Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudforms vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-14369
This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by craftin...
Redhat Cloudforms
187
VMScore
CVE-2012-5605
Grinder in Red Hat CloudForms prior to 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files.
Redhat Cloudforms
294
VMScore
CVE-2012-3538
Pulp in Red Hat CloudForms prior to 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
Redhat Cloudforms
490
VMScore
CVE-2012-5603
proxies_controller.rb in Katello in Red Hat CloudForms prior to 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID"...
Redhat Cloudforms
490
VMScore
CVE-2020-25716
A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-1...
Redhat Cloudforms
383
VMScore
CVE-2012-5604
The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote malicious users to bypass authentication via unspecified vectors.
Redhat Cloudforms 1.1
187
VMScore
CVE-2013-4423
CloudForms stores user passwords in recoverable format
Redhat Cloudforms 3.0
578
VMScore
CVE-2020-14324
A high severity vulnerability was found in all active versions of Red Hat CloudForms prior to 5.11.7.0. The out of band OS command injection vulnerability can be exploited by authenticated attacker while setuping conversion host through Infrastructure Migration Solution. This fla...
Redhat Cloudforms Management Engine
445
VMScore
CVE-2017-15123
A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created v...
Redhat Cloudforms Management Engine
632
VMScore
CVE-2019-16892
In Rubyzip prior to 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows malicious users to cause a denial of service (disk consumption).
Rubyzip Project Rubyzip
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Redhat Cloudforms 4.7
Redhat Cloudforms 5.11
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »