Filtered by vendor Redhat
Subscriptions
Filtered by product Cloudforms Managementengine
Subscriptions
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7814 | 1 Redhat | 2 Cloudforms 3.1 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | ||||
| CVE-2014-0066 | 2 Postgresql, Redhat | 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly check the return value of the crypt library function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors. | ||||
| CVE-2014-0078 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | ||||
| CVE-2015-3448 | 2 Redhat, Rest-client Project | 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more | 2025-04-12 | N/A |
| REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2014-0180 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| The wait_for_task function in app/controllers/application_controller.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via unspecified vectors. | ||||
| CVE-2014-3642 | 1 Redhat | 7 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 4 more | 2025-04-12 | N/A |
| vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method." | ||||
| CVE-2014-0130 | 3 Redhat, Rhel Sam, Rubyonrails | 6 Cloudforms Managementengine, Enterprise Linux Server, Rhel Software Collections and 3 more | 2025-04-12 | 7.5 High |
| Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | ||||
| CVE-2014-0136 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors. | ||||
| CVE-2014-0176 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in application/panel_control in CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2014-0140 | 1 Redhat | 7 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 4 more | 2025-04-12 | N/A |
| Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request. | ||||
| CVE-2014-0057 | 1 Redhat | 3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors. | ||||
| CVE-2016-5383 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2025-04-12 | N/A |
| The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | ||||
| CVE-2013-6443 | 1 Redhat | 3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-11 | N/A |
| CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request. | ||||
| CVE-2013-6417 | 2 Redhat, Rubyonrails | 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | ||||
| CVE-2013-4492 | 2 I18n Project, Redhat | 2 I18n, Cloudforms Managementengine | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call. | ||||
| CVE-2014-0082 | 2 Redhat, Rubyonrails | 4 Cloudforms Managementengine, Rhel Software Collections, Rails and 1 more | 2025-04-11 | N/A |
| actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers. | ||||
| CVE-2014-0081 | 4 Opensuse, Opensuse Project, Redhat and 1 more | 8 Opensuse, Opensuse, Cloudforms and 5 more | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper. | ||||
| CVE-2013-1901 | 3 Canonical, Postgresql, Redhat | 3 Ubuntu Linux, Postgresql, Cloudforms Managementengine | 2025-04-11 | N/A |
| PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. | ||||
| CVE-2013-4389 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Cloudforms Managementengine and 1 more | 2025-04-11 | N/A |
| Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. | ||||
| CVE-2013-4172 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2025-04-11 | N/A |
| The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors. | ||||