Vulnerabilities > Redhat > Cloudforms > High

DATE CVE VULNERABILITY TITLE RISK
2018-07-26 CVE-2017-7530 Unspecified vulnerability in Redhat Cloudforms and Cloudforms Management Engine
In CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users.
network
low complexity
redhat
8.8
2018-07-24 CVE-2018-10905 OS Command Injection vulnerability in Redhat Cloudforms and Cloudforms Management Engine
CloudForms Management Engine (cfme) is vulnerable to an improper security setting in the dRuby component of CloudForms.
local
low complexity
redhat CWE-78
7.8
2018-06-26 CVE-2018-3760 Information Exposure vulnerability in multiple products
There is an information leak vulnerability in Sprockets.
network
low complexity
redhat sprockets-project debian CWE-200
7.5
2018-05-02 CVE-2018-1104 Code Injection vulnerability in Redhat Ansible Tower
Ansible Tower through version 3.2.3 has a vulnerability that allows users only with access to define variables for a job template to execute arbitrary code on the Tower server.
network
low complexity
redhat CWE-94
8.8
2018-05-02 CVE-2018-1101 Weak Password Requirements vulnerability in Redhat Ansible Tower
Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation.
network
low complexity
redhat CWE-521
7.2
2018-03-02 CVE-2018-1058 A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users.
network
low complexity
postgresql canonical redhat
8.8
2018-02-28 CVE-2017-12191 Unspecified vulnerability in Redhat Cloudforms 4.5
A flaw was found in the CloudForms account configuration when using VMware.
network
low complexity
redhat
7.4
2018-02-09 CVE-2018-1053 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files.
local
high complexity
postgresql debian canonical redhat CWE-732
7.0
2017-08-23 CVE-2017-11610 Incorrect Default Permissions vulnerability in multiple products
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups.
network
low complexity
supervisord fedoraproject debian redhat CWE-276
8.8
2017-06-08 CVE-2016-4471 Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
network
low complexity
redhat CWE-264
8.8