Page 6 of 27 results (0.027 seconds)

CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0

It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. Se ha descubierto que CloudForms en versiones anteriores a la 5.6.2.2 y versiones 5.7.0.7 no aplicó correctamente controles de permisos a los ID de las máquinas virtuales pasados por los usuarios. Un atacante autenticado remoto podría emplear este error para ejecutar máquinas virtuales en sistemas gestionados por CloudForms si conoce el ID de la máquina It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. • http://rhn.redhat.com/errata/RHSA-2016-2091.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7071 https://access.redhat.com/security/cve/CVE-2016-7071 https://bugzilla.redhat.com/show_bug.cgi?id=1383124 • CWE-285: Improper Authorization •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE. • https://bugzilla.redhat.com/show_bug.cgi?id=1178970 https://github.com/sparklemotion/nokogiri/issues/693 https://nokogiri.org/CHANGELOG.html#154-2012-06-12 https://access.redhat.com/security/cve/CVE-2012-6685 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •