Filtered by vendor Cloudforms Cloudengine
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6118 | 2 Cloudforms Cloudengine, Redhat | 2 1, Aeolus Conductor | 2025-04-11 | N/A |
| The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | ||||
| CVE-2013-0156 | 5 Cloudforms Cloudengine, Debian, Redhat and 2 more | 6 1, Debian Linux, Openshift and 3 more | 2025-04-11 | N/A |
| active_support/core_ext/hash/conversions.rb in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) involving nested XML entity references, by leveraging Action Pack support for (1) YAML type conversion or (2) Symbol type conversion. | ||||
| CVE-2013-0183 | 3 Cloudforms Cloudengine, Rack Project, Rhel Sam | 3 1, Rack, 1.2 | 2025-04-11 | N/A |
| multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. | ||||
| CVE-2012-6109 | 3 Cloudforms Cloudengine, Rack Project, Rhel Sam | 3 1, Rack, 1.2 | 2025-04-11 | N/A |
| lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | ||||
| CVE-2013-0256 | 5 Canonical, Cloudforms Cloudengine, Redhat and 2 more | 6 Ubuntu Linux, 1, Openshift and 3 more | 2025-04-11 | N/A |
| darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | ||||
| CVE-2012-5509 | 2 Cloudforms Cloudengine, Redhat | 2 1, Cloudforms Cloud Engine | 2025-04-11 | N/A |
| aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file. | ||||
| CVE-2012-1986 | 3 Cloudforms Cloudengine, Puppet, Puppetlabs | 5 1, Puppet, Puppet Enterprise and 2 more | 2025-04-11 | N/A |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. | ||||
| CVE-2012-1987 | 3 Cloudforms Cloudengine, Puppet, Puppetlabs | 5 1, Puppet, Puppet Enterprise and 2 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations. | ||||