CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1090 – pulp: sensitive credentials revealed through the API
https://notcve.org/view.php?id=CVE-2018-1090
18 Jun 2018 — In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. En Pulp en versiones anteriores a la 2.16.2, los secretos se pasan a override_config al desencadenar una tarea y después se vuelven legibles para todos los usuarios con acceso de lectura al distribuidor/importador. Un atacante con acceso a la API puede visualizar estos secreto... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 3%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
26 Apr 2018 — Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria ... • http://www.securitytracker.com/id/1041707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-5382 – Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
https://notcve.org/view.php?id=CVE-2018-5382
16 Apr 2018 — The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and... • http://www.securityfocus.com/bid/103453 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1096 – foreman: SQL injection due to improper handling of the widget id parameter
https://notcve.org/view.php?id=CVE-2018-1096
05 Apr 2018 — An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. Se ha encontrado un error de saneamiento de entradas en el campo id del controlador del panel de Foreman, en versiones anteriores a la 1.16.1. Un usuario podría emplear este error para realizar un ataque de inyección SQL en la base de datos del backend. An input sanitization flaw was found in the id field of the das... • http://projects.theforeman.org/issues/23028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1097 – foreman: Ovirt admin password exposed by foreman API
https://notcve.org/view.php?id=CVE-2018-1097
04 Apr 2018 — A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. Se ha descubierto un problema en versiones anteriores a la 1.16.1 de foreman. El problema permite que usuarios con permisos limitados para encender y apagar hosts oVirt/RHV descubran el nombre de usuario y la contraseña empleados para conectarse al recurso del ordenador. Red Hat Satellite is a systems... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15136
https://notcve.org/view.php?id=CVE-2017-15136
27 Feb 2018 — When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates. Al registrar y activar un nuevo sistema en Red Hat Satellite 6, si el nombre de host del nuevo sistema se restablece al nombre de host de un sistema registrado previamente, este sistema anterior perderá el acceso a actualizaciones, incluyendo las de seguridad. • http://www.securityfocus.com/bid/103210 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-2667 – rubygem-hammer_cli: no verification of API server's SSL certificate
https://notcve.org/view.php?id=CVE-2017-2667
20 Feb 2018 — Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. Hammer CLI, una utilidad CLI para Foreman, en versiones anteriores a la 0.10.0, no estableció explícitamente la marca verify_ssl para apipie-bindings que lo deshabilita por defecto. Como resultado, los certificados del servidor no se comprueban y las ... • http://projects.theforeman.org/issues/19033 • CWE-295: Improper Certificate Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-2672 – foreman: Image password leak
https://notcve.org/view.php?id=CVE-2017-2672
20 Feb 2018 — A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log file would be able to view passwords for provisioned systems in the log file, allowing them to access those systems. Se ha encontrado un error en foreman en versiones anteriores a la 1.15 en el registro de adición y registro de imágenes. Un atacante con acceso al archivo de logs de foreman podría ver contraseñas para sistemas aprovisionados en el archivo de registro, lo... • http://www.securityfocus.com/bid/97526 • CWE-269: Improper Privilege Management CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8183 – foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization
https://notcve.org/view.php?id=CVE-2014-8183
20 Feb 2018 — It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. Se encontró que foreman, versiones 1.x.x anteriores a 1.15.6, en Satellite versión 6 no aplicaba apropiadamente los controles de acceso sobre ciertos recursos. Un atacante con acceso a la API y conocimiento del nombre del recurso puede acceder a recursos en otra... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8183 • CWE-284: Improper Access Control •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8639 – foreman: Stored XSS via organization/location with HTML in name
https://notcve.org/view.php?id=CVE-2016-8639
20 Feb 2018 — It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface. Se ha detectado que Foreman en versiones anteriores a la 1.13.0 es vulnerable a Cross-Site Scripting (XSS) persistente mediante un nombre de organización o ubicación. Esto podría permitir que un atacante con privilegios para establecer el no... • http://www.securityfocus.com/bid/94263 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •