Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Subscriptions
Total 534 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0208 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.
CVE-2014-0192 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 N/A
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
CVE-2014-0141 1 Redhat 1 Satellite 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2014-0135 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Kafo 2024-11-21 N/A
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by reading the file.
CVE-2014-0091 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 5.3 Medium
Foreman has improper input validation which could lead to partial Denial of Service
CVE-2014-0090 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 N/A
Session fixation vulnerability in Foreman before 1.4.2 allows remote attackers to hijack web sessions via the session id cookie.
CVE-2014-0089 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in app/views/common/500.html.erb in Foreman 1.4.x before 1.4.2 allows remote authenticated users to inject arbitrary web script or HTML via the bookmark name when adding a bookmark.
CVE-2014-0007 2 Redhat, Theforeman 4 Openstack, Satellite, Satellite Capsule and 1 more 2024-11-21 N/A
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
CVE-2013-7440 2 Python, Redhat 4 Python, Rhel Software Collections, Satellite and 1 more 2024-11-21 N/A
The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2013-6668 4 Debian, Google, Nodejs and 1 more 7 Debian Linux, Chrome, V8 and 4 more 2024-11-21 N/A
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2013-6650 4 Debian, Google, Opensuse and 1 more 6 Debian Linux, Chrome, Opensuse and 3 more 2024-11-21 N/A
The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages."
CVE-2013-6640 2 Google, Redhat 5 Chrome, V8, Rhel Software Collections and 2 more 2024-11-21 N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
CVE-2013-6639 2 Google, Redhat 5 Chrome, V8, Rhel Software Collections and 2 more 2024-11-21 N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
CVE-2013-6461 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2024-11-21 6.5 Medium
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVE-2013-6460 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2024-11-21 6.5 Medium
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVE-2013-6459 2 Mislav Marohnic, Redhat 3 Will Paginate, Satellite, Satellite Capsule 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
CVE-2013-4480 2 Redhat, Suse 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more 2024-11-21 N/A
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2013-4415 2 Redhat, Suse 6 Network Satellite, Satellite, Satellite 5 Managed Db and 3 more 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.
CVE-2013-4386 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2024-11-21 N/A
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-4347 2 Redhat, Urbanairship 3 Satellite, Satellite Capsule, Python-oauth2 2024-11-21 N/A
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack.