Lucene search
K

677 matches found

Cvelist
Cvelist
added 2013/01/04 10:0 p.m.37 views

CVE-2012-5603

proxiescontroller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system...

6.2AI score0.01042EPSS
Exploits0References8
Cvelist
Cvelist
added 2013/01/04 10:0 p.m.33 views

CVE-2012-4574

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...

6.2AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2013/01/04 10:0 p.m.66 views

CVE-2012-4574

CVE-2012-4574 affects Red Hat CloudForms with the Pulp component. The issue arises because the Pulp configuration file, pulp.conf, was installed with world-readable permissions, allowing local users to read the administrative password. The RHSA-2012:1543 update for CloudForms System Engine 1.1 fi...

2.1CVSS6.3AI score0.00361EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2013/01/04 10:0 p.m.68 views

CVE-2012-5603

CVE-2012-5603 affects Red Hat CloudForms (Katello component) prior to CloudForms 1.1. The issue is an insufficient permission check in proxies_controller.rb, enabling an authenticated remote attacker to read consumer certificates or alter other users’ settings by abusing the target system UUID. T...

5.5CVSS6.2AI score0.01042EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2013/01/04 10:0 p.m.61 views

CVE-2012-3538

CVE-2012-3538 affects Red Hat CloudForms (System Engine) 1.1 and is caused by Pulp logging administrative passwords to a world-readable log file (production.log). This local, file-based disclosure allows a user with access to the log to read administrative credentials and potentially take control...

3.3CVSS6.1AI score0.00638EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2013/01/04 10:0 p.m.65 views

CVE-2012-5605

CVE-2012-5605 affects Red Hat CloudForms System Engine prior to version 1.1. The issue arises from grinder cache in /var/lib/pulp/cache/grinder/ using world-writable permissions, enabling local attackers to read or modify grinder cache files. The RHSA-2012:1543 advisory documents this vulnerabili...

2.1CVSS6.2AI score0.00358EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2013/01/04 10:0 p.m.37 views

CVE-2012-3538

Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log...

6.1AI score0.00638EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2012/12/04 7:32 p.m.5 views

pulp /etc/pulp/pulp.conf world readable, contains default admin password

Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file...

2.1CVSS5.8AI score0.00361EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 7:32 p.m.3 views

grinder: /var/lib/pulp/cache/grinder directory is world-writeable

Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files...

2.1CVSS5.8AI score0.00358EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/12/04 7:32 p.m.64 views

Important: Red Hat Security Advisory: CloudForms System Engine 1.1 update

Updated CloudForms System Engine packages that fix multiple security issues, several bugs, and add enhancements are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detaile...

5.5CVSS6AI score0.01042EPSS
Exploits0References232
RedHat Linux
RedHat Linux
added 2012/12/04 7:24 p.m.4 views

Moderate: Red Hat Security Advisory: CloudForms Commons 1.1 security update

Updated CloudForms Commons packages that fix several security issues are now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each...

7.5CVSS7AI score0.04923EPSS
Exploits14References16
RubySec
RubySec
added 2012/12/04 12:0 a.m.24 views

CVE-2012-5604 rubygem-ldap_fluff: CloudForms authentication bypass when handling anonymous LDAP bind

The ldapfluff gem for Ruby, as used in Red Hat CloudForms 1.1, when using Active Directory for authentication, allows remote attackers to bypass authentication via unspecified vectors...

4.3CVSS6.2AI score0.01209EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2012/08/25 10:0 a.m.34 views

CVE-2012-3503

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.5AI score0.03002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2012/08/25 12:0 a.m.4 views

PT-2012-4767 · Red Hat · Katello

Name of the Vulnerable Software and Affected Versions: Katello versions 1.0 and earlier Description: The installation script does not properly generate the Application.config.secret token value, resulting in each default installation having the same secret token. This allows remote attackers to...

9.8CVSS9.2AI score0.03002EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2012/08/21 8:10 p.m.7 views

Important: Red Hat Security Advisory: katello security update

Updated katello packages that fix one security issue are now available for Red Hat CloudForms. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

9.8CVSS7.2AI score0.03002EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/08/21 8:10 p.m.8 views

Katello: Application.config.secret_token is not generated properly

The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secrettoken value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary...

9.8CVSS7.5AI score0.03002EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2012/06/27 12:0 a.m.29 views

sos security, bug fix, and enhancement update

2.2-29.0.1.el6 - Direct traceroute to linux.oracle.com John Haxby orabug 11713272 - Disable --upload option as it will not work with Oracle support - Check oraclelinux-release instead of redhat-release to get OS version John Haxby bug 11681869 - Remove RH ftp URL and support email - add...

4.3CVSS6.4AI score0.01429EPSS
Exploits0
Rows per page
Query Builder