Vulnerabilities > Redhat > Cloudforms > 4.6

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000544 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
network
low complexity
rubyzip-project debian redhat CWE-434
critical
9.8
2018-05-31 CVE-2018-11627 Cross-site Scripting vulnerability in multiple products
Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.
network
low complexity
sinatrarb redhat CWE-79
6.1
2018-05-02 CVE-2018-1104 Code Injection vulnerability in Redhat Ansible Tower
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
network
low complexity
redhat CWE-94
8.8
2018-05-02 CVE-2018-1101 Weak Password Requirements vulnerability in Redhat Ansible Tower
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation.
network
low complexity
redhat CWE-521
7.2
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
critical
9.8
2018-03-02 CVE-2018-1058 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users.
network
low complexity
postgresql canonical redhat
8.8
2018-02-09 CVE-2018-1053 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files.
local
high complexity
postgresql debian canonical redhat CWE-732
7.0