Show filters
94 Total Results
Displaying 21-30 of 94
Sort by:
Attacker Value
Unknown

CVE-2012-6685

Disclosure Date: February 19, 2020 (last updated February 21, 2025)
Nokogiri before 1.5.4 is vulnerable to XXE attacks
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-14864

Disclosure Date: January 02, 2020 (last updated February 21, 2025)
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-3536

Disclosure Date: December 15, 2019 (last updated November 27, 2024)
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-0197

Disclosure Date: December 13, 2019 (last updated November 27, 2024)
CFME: CSRF protection vulnerability via permissive check of the referrer header
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-10854

Disclosure Date: November 22, 2019 (last updated November 27, 2024)
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-6461

Disclosure Date: November 05, 2019 (last updated November 27, 2024)
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-6460

Disclosure Date: November 05, 2019 (last updated November 27, 2024)
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2013-4423

Disclosure Date: November 04, 2019 (last updated November 27, 2024)
CloudForms stores user passwords in recoverable format
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2013-0186

Disclosure Date: November 01, 2019 (last updated November 27, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-16892

Disclosure Date: September 25, 2019 (last updated December 29, 2023)
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption).
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
View More Topics  < Previous  Next >