Vulnerabilities > Redhat > Cloudforms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-25 | CVE-2019-16892 | In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. | 5.5 |
| 2019-06-14 | CVE-2019-10159 | Improper Authorization vulnerability in Redhat Cfme-Gemset and Cloudforms cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. | 4.3 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
| 2019-03-27 | CVE-2019-5419 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive. | 7.5 |
| 2019-03-27 | CVE-2019-5418 | There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. | 7.5 |
| 2018-11-30 | CVE-2018-16476 | Deserialization of Untrusted Data vulnerability in multiple products A Broken Access Control vulnerability in Active Job versions >= 4.2.0 allows an attacker to craft user input which can cause Active Job to deserialize it using GlobalId and give them access to information that they should not have. | 5.0 |
| 2018-10-31 | CVE-2016-5402 | Code Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine A code injection flaw was found in the way capacity and utilization imported control files are processed. | 8.8 |
| 2018-09-11 | CVE-2016-7047 | Information Exposure vulnerability in Redhat Cloudforms and Cloudforms Management Engine A flaw was found in the CloudForms API before 5.6.3.0, 5.7.3.1 and 5.8.1.2. | 4.3 |
| 2018-09-10 | CVE-2016-7071 | Improper Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. | 8.8 |
| 2018-07-27 | CVE-2017-2632 | Incorrect Authorization vulnerability in Redhat Cloudforms and Cloudforms Management Engine A logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. | 4.0 |