Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Subscriptions
Total 534 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-0264 3 Ibm, Redhat, Suse 15 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 12 more 2024-11-21 5.6 Medium
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 24 Mac Os X, Ubuntu Linux, Debian Linux and 21 more 2024-11-21 N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-7518 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms.
CVE-2015-6644 2 Google, Redhat 6 Android, Jboss Amq, Jboss Enterprise Application Platform and 3 more 2024-11-21 N/A
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.
CVE-2015-5282 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVE-2015-5233 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.
CVE-2015-5164 2 Pulpproject, Redhat 2 Qpid, Satellite 2024-11-21 N/A
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
CVE-2015-5152 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.
CVE-2015-5041 3 Ibm, Redhat, Suse 8 Java Sdk, Websphere Application Server, Network Satellite and 5 more 2024-11-21 N/A
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
CVE-2015-5006 3 Ibm, Redhat, Suse 11 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 8 more 2024-11-21 N/A
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
CVE-2015-4902 4 Opensuse, Oracle, Redhat and 1 more 24 Leap, Opensuse, Jdk and 21 more 2024-11-21 N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVE-2015-3448 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2024-11-21 N/A
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
CVE-2015-3235 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
CVE-2015-3225 4 Debian, Opensuse, Rack Project and 1 more 6 Debian Linux, Opensuse, Rack and 3 more 2024-11-21 N/A
lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth.
CVE-2015-3155 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 102 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 99 more 2024-11-21 N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2015-2590 6 Canonical, Debian, Opensuse and 3 more 25 Ubuntu Linux, Debian Linux, Opensuse and 22 more 2024-11-21 9.8 Critical
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
CVE-2015-1931 3 Ibm, Redhat, Suse 10 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 7 more 2024-11-21 5.5 Medium
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
CVE-2015-1844 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
CVE-2015-1820 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2024-11-21 N/A
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.