Vulnerabilities > Redhat > Cloudforms Management Engine
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-1739 | Information Exposure vulnerability in multiple products A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. | 3.9 |
| 2020-03-11 | CVE-2020-1733 | Race Condition vulnerability in multiple products A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. | 5.0 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
| 2020-01-02 | CVE-2019-14864 | Improper Output Neutralization for Logs vulnerability in multiple products Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. | 4.0 |
| 2019-12-15 | CVE-2014-3536 | Information Exposure Through Log Files vulnerability in Redhat Cloudforms Management Engine 5.0 CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | 2.1 |
| 2019-12-13 | CVE-2014-0197 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Cloudforms and Cloudforms Management Engine CFME: CSRF protection vulnerability via permissive check of the referrer header | 8.8 |
| 2019-11-22 | CVE-2018-10854 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 4.7/5.8/5.9 cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. | 5.4 |
| 2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 4.3 |
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 4.3 |
| 2019-06-27 | CVE-2019-10177 | Cross-site Scripting vulnerability in Redhat Cloudforms Management Engine 5.10/5.9 A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. | 4.9 |