Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

666 matches found

CVE
CVEadded 2017/10/18 2:0 p.m.52 views

CVE-2014-7813

CVE-2014-7813 affects Red Hat CloudForms 3 Management Engine (CFME). The vulnerability allows remote authenticated users to cause a denial of service (resource consumption) through crafted usage involving Ruby on Rails .to_sym calls and lack of garbage collection for inserted symbols. CVSS metric...

6.5CVSS6.1AI score0.00432EPSS
Exploits0References1Affected Software1
CNVD
CNVDadded 2017/08/17 12:0 a.m.2 views

Red Hat CloudForms Management Engine Elevation of Privilege Vulnerability

Red Hat CloudForms Management Engine is an IaaS Infrastructure as a Service cloud services solution from Red Hat, Inc. The solution creates and manages private and public clouds and has application lifecycle management capabilities. An elevation of privilege vulnerability exists in the Red Hat...

8.8CVSS8.8AI score0.00327EPSS
Exploits0References1
CNVD
CNVDadded 2017/08/17 12:0 a.m.1 views

Red Hat CloudForms Management Engine Elevation of Privilege Vulnerability (CNVD-2017-28783)

Red Hat CloudForms Management Engine is a management engine for IaaS cloud service solutions. A security vulnerability in some of the ways that the Red Hat CloudForms Management Engine handles rails applications allows remote attackers to exploit the vulnerability to submit a specially crafted...

6.5CVSS6.7AI score0.0022EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2017/08/02 5:23 p.m.2 views

cfme: API leaks any MiqReportResult

A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

4.3CVSS5.8AI score0.00328EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2017/08/02 5:23 p.m.2 views

CFME: Dialog for creating cloud volumes does not filter cloud tenants CVE-2017-7497

The dialog for creating cloud volumes cinder provider in CloudForms does not filter cloud tenants by user. An attacker with the ability to create storage volumes could use this to create storage volumes for any other tenant...

4.3CVSS5.8AI score0.00121EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2017/08/02 5:23 p.m.67 views

Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update

An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

8.8CVSS6.9AI score0.00328EPSS
Exploits0References217
RedHat Linux
RedHat Linuxadded 2017/08/02 5:23 p.m.3 views

CloudForms: lack of RBAC on various methods in web UI

CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2017/07/14 9:33 a.m.15 views

CVE-2017-7528

Ansible Tower as shipped with Red Hat CloudForms Management Engine 5 is vulnerable to CRLF Injection. It was found that X-Forwarded-For header allows internal servers to deploy other systems using callback...

6.5CVSS7.1AI score0.00144EPSS
Exploits0References3
CNVD
CNVDadded 2017/07/07 12:0 a.m.1 views

Red Hat CloudForms ManageIQ Remote Code Execution Vulnerability

Red Hat CloudForms is a suite of IaaS Infrastructure as a Service cloud services solutions from Red Hat. The solution creates and manages private and public clouds, and has the ability to manage the application lifecycle.ManageIQ is one of the virtualization managers. A security vulnerability...

8.8CVSS8.8AI score0.01531EPSS
Exploits0References1
CNVD
CNVDadded 2017/06/30 12:0 a.m.1 views

Red Hat CloudForms Management Engine Information Disclosure Vulnerability

The Red Hat CloudForms Management Engine CFME is a management engine for IaaS Infrastructure as a Service cloud services solutions from Red Hat, Inc. An information disclosure vulnerability exists in Red Hat CFME. An attacker could exploit this vulnerability to obtain sensitive information...

4.3CVSS6.1AI score0.00328EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2017/06/28 2:51 p.m.31 views

Important: Red Hat Security Advisory: CFME 5.7.3 security, bug fix and enhancement update

Updates for cfme, cfme-appliance, cfme-gemset, rh-ruby23-rubygem-nokogiri, and rh-ruby23-rubygem-ovirt-engine-sdk4 are now available for CloudForms Management Engine 5.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

7.5CVSS6.1AI score0.00328EPSS
Exploits0References158
RedHat Linux
RedHat Linuxadded 2017/06/28 2:51 p.m.4 views

cfme: API leaks any MiqReportResult

A flaw was found in the CloudForms API. A user with permissions to use the MiqReportResults capability within the API could potentially view data from other tenants or groups to which they should not have access...

4.3CVSS5.8AI score0.00328EPSS
Exploits0References4
OSV
OSVadded 2017/06/08 6:29 p.m.1 views

CVE-2016-4457

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate...

7.5CVSS5.8AI score
Exploits0References4
NVD
NVDadded 2017/06/08 6:29 p.m.16 views

CVE-2016-4457

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate...

7.5CVSS7.5AI score0.00249EPSS
Exploits0References4
OSV
OSVadded 2017/06/08 6:29 p.m.1 views

CVE-2016-4471

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

8.8CVSS6AI score
Exploits0References2
Prion
Prionadded 2017/06/08 6:29 p.m.15 views

Code injection

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

6.5CVSS7.5AI score0.01531EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2017/06/08 6:29 p.m.14 views

CVE-2016-4471

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

8.8CVSS8.7AI score0.01531EPSS
Exploits0References2
Prion
Prionadded 2017/06/08 6:29 p.m.12 views

Default credentials

CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate...

5CVSS7AI score0.00249EPSS
Exploits0References4Affected Software1
CVE
CVEadded 2017/06/08 6:0 p.m.52 views

CVE-2016-4471

CVE-2016-4471 affects ManageIQ/CloudForms prior to 4.1, where remote authenticated users could execute arbitrary code. The vulnerability is documented across multiple feeds with concrete references (NVD entry CVE-2016-4471; CNVD/Red Hat advisories). Affected software is ManageIQ in CloudForms bef...

8.8CVSS8.6AI score0.01531EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2017/06/08 6:0 p.m.20 views

CVE-2016-4471

ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code...

8.8AI score0.01531EPSS
Exploits0References2
Rows per page
Query Builder