Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat cloudforms 3.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-0057
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote malicious users to execute arbitrary methods via unspecified vectors.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
605
VMScore
CVE-2014-0197
CFME: CSRF protection vulnerability via permissive check of the referrer header
Redhat Cloudforms 3.0
Redhat Cloudforms Management Engine
605
VMScore
CVE-2013-6443
CloudForms 3.0 Management Engine prior to 5.2.1.6 allows remote malicious users to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
Redhat Cloudforms 3.0
Redhat Cloudforms 3.0 Management Engine 5.2
Redhat Cloudforms 3.0 Management Engine
488
VMScore
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Intel Core I7 4900mq
Intel Core I7 4910mq
Intel Core I7 4950hq
Intel Core I7 4960hq
Intel Core I7 4980hq
Intel Core I7 4800mq
Intel Core I7 4810mq
Intel Core I7 4850hq
Intel Core I7 4860hq
Intel Core I7 4870hq
Intel Core I7 4700ec
Intel Core I7 4700eq
Intel Core I7 4700hq
Intel Core I7 4700mq
Intel Core I7 4702ec
Intel Core I7 4702hq
Intel Core I7 4702mq
Intel Core I7 4710hq
Intel Core I7 4710mq
Intel Core I7 4712hq
Intel Core I7 4712mq
Intel Core I7 4720hq
1 EDB exploit
42 Github repositories
9 Articles
445
VMScore
CVE-2014-0136
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote malicious users to insert arbitrary text into log files via unspecified vectors.
Redhat Cloudforms 3.0 Management Engine
430
VMScore
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
Intel Core I7 4900mq
Intel Core I7 4910mq
Intel Core I7 4950hq
Intel Core I7 4960hq
Intel Core I7 4980hq
Intel Core I7 4800mq
Intel Core I7 4810mq
Intel Core I7 4850hq
Intel Core I7 4860hq
Intel Core I7 4870hq
Intel Core I7 4700ec
Intel Core I7 4700eq
Intel Core I7 4700hq
Intel Core I7 4700mq
Intel Core I7 4702ec
Intel Core I7 4702hq
Intel Core I7 4702mq
Intel Core I7 4710hq
Intel Core I7 4710mq
Intel Core I7 4712hq
Intel Core I7 4712mq
Intel Core I7 4720hq
41 Github repositories
8 Articles
409
VMScore
CVE-2019-14905
A vulnerability was found in Ansible Engine versions 2.9.x prior to 2.9.3, 2.8.x prior to 2.8.8, 2.7.x prior to 2.7.16 and previous versions, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices. Malicious code could craf...
Redhat Ansible Engine
Redhat Cloudforms Management Engine 5.0
Redhat Ceph Storage 3.0
Redhat Ansible Tower 3.0.0
Redhat Openstack 13
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
383
VMScore
CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
383
VMScore
CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
383
VMScore
CVE-2013-0186
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Redhat Cloudforms 3.0
Redhat Manageiq Enterprise Virtualization Manager -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »