Vulnerabilities > Redhat > Cloudforms

DATE CVE VULNERABILITY TITLE RISK
2019-09-25 CVE-2019-16892 In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed.
local
low complexity
rubyzip-project fedoraproject redhat
5.5
2019-06-14 CVE-2019-10159 Unspecified vulnerability in Redhat Cfme-Gemset and Cloudforms
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller.
network
low complexity
redhat
4.3
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2019-03-27 CVE-2019-5419 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.
7.5
2019-03-27 CVE-2019-5418 There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. 7.5
2018-11-30 CVE-2018-16476 Deserialization of Untrusted Data vulnerability in multiple products
A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have.
network
low complexity
rubyonrails redhat CWE-502
7.5
2018-10-31 CVE-2016-5402 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A code injection flaw was found in the way capacity and utilization imported control files are processed.
network
low complexity
redhat
8.8
2018-09-11 CVE-2016-7047 Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2.
network
low complexity
redhat CWE-200
4.3
2018-09-10 CVE-2016-7071 Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users.
network
low complexity
redhat CWE-285
8.8
2018-07-27 CVE-2017-2632 Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine
A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have.
network
low complexity
redhat CWE-863
4.9