Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat cloudforms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-0057
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote malicious users to execute arbitrary methods via unspecified vectors.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
6.8
CVSSv2
CVE-2013-6443
CloudForms 3.0 Management Engine prior to 5.2.1.6 allows remote malicious users to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
Redhat Cloudforms 3.0 Management Engine
7.5
CVSSv2
CVE-2013-2050
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter...
Redhat Cloudforms Management Engine 5.1
Redhat Manageiq Enterprise Virtualization Manager
2.1
CVSSv2
CVE-2012-6117
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
Redhat Cloudforms Cloud Engine
Redhat Cloudforms Cloud Engine 1.0
2.1
CVSSv2
CVE-2012-5509
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine prior to 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file.
Redhat Cloudforms Cloud Engine
Redhat Cloudforms Cloud Engine 1.0
4.3
CVSSv2
CVE-2012-5604
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote malicious users to bypass authentication via unspecified vectors.
Redhat Cloudforms 1.1
2.1
CVSSv2
CVE-2012-4574
Pulp in Red Hat CloudForms prior to 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
Redhat Cloudforms
5.5
CVSSv2
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms prior to 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID"...
Redhat Cloudforms
2.1
CVSSv2
CVE-2012-5605
Grinder in Red Hat CloudForms prior to 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
Redhat Cloudforms
3.3
CVSSv2
CVE-2012-3538
Pulp in Red Hat CloudForms prior to 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
Redhat Cloudforms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »