CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4320 – Satellite: arithmetic overflow in satellite
https://notcve.org/view.php?id=CVE-2023-4320
18 Dec 2023 — An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Se encontró una falla de desbordamiento aritmético en Satellite al crear un nuevo token de acceso personal. Esta falla permite a un atacante que utiliza este desbordamiento aritmético crear tokens de acceso personal que son válidos indefinidament... • https://access.redhat.com/errata/RHSA-2024:2010 • CWE-613: Insufficient Session Expiration •
CVSS: 7.4EPSS: 0%CPEs: 33EXPL: 0CVE-2019-0223 – qpid-proton: TLS Man in the Middle Vulnerability
https://notcve.org/view.php?id=CVE-2019-0223
23 Apr 2019 — While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. Mientras investigábamos el error PROTON-2014, descubrimos que en algunas circ... • http://www.openwall.com/lists/oss-security/2019/04/23/4 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3891 – candlepin: credentials exposure through log files
https://notcve.org/view.php?id=CVE-2019-3891
12 Apr 2019 — It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. Se descubrió que un archivo de registro de lectura para todos los usuarios, perteneciente al componente Candlepin de Red Hat Satelli... • https://access.redhat.com/errata/RHSA-2019:1222 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14666
https://notcve.org/view.php?id=CVE-2018-14666
22 Jan 2019 — An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions. Se ha encontrado un fallo de autorización incorrecta en la funcionalidad Smart Class en Foreman. Un atacante puede usarlo para cambiar la configuración de cualquier host que se encuentra registrado en Red Hat Satellite, independienteme... • http://www.securityfocus.com/bid/106490 • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2017-12175 – 6: XSS in discovery rule filter autocomplete functionality
https://notcve.org/view.php?id=CVE-2017-12175
26 Jul 2018 — Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. Red Hat Satellite en versiones anteriores a la 6.5 es vulnerable a Cross-Site Scripting (XSS) en la regla discovery cuando se introduce un filtro y se utiliza la funcionalidad de autocompletado. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a ... • http://www.securityfocus.com/bid/101245 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1090 – pulp: sensitive credentials revealed through the API
https://notcve.org/view.php?id=CVE-2018-1090
18 Jun 2018 — In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets. En Pulp en versiones anteriores a la 2.16.2, los secretos se pasan a override_config al desencadenar una tarea y después se vuelven legibles para todos los usuarios con acceso de lectura al distribuidor/importador. Un atacante con acceso a la API puede visualizar estos secreto... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 3%CPEs: 42EXPL: 0CVE-2018-10237 – guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service
https://notcve.org/view.php?id=CVE-2018-10237
26 Apr 2018 — Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. Asignación de memoria ... • http://www.securitytracker.com/id/1041707 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-5382 – Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions
https://notcve.org/view.php?id=CVE-2018-5382
16 Apr 2018 — The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and... • http://www.securityfocus.com/bid/103453 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-354: Improper Validation of Integrity Check Value •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1096 – foreman: SQL injection due to improper handling of the widget id parameter
https://notcve.org/view.php?id=CVE-2018-1096
05 Apr 2018 — An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database. Se ha encontrado un error de saneamiento de entradas en el campo id del controlador del panel de Foreman, en versiones anteriores a la 1.16.1. Un usuario podría emplear este error para realizar un ataque de inyección SQL en la base de datos del backend. An input sanitization flaw was found in the id field of the das... • http://projects.theforeman.org/issues/23028 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1097 – foreman: Ovirt admin password exposed by foreman API
https://notcve.org/view.php?id=CVE-2018-1097
04 Apr 2018 — A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource. Se ha descubierto un problema en versiones anteriores a la 1.16.1 de foreman. El problema permite que usuarios con permisos limitados para encender y apagar hosts oVirt/RHV descubran el nombre de usuario y la contraseña empleados para conectarse al recurso del ordenador. Red Hat Satellite is a systems... • https://access.redhat.com/errata/RHSA-2018:2927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •