Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Capsule Subscriptions
Total 274 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-6639 2 Google, Redhat 5 Chrome, V8, Rhel Software Collections and 2 more 2024-11-21 N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
CVE-2013-6459 2 Mislav Marohnic, Redhat 3 Will Paginate, Satellite, Satellite Capsule 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
CVE-2013-4347 2 Redhat, Urbanairship 3 Satellite, Satellite Capsule, Python-oauth2 2024-11-21 N/A
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.
CVE-2013-4346 2 Redhat, Urbanairship 3 Satellite, Satellite Capsule, Python-oauth2 2024-11-21 N/A
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
CVE-2013-2882 4 Debian, Google, Nodejs and 1 more 6 Debian Linux, Chrome, Node.js and 3 more 2024-11-21 N/A
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2013-2099 3 Canonical, Python, Redhat 8 Ubuntu Linux, Python, Openstack and 5 more 2024-11-21 N/A
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
CVE-2012-6619 2 Mongodb, Redhat 5 Mongodb, Enterprise Mrg, Openstack and 2 more 2024-11-21 N/A
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVE-2009-3555 9 Apache, Canonical, Debian and 6 more 15 Http Server, Ubuntu Linux, Debian Linux and 12 more 2024-11-21 N/A
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
CVE-2024-8376 2 Eclipse, Redhat 3 Mosquitto, Satellite, Satellite Capsule 2024-11-15 7.5 High
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.
CVE-2024-42005 2 Djangoproject, Redhat 4 Django, Ansible Automation Platform, Satellite and 1 more 2024-10-23 9.8 Critical
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg.
CVE-2024-41991 2 Djangoproject, Redhat 4 Django, Ansible Automation Platform, Satellite and 1 more 2024-08-12 7.5 High
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
CVE-2024-7246 1 Redhat 3 Ansible Automation Platform, Satellite, Satellite Capsule 2024-08-06 4.8 Medium
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4.
CVE-2023-38037 1 Redhat 3 Logging, Satellite, Satellite Capsule 2023-08-23 3.3 Low
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system.
CVE-2023-27539 1 Redhat 5 Enterprise Linux, Logging, Rhel Eus and 2 more 2023-03-15 5.3 Medium
A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service.