Max CVSS | 9.3 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2016-1000338 | 5.0 |
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s
|
29-08-2024 - 11:09 | 01-06-2018 - 20:29 | |
CVE-2017-15100 | 4.3 |
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on
|
15-02-2024 - 21:36 | 27-11-2017 - 14:29 | |
CVE-2017-2667 | 6.8 |
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middl
|
26-01-2024 - 17:46 | 12-03-2018 - 15:29 | |
CVE-2017-15095 | 7.5 |
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
|
13-09-2023 - 14:23 | 06-02-2018 - 15:29 | |
CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
13-09-2023 - 14:16 | 17-05-2019 - 17:29 | |
CVE-2014-8183 | 6.5 |
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
|
03-03-2023 - 16:39 | 01-08-2019 - 14:15 | |
CVE-2019-10906 | 5.0 |
In Pallets Jinja before 2.10.1, str.format_map allows a sandbox escape.
|
01-03-2023 - 14:56 | 07-04-2019 - 00:29 | |
CVE-2019-12387 | 4.3 |
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
|
28-02-2023 - 20:47 | 10-06-2019 - 12:29 | |
CVE-2018-1097 | 4.0 |
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
|
13-02-2023 - 04:53 | 04-04-2018 - 21:29 | |
CVE-2016-4996 | 1.9 |
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in the system journal when used to log in, which allows local users with access to the system journal to obtain th
|
13-02-2023 - 04:50 | 17-07-2017 - 13:18 | |
CVE-2016-6319 | 4.3 |
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
|
13-02-2023 - 04:50 | 19-08-2016 - 21:59 | |
CVE-2016-3696 | 2.1 |
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key.
|
13-02-2023 - 04:50 | 13-06-2017 - 16:29 | |
CVE-2019-14825 | 4.0 |
A cleartext password storage issue was discovered in Katello, versions 3.x.x.x before katello 3.12.0.9. Registry credentials used during container image discovery were inadvertently logged without being masked. This flaw could expose the registry cre
|
12-02-2023 - 23:34 | 25-11-2019 - 16:15 | |
CVE-2018-14623 | 4.0 |
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix
|
12-02-2023 - 23:31 | 14-12-2018 - 00:29 | |
CVE-2017-12175 | 3.5 |
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.
|
12-02-2023 - 23:27 | 26-07-2018 - 17:29 | |
CVE-2016-8634 | 3.5 |
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard (/organizations/id/step2) will render the HTML. This occurs in the alertbox on the page. T
|
12-02-2023 - 23:26 | 01-08-2018 - 12:29 | |
CVE-2016-8613 | 4.3 |
A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTM
|
12-02-2023 - 23:26 | 31-07-2018 - 20:29 | |
CVE-2016-4995 | 3.5 |
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a UR
|
12-02-2023 - 23:22 | 19-08-2016 - 21:59 | |
CVE-2016-4451 | 6.0 |
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organi
|
12-02-2023 - 23:21 | 19-08-2016 - 21:59 | |
CVE-2016-3704 | 5.0 |
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords.
|
12-02-2023 - 23:18 | 13-06-2017 - 17:29 | |
CVE-2016-3693 | 6.8 |
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
|
12-02-2023 - 23:18 | 20-05-2016 - 14:59 | |
CVE-2018-10917 | 4.0 |
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso reposit
|
12-02-2023 - 22:15 | 15-08-2018 - 17:29 | |
CVE-2017-15699 | 6.8 |
A Denial of Service vulnerability was found in Apache Qpid Dispatch Router versions 0.7.0 and 0.8.0. To exploit this vulnerability, a remote user must be able to establish an AMQP connection to the Qpid Dispatch Router and send a specifically crafted
|
09-02-2023 - 15:58 | 13-02-2018 - 22:29 | |
CVE-2016-1669 | 9.3 |
The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer
|
19-01-2023 - 16:26 | 14-05-2016 - 21:59 | |
CVE-2015-3208 | None |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
|
12-01-2023 - 23:15 | 25-07-2017 - 18:29 | |
CVE-2019-3893 | 4.0 |
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resou
|
30-11-2022 - 22:00 | 09-04-2019 - 16:29 | |
CVE-2020-10716 | 4.0 |
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and
|
21-10-2022 - 17:58 | 27-05-2021 - 19:15 | |
CVE-2013-6668 | 7.5 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
16-08-2022 - 13:30 | 05-03-2014 - 05:11 | |
CVE-2019-10086 | 7.5 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
|
25-07-2022 - 18:15 | 20-08-2019 - 21:15 | |
CVE-2018-10237 | 4.3 |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
|
29-06-2022 - 19:15 | 26-04-2018 - 21:29 | |
CVE-2018-5382 | 3.6 |
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t
|
20-04-2022 - 15:31 | 16-04-2018 - 14:29 | |
CVE-2017-5929 | 7.5 |
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
|
18-04-2022 - 17:58 | 13-03-2017 - 06:59 | |
CVE-2017-7536 | 4.4 |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
|
10-03-2022 - 13:57 | 10-01-2018 - 15:29 | |
CVE-2017-10690 | 4.0 |
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
|
24-01-2022 - 16:46 | 09-02-2018 - 20:29 | |
CVE-2018-1000632 | 5.0 |
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo
|
07-09-2021 - 06:15 | 20-08-2018 - 19:31 | |
