Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4423 | 2.1 |
CloudForms stores user passwords in recoverable format
|
13-02-2023 - 04:46 | 04-11-2019 - 13:15 | |
CVE-2013-4172 | 8.5 |
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
|
13-02-2023 - 04:45 | 23-08-2013 - 16:55 | |
CVE-2013-2050 | 7.5 |
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the
|
13-02-2023 - 04:42 | 11-01-2014 - 01:55 | |
CVE-2013-0185 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise Virtualization Manager (EVM) allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
|
13-02-2023 - 00:27 | 01-05-2018 - 19:29 | |
CVE-2013-0196 | 4.3 |
A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when reque
|
13-02-2023 - 00:27 | 30-12-2019 - 22:15 | |
CVE-2013-0256 | 4.3 |
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
|
09-09-2021 - 12:28 | 01-03-2013 - 05:40 | |
CVE-2013-2049 | 5.0 |
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
|
13-06-2018 - 14:11 | 01-05-2018 - 19:29 | |
CVE-2013-1900 | 8.5 |
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors relat
|
20-10-2017 - 01:29 | 04-04-2013 - 17:55 | |
CVE-2013-1899 | 6.5 |
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration setti
|
01-12-2013 - 04:27 | 04-04-2013 - 17:55 | |
CVE-2013-1901 | 4.0 |
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions. Pe
|
01-12-2013 - 04:27 | 04-04-2013 - 17:55 |