Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-1000338 | 5.0 |
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s
|
29-08-2024 - 11:09 | 01-06-2018 - 20:29 | |
CVE-2017-15100 | 4.3 |
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on
|
15-02-2024 - 21:36 | 27-11-2017 - 14:29 | |
CVE-2017-15095 | 7.5 |
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
|
13-09-2023 - 14:23 | 06-02-2018 - 15:29 | |
CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
13-09-2023 - 14:16 | 17-05-2019 - 17:29 | |
CVE-2019-10906 | 5.0 |
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
|
01-03-2023 - 14:56 | 07-04-2019 - 00:29 | |
CVE-2019-12387 | 4.3 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
|
28-02-2023 - 20:47 | 10-06-2019 - 12:29 | |
CVE-2018-1097 | 4.0 |
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
|
13-02-2023 - 04:53 | 04-04-2018 - 21:29 | |
CVE-2019-14825 | 4.0 |
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry cre
|
12-02-2023 - 23:34 | 25-11-2019 - 16:15 | |
CVE-2017-15137 | 5.0 |
The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as "oc tag", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed.
|
12-02-2023 - 23:28 | 16-07-2018 - 20:29 | |
CVE-2017-12195 | 5.8 |
A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication
|
12-02-2023 - 23:28 | 27-07-2018 - 15:29 | |
CVE-2017-12175 | 3.5 |
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.
|
12-02-2023 - 23:27 | 26-07-2018 - 17:29 | |
CVE-2018-10917 | 4.0 |
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso reposit
|
12-02-2023 - 22:15 | 15-08-2018 - 17:29 | |
CVE-2018-14632 | 4.0 |
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service whi
|
07-02-2023 - 22:18 | 06-09-2018 - 14:29 | |
CVE-2015-3208 | None |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
|
12-01-2023 - 23:15 | 25-07-2017 - 18:29 | |
CVE-2019-3893 | 4.0 |
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resou
|
30-11-2022 - 22:00 | 09-04-2019 - 16:29 | |
CVE-2020-10716 | 4.0 |
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and
|
21-10-2022 - 17:58 | 27-05-2021 - 19:15 | |
CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
CVE-2018-10237 | 4.3 |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
|
29-06-2022 - 19:15 | 26-04-2018 - 21:29 | |
CVE-2018-5382 | 3.6 |
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t
|
20-04-2022 - 15:31 | 16-04-2018 - 14:29 | |
CVE-2017-5929 | 7.5 |
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
|
18-04-2022 - 17:58 | 13-03-2017 - 06:59 | |
CVE-2017-7536 | 4.4 |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
|
10-03-2022 - 13:57 | 10-01-2018 - 15:29 | |
CVE-2017-10690 | 4.0 |
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
|
24-01-2022 - 16:46 | 09-02-2018 - 20:29 | |
CVE-2018-1000632 | 5.0 |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo
|
07-09-2021 - 06:15 | 20-08-2018 - 19:31 | |
CVE-2018-7536 | 5.0 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expr
|
04-08-2021 - 17:14 | 09-03-2018 - 20:29 | |
CVE-2016-1000339 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lo
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000352 | 5.8 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000346 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000345 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identif
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000344 | 5.8 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000342 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000343 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generate
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000341 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacke
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000340 | 5.0 |
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom el
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2019-3891 | 2.1 |
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify th
|
15-10-2020 - 19:58 | 15-04-2019 - 12:31 | |
CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
01-10-2020 - 00:15 | 17-05-2019 - 17:29 | |
CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
CVE-2018-1090 | 5.0 |
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
|
09-10-2019 - 23:38 | 18-06-2018 - 14:29 | |
CVE-2018-1096 | 4.0 |
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
|
09-10-2019 - 23:38 | 05-04-2018 - 21:29 | |
CVE-2018-16470 | 5.0 |
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
|
09-10-2019 - 23:36 | 13-11-2018 - 23:29 | |
CVE-2017-15138 | 4.0 |
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
|
09-10-2019 - 23:24 | 13-08-2018 - 17:29 | |
CVE-2019-0231 | 5.0 |
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.
|
08-10-2019 - 17:47 | 01-10-2019 - 20:15 | |
CVE-2017-10689 | 2.1 |
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
|
03-10-2019 - 00:03 | 09-02-2018 - 20:29 | |
CVE-2017-1000095 | 4.0 |
The default whitelist included the following unsafe entries: DefaultGroovyMethods.putAt(Object, String, Object); DefaultGroovyMethods.getAt(Object, String). These allowed circumventing many of the access restrictions implemented in the script sandbox
|
03-10-2019 - 00:03 | 05-10-2017 - 01:29 | |
CVE-2018-1000169 | 5.0 |
An exposure of sensitive information vulnerability exists in Jenkins 2.115 and older, LTS 2.107.1 and older, in CLICommand.java and ViewOptionHandler.java that allows unauthorized attackers to confirm the existence of agents or views with an attacker
|
31-07-2019 - 03:15 | 16-04-2018 - 09:58 | |
CVE-2016-10745 | 5.0 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
|
06-06-2019 - 16:29 | 08-04-2019 - 13:29 | |
CVE-2018-16861 | 3.5 |
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possib
|
14-05-2019 - 17:29 | 07-12-2018 - 19:29 | |
CVE-2018-14664 | 3.5 |
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs b
|
14-05-2019 - 17:29 | 12-10-2018 - 22:15 | |
CVE-2016-6346 | 5.0 |
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
|
14-05-2019 - 17:29 | 07-09-2016 - 18:59 | |
CVE-2018-16887 | 3.5 |
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Rep
|
14-05-2019 - 17:29 | 13-01-2019 - 02:29 | |
CVE-2018-6188 | 5.0 |
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated b
|
12-03-2019 - 17:54 | 05-02-2018 - 03:29 | |
CVE-2018-7537 | 5.0 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due t
|
28-02-2019 - 22:37 | 09-03-2018 - 20:29 | |
CVE-2017-7233 | 5.8 |
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some nu
|
17-10-2018 - 10:29 | 04-04-2017 - 17:59 | |
CVE-2015-6644 | 4.3 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
|
17-10-2018 - 10:29 | 06-01-2016 - 19:59 | |
CVE-2016-10516 | 4.3 |
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML v
|
04-02-2018 - 02:29 | 23-10-2017 - 16:29 | |
CVE-2017-17718 | 4.3 |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
|
05-01-2018 - 18:12 | 17-12-2017 - 21:29 |