Vulnerabilities > Redhat > Cloudforms Management Engine

DATE CVE VULNERABILITY TITLE RISK
2020-03-12 CVE-2020-1739 A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node.
local
low complexity
redhat fedoraproject debian
3.9
2020-03-11 CVE-2020-1733 Race Condition vulnerability in multiple products
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user.
local
high complexity
redhat fedoraproject debian CWE-362
5.0
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
2020-01-02 CVE-2019-14864 Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors.
network
low complexity
redhat debian opensuse
6.5
2019-12-15 CVE-2014-3536 Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
local
low complexity
redhat CWE-532
5.5
2019-12-13 CVE-2014-0197 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CFME: CSRF protection vulnerability via permissive check of the referrer header
network
low complexity
redhat CWE-352
8.8
2019-11-22 CVE-2018-10854 Unspecified vulnerability in Redhat Cloudforms Management Engine 4.7/5.8/5.9
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting.
network
low complexity
redhat
5.4
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-06-27 CVE-2019-10177 Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 5.10/5.9
A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized.
network
low complexity
redhat CWE-79
6.5