Show filters
95 Total Results
Displaying 21-30 of 95
Sort by:
Attacker Value
Unknown
CVE-2020-1733
Disclosure Date: March 11, 2020 (last updated February 21, 2025)
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
0
Attacker Value
Unknown
CVE-2012-6685
Disclosure Date: February 19, 2020 (last updated February 21, 2025)
Nokogiri before 1.5.4 is vulnerable to XXE attacks
0
Attacker Value
Unknown
CVE-2019-14864
Disclosure Date: January 02, 2020 (last updated February 21, 2025)
Ansible, versions 2.9.x before 2.9.1, 2.8.x before 2.8.7 and Ansible versions 2.7.x before 2.7.15, is not respecting the flag no_log set it to True when Sumologic and Splunk callback plugins are used send tasks results events to collectors. This would discloses and collects any sensitive data.
0
Attacker Value
Unknown
CVE-2014-3536
Disclosure Date: December 15, 2019 (last updated November 27, 2024)
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
0
Attacker Value
Unknown
CVE-2014-0197
Disclosure Date: December 13, 2019 (last updated November 27, 2024)
CFME: CSRF protection vulnerability via permissive check of the referrer header
0
Attacker Value
Unknown
CVE-2018-10854
Disclosure Date: November 22, 2019 (last updated November 27, 2024)
cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripting due to improper sanitization of user input in Name field.
0
Attacker Value
Unknown
CVE-2013-6461
Disclosure Date: November 05, 2019 (last updated November 27, 2024)
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
0
Attacker Value
Unknown
CVE-2013-6460
Disclosure Date: November 05, 2019 (last updated November 27, 2024)
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
0
Attacker Value
Unknown
CVE-2013-4423
Disclosure Date: November 04, 2019 (last updated November 27, 2024)
CloudForms stores user passwords in recoverable format
0
Attacker Value
Unknown
CVE-2013-0186
Disclosure Date: November 01, 2019 (last updated November 27, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
