Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4423 | 2.1 |
CloudForms stores user passwords in recoverable format
|
13-02-2023 - 04:46 | 04-11-2019 - 13:15 | |
CVE-2013-4172 | 8.5 |
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
|
13-02-2023 - 04:45 | 23-08-2013 - 16:55 | |
CVE-2013-2050 | 7.5 |
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the
|
13-02-2023 - 04:42 | 11-01-2014 - 01:55 | |
CVE-2014-3642 | 6.5 |
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
|
13-02-2023 - 00:41 | 06-10-2014 - 14:55 | |
CVE-2014-0140 | 4.0 |
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
|
13-02-2023 - 00:32 | 06-10-2014 - 14:55 | |
CVE-2013-0185 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
|
13-02-2023 - 00:27 | 01-05-2018 - 19:29 | |
CVE-2013-2049 | 5.0 |
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
|
13-06-2018 - 14:11 | 01-05-2018 - 19:29 | |
CVE-2013-1900 | 8.5 |
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat
|
20-10-2017 - 01:29 | 04-04-2013 - 17:55 | |
CVE-2013-1899 | 6.5 |
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration setti
|
01-12-2013 - 04:27 | 04-04-2013 - 17:55 | |
CVE-2013-1901 | 4.0 |
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. Pe
|
01-12-2013 - 04:27 | 04-04-2013 - 17:55 |