Vulnerabilities > Redhat > Cloudforms > Critical

DATE CVE VULNERABILITY TITLE RISK
2020-08-11 CVE-2020-14325 Unspecified vulnerability in Redhat Cloudforms
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles.
network
low complexity
redhat
critical
9.1
2018-06-26 CVE-2018-1000544 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem.
network
low complexity
rubyzip-project debian redhat CWE-434
critical
9.8
2018-03-13 CVE-2018-7750 Improper Authentication vulnerability in multiple products
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open.
network
low complexity
paramiko redhat debian CWE-287
critical
9.8