CVSS: 6.4EPSS: 0%CPEs: 28EXPL: 0CVE-2023-1932 – Hibernate-validator: rendering of invalid html with safehtml leads to html injection and xss
https://notcve.org/view.php?id=CVE-2023-1932
07 Nov 2024 — A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks. Se encontró una falla en el método 'isValid' de hibernate-validator en la clase org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator, que se puede evitar omitiendo la ... • https://access.redhat.com/security/cve/CVE-2023-1932 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 34EXPL: 0CVE-2024-9355 – Golang-fips: golang fips zeroed buffer
https://notcve.org/view.php?id=CVE-2024-9355
01 Oct 2024 — A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This... • https://access.redhat.com/security/cve/CVE-2024-9355 • CWE-457: Use of Uninitialized Variable •
CVSS: 9.8EPSS: 94%CPEs: 444EXPL: 19CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8162 – Satellite5: RPC API XML External Entities file disclosure
https://notcve.org/view.php?id=CVE-2014-8162
11 May 2015 — XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors. Vulnerabilidad de entidad externa XML (XXE) en la interfaz RPC en Spacewalk y Red Hat Network (RHN) Satellite 5.7 y anteriores permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a través de vectores desconocidos. It was found that the ... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7811 – Spacewalk: multiple XSS
https://notcve.org/view.php?id=CVE-2014-7811
12 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. Múltiples vulnerabilidades de XSS en Spacewalk y Red Hat Network (RHN) Satellite anterior a 5.7.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de datos XML manipulados en la API REST. Red Hat Satellite provides a solution to org... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 2CVE-2010-2236
https://notcve.org/view.php?id=CVE-2010-2236
15 Apr 2014 — The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks. La consola de sensores de monitorización en spacewalk-java anterior a 2.1.148-1 y Red Hat Network (RHN) Satellite 4.0.0 hasta 4.2.0 y 5.1.0 hasta 5.3.0 y Proxy 5.3.0, permite a usuarios remotos ... • http://secunia.com/advisories/56952 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 61%CPEs: 2EXPL: 5CVE-2013-2143 – Katello (RedHat Satellite) - users/update_roles Missing Authorisation
https://notcve.org/view.php?id=CVE-2013-2143
25 Mar 2014 — The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. El controlador de usuarios en Katello 1.5.0-14 y anteriores, y Red Hat Satellite, no comprueba autorización para la acción update_roles, lo que permite a usuarios remotos autenticados ganar privilegios mediante la configuración de una cuenta de usuario hacia una ... • https://packetstorm.news/files/id/125866 • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-1594 – Spacewalk: login page open redirect via url_bounce
https://notcve.org/view.php?id=CVE-2011-1594
05 Feb 2014 — Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. Vulnerabilidad de redirección abierta en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y efectuar ataques de phishing a través de una URL en el parámetro url_bounce. • http://www.redhat.com/support/errata/RHSA-2011-1299.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0059 – Spacewalk: RHN user password disclosure upon failed system registration
https://notcve.org/view.php?id=CVE-2012-0059
05 Feb 2014 — Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. El backend de Spacewalk en Red Hat Network (RHN) Satellite y Proxy 5.4 incluye contraseñas de usuario en texto claro en un mensaje de error cuando la llamada XML-RPC del registro del sistema falla, permite a administradores remotos obtene... • http://rhn.redhat.com/errata/RHSA-2012-0101.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2919 – Spacewalk: XSS on SystemGroupList.do page
https://notcve.org/view.php?id=CVE-2011-2919
05 Feb 2014 — Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. Vulnerabilidad de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web o HTML a través de QueryString hacia la página SystemGroupList.do. • http://www.redhat.com/support/errata/RHSA-2011-1299.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •