Filtered by vendor Redhat
Subscriptions
Filtered by product Satellite Capsule
Subscriptions
Total
274 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6639 | 2 Google, Redhat | 5 Chrome, V8, Rhel Software Collections and 2 more | 2024-11-21 | N/A |
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | ||||
CVE-2013-6459 | 2 Mislav Marohnic, Redhat | 3 Will Paginate, Satellite, Satellite Capsule | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | ||||
CVE-2013-4347 | 2 Redhat, Urbanairship | 3 Satellite, Satellite Capsule, Python-oauth2 | 2024-11-21 | N/A |
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. | ||||
CVE-2013-4346 | 2 Redhat, Urbanairship | 3 Satellite, Satellite Capsule, Python-oauth2 | 2024-11-21 | N/A |
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | ||||
CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 6 Debian Linux, Chrome, Node.js and 3 more | 2024-11-21 | N/A |
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
CVE-2013-2099 | 3 Canonical, Python, Redhat | 8 Ubuntu Linux, Python, Openstack and 5 more | 2024-11-21 | N/A |
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. | ||||
CVE-2012-6619 | 2 Mongodb, Redhat | 5 Mongodb, Enterprise Mrg, Openstack and 2 more | 2024-11-21 | N/A |
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | ||||
CVE-2009-3555 | 9 Apache, Canonical, Debian and 6 more | 15 Http Server, Ubuntu Linux, Debian Linux and 12 more | 2024-11-21 | N/A |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||||
CVE-2024-8376 | 2 Eclipse, Redhat | 3 Mosquitto, Satellite, Satellite Capsule | 2024-11-15 | 7.5 High |
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets. | ||||
CVE-2024-42005 | 2 Djangoproject, Redhat | 4 Django, Ansible Automation Platform, Satellite and 1 more | 2024-10-23 | 9.8 Critical |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
CVE-2024-41991 | 2 Djangoproject, Redhat | 4 Django, Ansible Automation Platform, Satellite and 1 more | 2024-08-12 | 7.5 High |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | ||||
CVE-2024-7246 | 1 Redhat | 3 Ansible Automation Platform, Satellite, Satellite Capsule | 2024-08-06 | 4.8 Medium |
It's possible for a gRPC client communicating with a HTTP/2 proxy to poison the HPACK table between the proxy and the backend such that other clients see failed requests. It's also possible to use this vulnerability to leak other clients HTTP header keys, but not values. This occurs because the error status for a misencoded header is not cleared between header reads, resulting in subsequent (incrementally indexed) added headers in the first request being poisoned until cleared from the HPACK table. Please update to a fixed version of gRPC as soon as possible. This bug has been fixed in 1.58.3, 1.59.5, 1.60.2, 1.61.3, 1.62.3, 1.63.2, 1.64.3, 1.65.4. | ||||
CVE-2023-38037 | 1 Redhat | 3 Logging, Satellite, Satellite Capsule | 2023-08-23 | 3.3 Low |
An insecure temporary file vulnerability was found in activesupport rubygem. Contents that will be encrypted are written to a temporary file that has the user’s current umask settings, possibly leading to information disclosure by other users on the same system. | ||||
CVE-2023-27539 | 1 Redhat | 5 Enterprise Linux, Logging, Rhel Eus and 2 more | 2023-03-15 | 5.3 Medium |
A denial of service vulnerability was found in rubygem-rack in how it parses headers. A carefully crafted input can cause header parsing to take an unexpected amount of time, possibly resulting in a denial of service. |