ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Satellite Capsule
Subscriptions
Total
286 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0007 | 2 Redhat, Theforeman | 4 Openstack, Satellite, Satellite Capsule and 1 more | 2025-04-12 | N/A |
| The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file. | ||||
| CVE-2015-3448 | 2 Redhat, Rest-client Project | 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more | 2025-04-12 | N/A |
| REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. | ||||
| CVE-2013-6668 | 4 Debian, Google, Nodejs and 1 more | 7 Debian Linux, Chrome, V8 and 4 more | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||||
| CVE-2015-3155 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2015-3235 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | ||||
| CVE-2015-1609 | 3 Fedoraproject, Mongodb, Redhat | 4 Fedora, Mongodb, Satellite and 1 more | 2025-04-12 | N/A |
| MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | ||||
| CVE-2015-0223 | 2 Apache, Redhat | 4 Qpid, Enterprise Mrg, Satellite and 1 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. | ||||
| CVE-2015-6644 | 2 Google, Redhat | 6 Android, Jboss Amq, Jboss Enterprise Application Platform and 3 more | 2025-04-12 | N/A |
| Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | ||||
| CVE-2013-7440 | 2 Python, Redhat | 4 Python, Rhel Software Collections, Satellite and 1 more | 2025-04-12 | N/A |
| The ssl.match_hostname function in CPython (aka Python) before 2.7.9 and 3.x before 3.3.3 does not properly handle wildcards in hostnames, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2015-7518 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart class parameters, or (3) smart variables in the (a) host or (b) hostgroup edit forms. | ||||
| CVE-2015-3225 | 4 Debian, Opensuse, Rack Project and 1 more | 6 Debian Linux, Opensuse, Rack and 3 more | 2025-04-12 | N/A |
| lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | ||||
| CVE-2013-6640 | 2 Google, Redhat | 5 Chrome, V8, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index. | ||||
| CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 6 Debian Linux, Chrome, Node.js and 3 more | 2025-04-11 | N/A |
| Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
| CVE-2013-6459 | 2 Mislav Marohnic, Redhat | 3 Will Paginate, Satellite, Satellite Capsule | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | ||||
| CVE-2013-2099 | 3 Canonical, Python, Redhat | 8 Ubuntu Linux, Python, Openstack and 5 more | 2025-04-11 | N/A |
| Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. | ||||
| CVE-2013-6639 | 2 Google, Redhat | 5 Chrome, V8, Rhel Software Collections and 2 more | 2025-04-11 | N/A |
| The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index. | ||||
| CVE-2013-6650 | 4 Debian, Google, Opensuse and 1 more | 6 Debian Linux, Chrome, Opensuse and 3 more | 2025-04-11 | N/A |
| The StoreBuffer::ExemptPopularPages function in store-buffer.cc in Google V8 before 3.22.24.16, as used in Google Chrome before 32.0.1700.102, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors that trigger incorrect handling of "popular pages." | ||||
| CVE-2009-3555 | 9 Apache, Canonical, Debian and 6 more | 15 Http Server, Ubuntu Linux, Debian Linux and 12 more | 2025-04-09 | N/A |
| The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. | ||||
| CVE-2023-23969 | 3 Debian, Djangoproject, Redhat | 5 Debian Linux, Django, Rhui and 2 more | 2025-03-27 | 7.5 High |
| In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | ||||
| CVE-2023-24580 | 3 Debian, Djangoproject, Redhat | 6 Debian Linux, Django, Ansible Automation Platform and 3 more | 2025-03-18 | 7.5 High |
| An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | ||||