Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Subscriptions
Total 534 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1816 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate.
CVE-2015-1609 3 Fedoraproject, Mongodb, Redhat 4 Fedora, Mongodb, Satellite and 1 more 2024-11-21 N/A
MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request.
CVE-2015-0284 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2015-0224 2 Apache, Redhat 4 Qpid, Enterprise Mrg, Satellite and 1 more 2024-11-21 N/A
qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0203.
CVE-2015-0223 2 Apache, Redhat 4 Qpid, Enterprise Mrg, Satellite and 1 more 2024-11-21 N/A
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2015-0203 2 Apache, Redhat 4 Qpid, Enterprise Mrg, Satellite and 1 more 2024-11-21 N/A
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
CVE-2014-8183 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 7.4 High
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2024-11-21 N/A
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2014-8168 1 Redhat 1 Satellite 2024-11-21 7.8 High
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2014-8163 1 Redhat 1 Satellite 2024-11-21 N/A
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2014-7812 2 Redhat, Suse 4 Network Satellite, Satellite, Spacewalk and 1 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2014-4616 5 Opensuse, Opensuse Project, Python and 2 more 8 Opensuse, Opensuse, Python and 5 more 2024-11-21 5.9 Medium
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
CVE-2014-3691 2 Redhat, Theforeman 5 Openstack, Openstack-installer, Satellite and 2 more 2024-11-21 N/A
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
CVE-2014-3654 2 Redhat, Suse 7 Network Satellite, Satellite, Satellite With Embedded Oracle and 4 more 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CVE-2014-3653 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
CVE-2014-3595 2 Redhat, Suse 7 Network Satellite, Satellite, Satellite With Embedded Oracle and 4 more 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
CVE-2014-3590 1 Redhat 2 Satellite, Satellite Capsule 2024-11-21 6.5 Medium
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVE-2014-3531 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) description.
CVE-2014-1704 2 Google, Redhat 5 Chrome, V8, Rhel Software Collections and 2 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2014-0241 2 Redhat, Theforeman 2 Satellite, Hammer Cli 2024-11-21 5.5 Medium
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable