enterprise Virtualization Manager
2.1
CVSSv2
CVE-2020-1736
A flaw was found in Ansible Engine when a file is moved using atomic_move primitive as the file mode cannot be specified. This sets the destination files world-readable if the destination file does not exist and if the file exists, the file could be changed to have less restricti...
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2012-6685
Nokogiri prior to 1.5.4 is vulnerable to XXE attacks
Nokogiri Nokogiri
Redhat Cloudforms Management Engine 5.0
Redhat Enterprise Mrg 2.0
Redhat Openshift 2.0
Redhat Openstack 4.0
Redhat Openstack 6.0
Redhat Openstack Foreman -
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
1 Article
3.6
CVSSv2
CVE-2020-1735
A flaw was found in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then choose a new destination path on the controller node. All versions in 2.7.x, 2.8.x and 2.9.x branches are believed to be vulnerable.
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Openstack 13
Redhat Ansible
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.6
CVSSv2
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x prior to 2.9.3, 2.8.x prior to 2.8.8, 2.7.x prior to 2.7.16 and previous versions, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craf...
Redhat Ansible Engine
Redhat Cloudforms Management Engine 5.0
Redhat Ceph Storage 3.0
Redhat Ansible Tower 3.0.0
Redhat Openstack 13
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
3.7
CVSSv2
CVE-2020-1733
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is cr...
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Ansible
Redhat Openstack 13
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 8.0
Debian Debian Linux 10.0
1 Github repository
1.9
CVSSv2
CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file...
Redhat Cloudforms Management Engine 5.0
Redhat Ansible Tower
Redhat Openstack 13
Redhat Ansible
Debian Debian Linux 8.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »