Vulnerabilities > Redhat > Cloudforms > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-11 | CVE-2020-10777 | Cross-site Scripting vulnerability in Redhat Cloudforms 4.7/5.0.0 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. | 3.5 |
| 2018-02-09 | CVE-2018-1053 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. | 3.3 |
| 2013-01-04 | CVE-2012-3538 | Credentials Management vulnerability in Redhat Cloudforms 1.0 Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | 3.3 |
| 2013-01-04 | CVE-2012-4574 | Credentials Management vulnerability in Redhat Cloudforms 1.0 Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. | 2.1 |
| 2013-01-04 | CVE-2012-5605 | Permissions, Privileges, and Access Controls vulnerability in Redhat Cloudforms 1.0 Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | 2.1 |