CVE-2018-7536 | 5.0 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expr
|
04-08-2021 - 17:14 | 09-03-2018 - 20:29 | |
CVE-2016-1000339 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lo
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000352 | 5.8 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000346 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000345 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identif
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000344 | 5.8 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
|
20-10-2020 - 22:15 | 04-06-2018 - 21:29 | |
CVE-2016-1000342 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000343 | 5.0 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generate
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000341 | 4.3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacke
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2016-1000340 | 5.0 |
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom el
|
20-10-2020 - 22:15 | 04-06-2018 - 13:29 | |
CVE-2019-3891 | 2.1 |
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify th
|
15-10-2020 - 19:58 | 15-04-2019 - 12:31 | |
CVE-2019-12086 | 5.0 |
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
|
01-10-2020 - 00:15 | 17-05-2019 - 17:29 | |
CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
CVE-2019-10198 | 4.0 |
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view th
|
30-09-2020 - 18:16 | 31-07-2019 - 22:15 | |
CVE-2018-1090 | 5.0 |
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
|
09-10-2019 - 23:38 | 18-06-2018 - 14:29 | |
CVE-2018-1096 | 4.0 |
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
|
09-10-2019 - 23:38 | 05-04-2018 - 21:29 | |
CVE-2018-16470 | 5.0 |
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use CPU resources disproportionate to the request size.
|
09-10-2019 - 23:36 | 13-11-2018 - 23:29 | |
CVE-2017-2672 | 4.0 |
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those sy
|
09-10-2019 - 23:27 | 21-06-2018 - 13:29 | |
CVE-2016-8639 | 3.5 |
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code withi
|
09-10-2019 - 23:20 | 01-08-2018 - 13:29 | |
CVE-2016-9595 | 3.6 |
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
|
09-10-2019 - 23:20 | 27-07-2018 - 18:29 | |
CVE-2016-9593 | 4.0 |
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
|
09-10-2019 - 23:20 | 16-04-2018 - 15:29 | |
CVE-2016-7077 | 4.0 |
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
|
09-10-2019 - 23:19 | 10-09-2018 - 15:29 | |
CVE-2016-7078 | 4.0 |
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's vi
|
09-10-2019 - 23:19 | 10-09-2018 - 15:29 | |
CVE-2019-0231 | 5.0 |
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.
|
08-10-2019 - 17:47 | 01-10-2019 - 20:15 | |
CVE-2017-10689 | 2.1 |
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
|
03-10-2019 - 00:03 | 09-02-2018 - 20:29 | |
CVE-2016-10745 | 5.0 |
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
|
06-06-2019 - 16:29 | 08-04-2019 - 13:29 | |
CVE-2018-16861 | 3.5 |
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possib
|
14-05-2019 - 17:29 | 07-12-2018 - 19:29 | |
CVE-2018-14664 | 3.5 |
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs b
|
14-05-2019 - 17:29 | 12-10-2018 - 22:15 | |
CVE-2016-6346 | 5.0 |
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
|
14-05-2019 - 17:29 | 07-09-2016 - 18:59 | |
CVE-2018-16887 | 3.5 |
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Rep
|
14-05-2019 - 17:29 | 13-01-2019 - 02:29 | |
CVE-2016-2166 | 5.8 |
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, whic
|
23-04-2019 - 12:29 | 12-04-2016 - 14:59 | |
CVE-2018-6188 | 5.0 |
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated b
|
12-03-2019 - 17:54 | 05-02-2018 - 03:29 | |
CVE-2018-7537 | 5.0 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due t
|
28-02-2019 - 22:37 | 09-03-2018 - 20:29 | |
CVE-2015-3225 | 5.0 |
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
|
30-10-2018 - 16:27 | 26-07-2015 - 22:59 | |
CVE-2017-7233 | 5.8 |
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some nu
|
17-10-2018 - 10:29 | 04-04-2017 - 17:59 | |
CVE-2015-6644 | 4.3 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
|
17-10-2018 - 10:29 | 06-01-2016 - 19:59 | |
CVE-2017-2295 | 6.0 |
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code
|
24-05-2018 - 13:36 | 05-07-2017 - 15:29 | |
CVE-2013-6459 | 4.3 |
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
|
23-02-2018 - 02:29 | 31-12-2013 - 16:04 | |
CVE-2016-10516 | 4.3 |
Cross-site scripting (XSS) vulnerability in the render_full function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 (as used in Pallets Flask and other products) allows remote attackers to inject arbitrary web script or HTML v
|
04-02-2018 - 02:29 | 23-10-2017 - 16:29 | |
CVE-2017-17718 | 4.3 |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
|
05-01-2018 - 18:12 | 17-12-2017 - 21:29 |