Cloudforms Managementengine CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (106 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2012-6685	2 Nokogiri, Redhat	9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more	2024-08-06	7.5 High
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2013-6443	1 Redhat	3 Cloudforms, Cloudforms 3.0 Management Engine, Cloudforms Managementengine	2024-08-06	N/A
CloudForms 3.0 Management Engine before 5.2.1.6 allows remote attackers to bypass the Ruby on Rails protect_from_forgery mechanism and conduct cross-site request forgery (CSRF) attacks via a destructive action in a request.
CVE-2013-6417	2 Redhat, Rubyonrails	5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more	2024-08-06	N/A
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
CVE-2013-4423	1 Redhat	2 Cloudforms, Cloudforms Managementengine	2024-08-06	5.5 Medium
CloudForms stores user passwords in recoverable format
CVE-2013-4389	4 Debian, Opensuse, Redhat and 1 more	4 Debian Linux, Opensuse, Cloudforms Managementengine and 1 more	2024-08-06	N/A
Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message.
CVE-2013-4172	1 Redhat	3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine	2024-08-06	N/A
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.

« first previous Page 6 of 6.