Cloudforms Security Vulnerabilities and Issues — Cloudforms CVE List

Lucene search

RedhatCloudforms

11 matches found

CVE•added 2019/04/20 12:29 a.m.•2194 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01768EPSS

CVE•added 2019/03/27 2:29 p.m.•305 views

CVE-2019-5418

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.5CVSS8.3AI score0.94309EPSS

CVE•added 2019/03/27 2:29 p.m.•248 views

CVE-2019-5419

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2,

7.8CVSS8.1AI score0.09057EPSS

CVE•added 2019/11/01 7:15 p.m.•178 views

CVE-2013-0186

Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00401EPSS

CVE•added 2019/09/25 10:15 p.m.•134 views

CVE-2019-16892

In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).

7.1CVSS5.3AI score0.00235EPSS

CVE•added 2019/06/14 2:29 p.m.•96 views

CVE-2019-10159

cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available.

4.3CVSS4.4AI score0.00215EPSS

CVE•added 2019/11/22 12:15 p.m.•66 views

CVE-2018-10854

cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.

6.5CVSS5.1AI score0.00261EPSS

CVE•added 2019/06/27 9:15 p.m.•64 views

CVE-2019-10177

A stored cross-site scripting (XSS) vulnerability was found in the PDF export component of CloudForms, versions 5.9 and 5.10, due to user input is not properly sanitized. An attacker with least privilege to edit compute is able to execute a XSS attack against other users, which could lead to malici...

6.5CVSS6.2AI score0.004EPSS

CVE•added 2019/06/12 2:29 p.m.•59 views

CVE-2017-15123

A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines.

5.3CVSS4.9AI score0.00245EPSS

CVE•added 2019/12/13 1:15 p.m.•58 views

CVE-2014-0197

CFME: CSRF protection vulnerability via permissive check of the referrer header

8.8CVSS8.7AI score0.00356EPSS

CVE•added 2019/11/04 1:15 p.m.•47 views

CVE-2013-4423

CloudForms stores user passwords in recoverable format

5.5CVSS5.5AI score0.00104EPSS