Max CVSS 7.5 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2017-15100 4.3
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on
15-02-2024 - 21:36 27-11-2017 - 14:29
CVE-2016-1000338 5.0
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in s
06-10-2023 - 15:15 01-06-2018 - 20:29
CVE-2017-15095 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
13-09-2023 - 14:23 06-02-2018 - 15:29
CVE-2018-1097 4.0
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
13-02-2023 - 04:53 04-04-2018 - 21:29
CVE-2016-2100 6.5
Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote authenticated users to read, modify, or delete private bookmarks by leveraging the (1) edit_bookmarks or (2) destroy_bookmarks permission.
13-02-2023 - 04:50 20-05-2016 - 14:59
CVE-2013-4347 5.8
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
13-02-2023 - 04:46 20-05-2014 - 14:55
CVE-2013-2099 4.3
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial
13-02-2023 - 04:42 09-10-2013 - 14:53
CVE-2009-3555 5.8
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
13-02-2023 - 02:20 09-11-2009 - 17:30
CVE-2015-3235 6.0
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
13-02-2023 - 00:48 14-08-2015 - 18:59
CVE-2015-3155 5.0
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
13-02-2023 - 00:47 14-08-2015 - 18:59
CVE-2015-0224 5.0
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
13-02-2023 - 00:45 30-10-2017 - 14:29
CVE-2013-4346 4.3
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
13-02-2023 - 00:28 20-05-2014 - 14:55
CVE-2017-12175 3.5
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.
12-02-2023 - 23:27 26-07-2018 - 17:29
CVE-2018-10917 4.0
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso reposit
12-02-2023 - 22:15 15-08-2018 - 17:29
CVE-2015-3208 None
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
12-01-2023 - 23:15 25-07-2017 - 18:29
CVE-2013-6668 7.5
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
16-08-2022 - 13:30 05-03-2014 - 05:11
CVE-2018-10237 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
29-06-2022 - 19:15 26-04-2018 - 21:29
CVE-2018-5382 3.6
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t
20-04-2022 - 15:31 16-04-2018 - 14:29
CVE-2017-5929 7.5
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
18-04-2022 - 17:58 13-03-2017 - 06:59
CVE-2017-7536 4.4
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privi
10-03-2022 - 13:57 10-01-2018 - 15:29
CVE-2017-10690 4.0
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
24-01-2022 - 16:46 09-02-2018 - 20:29
CVE-2018-7536 5.0
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expr
04-08-2021 - 17:14 09-03-2018 - 20:29
CVE-2016-1000339 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lo
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000352 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000346 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000345 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identif
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000344 5.8
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
20-10-2020 - 22:15 04-06-2018 - 21:29
CVE-2016-1000342 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000343 5.0
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generate
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000341 4.3
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacke
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2016-1000340 5.0
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom el
20-10-2020 - 22:15 04-06-2018 - 13:29
CVE-2019-3891 2.1
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify th
15-10-2020 - 19:58 15-04-2019 - 12:31
CVE-2018-1090 5.0
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
09-10-2019 - 23:38 18-06-2018 - 14:29
CVE-2018-1096 4.0
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
09-10-2019 - 23:38 05-04-2018 - 21:29
CVE-2017-10689 2.1
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
03-10-2019 - 00:03 09-02-2018 - 20:29
CVE-2018-16861 3.5
A cross-site scripting (XSS) flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possib
14-05-2019 - 17:29 07-12-2018 - 19:29
CVE-2018-14664 3.5
A flaw was found in foreman from versions 1.18. A stored cross-site scripting vulnerability exists due to an improperly escaped HTML code in the breadcrumbs bar. This allows a user with permissions to edit which attribute is used in the breadcrumbs b
14-05-2019 - 17:29 12-10-2018 - 22:15
CVE-2016-6346 5.0
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
14-05-2019 - 17:29 07-09-2016 - 18:59
CVE-2018-16887 3.5
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Rep
14-05-2019 - 17:29 13-01-2019 - 02:29
CVE-2016-2166 5.8
The (1) proton.reactor.Connector, (2) proton.reactor.Container, and (3) proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, whic
23-04-2019 - 12:29 12-04-2016 - 14:59
CVE-2018-6188 5.0
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated b
12-03-2019 - 17:54 05-02-2018 - 03:29
CVE-2018-7537 5.0
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due t
28-02-2019 - 22:37 09-03-2018 - 20:29
CVE-2015-3225 5.0
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
30-10-2018 - 16:27 26-07-2015 - 22:59
CVE-2017-7233 5.8
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some nu
17-10-2018 - 10:29 04-04-2017 - 17:59
CVE-2015-6644 4.3
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
17-10-2018 - 10:29 06-01-2016 - 19:59
CVE-2015-1844 4.0
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2015-1816 5.0
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
13-08-2018 - 21:47 14-08-2015 - 18:59
CVE-2015-0203 4.0
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, o
18-03-2018 - 14:05 21-02-2018 - 15:29
CVE-2015-0223 5.0
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
05-01-2018 - 02:29 02-02-2015 - 16:59
CVE-2015-1609 5.0
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
01-07-2017 - 01:29 30-03-2015 - 14:59
CVE-2014-3653 4.3
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
08-07-2015 - 16:05 06-07-2015 - 15:59
Back to Top Mark selected
Back to Top