Vulnerabilities > Redhat > Cloudforms > 4.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000544 | Unrestricted Upload of File with Dangerous Type vulnerability in multiple products rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. | 9.8 |
| 2018-05-31 | CVE-2018-11627 | Cross-site Scripting vulnerability in multiple products Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception. | 6.1 |
| 2018-05-02 | CVE-2018-1104 | Code Injection vulnerability in Redhat Ansible Tower Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server. | 8.8 |
| 2018-05-02 | CVE-2018-1101 | Weak Password Requirements vulnerability in Redhat Ansible Tower Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. | 7.2 |
| 2018-03-13 | CVE-2018-7750 | Improper Authentication vulnerability in multiple products transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. | 9.8 |
| 2018-03-02 | CVE-2018-1058 | A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. | 8.8 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 7.0 |