EUVD-2021-19527

Malware in sbrugna...

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

ManageIQ MiqExpression 信任管理问题漏洞

ManageIQ MiqExpression is a functional module. A security vulnerability exists in ManageIQ MiqExpression that stems from a problem with parsing files in the Ruby client of the application. kubeclient of the Kubernetes REST API ends up accepting any certificate when the kubeconfig file is not...

CVE-2021-32756

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

Code injection

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

CVE-2021-32756

Summary: ManageIQ’s MiqExpression module is vulnerable to code injection. In versions prior to jansa-4 , kasparov-2 , and lasker-1 , a low-privilege user could craft a Ruby string that is evaluated, enabling execution of arbitrary code with root privileges on the host. The issue arises from evalu...

CVE-2021-32756 Arbitrary eval through MiqExpression

ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to...

PT-2021-19909 · Manageiq · Manageiq

Name of the Vulnerable Software and Affected Versions: ManageIQ versions prior to jansa-4 ManageIQ versions prior to kasparov-2 ManageIQ versions prior to lasker-1 Description: The issue is related to a flaw in the MiqExpression module where a low privilege user could enter a crafted Ruby string...

ManageIQ MiqExpression 代码注入漏洞

ManageIQ MiqExpression is a functional module. A code injection vulnerability exists in the ManageIQ MiqExpression module in versions prior to jansa-4, kasparov-2, and lasker-1, which can be exploited by an attacker to execute arbitrary code on a host system using root privileges...

Denial Of Service (DoS)

CloudForms Management Engine cfme is vulnerable to denial of serviceDoS attacks. An attacker is able to execute arbitrary methods via filtering on VMs that MiqExpression will execute, triggerable by API users. An attacker could use this flaw to crash the application...

CVE-2017-7530

In CloudForms Management Engine cfme before 5.7.3 and 5.8.x before 5.8.1, it was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should n...

cfme: Execution of arbitrary methods through filter param

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...

CVE-2017-7530

It was found that privilege check is missing when invoking arbitrary methods via filtering on VMs that MiqExpression will execute that is triggerable by API users. An attacker could use this to execute actions they should not be allowed to e.g. destroying VMs...