Filtered by vendor Redhat
Subscriptions
Filtered by product Satellite
Subscriptions
Total
546 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23518 | 4 Debian, Loofah Project, Redhat and 1 more | 4 Debian Linux, Loofah, Satellite and 1 more | 2025-02-13 | 6.1 Medium |
| rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4. | ||||
| CVE-2022-23517 | 3 Debian, Redhat, Rubyonrails | 3 Debian Linux, Satellite, Rails Html Sanitizers | 2025-02-13 | 7.5 High |
| rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4. | ||||
| CVE-2022-23515 | 3 Debian, Loofah Project, Redhat | 3 Debian Linux, Loofah, Satellite | 2025-02-13 | 6.1 Medium |
| Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1. | ||||
| CVE-2019-0231 | 2 Apache, Redhat | 6 Mina, Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform and 3 more | 2025-02-13 | 7.5 High |
| Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA. | ||||
| CVE-2015-3208 | 1 Redhat | 1 Satellite | 2025-02-13 | N/A |
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2023-27530 | 3 Debian, Rack, Redhat | 6 Debian Linux, Rack, Enterprise Linux and 3 more | 2025-02-13 | 7.5 High |
| A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | ||||
| CVE-2019-16782 | 4 Fedoraproject, Opensuse, Rack and 1 more | 6 Fedora, Leap, Rack and 3 more | 2025-02-13 | 6.3 Medium |
| There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison. | ||||
| CVE-2022-44570 | 2 Rack, Redhat | 3 Rack, Satellite, Satellite Capsule | 2025-02-13 | 7.5 High |
| A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. | ||||
| CVE-2022-44571 | 2 Rack, Redhat | 3 Rack, Satellite, Satellite Capsule | 2025-02-13 | 7.5 High |
| There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. | ||||
| CVE-2022-44572 | 2 Rack, Redhat | 3 Rack, Satellite, Satellite Capsule | 2025-02-13 | 7.5 High |
| A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. | ||||
| CVE-2024-56374 | 1 Redhat | 4 Ansible Automation Platform, Discovery, Satellite and 1 more | 2025-02-12 | 5.8 Medium |
| An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | ||||
| CVE-2024-3716 | 1 Redhat | 1 Satellite | 2025-02-08 | 6.2 Medium |
| A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. | ||||
| CVE-2024-26130 | 2 Cryptography.io, Redhat | 5 Cryptography, Ansible Automation Platform, Rhui and 2 more | 2025-02-05 | 7.5 High |
| cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. | ||||
| CVE-2023-1894 | 2 Puppet, Redhat | 4 Puppet Enterprise, Puppet Server, Satellite and 1 more | 2025-01-29 | 5.3 Medium |
| A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | ||||
| CVE-2023-31047 | 3 Djangoproject, Fedoraproject, Redhat | 5 Django, Fedora, Rhui and 2 more | 2025-01-29 | 9.8 Critical |
| In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | ||||
| CVE-2023-27539 | 1 Redhat | 5 Enterprise Linux, Logging, Rhel Eus and 2 more | 2025-01-09 | 5.3 Medium |
| There is a denial of service vulnerability in the header parsing component of Rack. | ||||
| CVE-2024-7143 | 2 Pulpproject, Redhat | 6 Pulp, Ansible Automation Platform, Ansible Automation Platform Developer and 3 more | 2024-12-31 | 8.3 High |
| A flaw was found in the Pulp package. When a role-based access control (RBAC) object in Pulp is set to assign permissions on its creation, it uses the `AutoAddObjPermsMixin` (typically the add_roles_for_object_creator method). This method finds the object creator by checking the current authenticated user. For objects that are created within a task, this current user is set by the first user with any permissions on the task object. This means the oldest user with model/domain-level task permissions will always be set as the current user of a task, even if they didn't dispatch the task. Therefore, all objects created in tasks will have their permissions assigned to this oldest user, and the creating user will receive nothing. | ||||
| CVE-2024-7012 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2024-12-31 | 9.8 Critical |
| An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. | ||||
| CVE-2024-7700 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-12-30 | 6.5 Medium |
| A command injection flaw was found in the "Host Init Config" template in the Foreman application via the "Install Packages" field on the "Register Host" page. This flaw allows an attacker with the necessary privileges to inject arbitrary commands into the configuration, potentially allowing unauthorized command execution during host registration. Although this issue requires user interaction to execute injected commands, it poses a significant risk if an unsuspecting user runs the generated registration script. | ||||
| CVE-2024-56326 | 1 Redhat | 14 Ansible Automation Platform, Discovery, Enterprise Linux and 11 more | 2024-12-27 | 7.8 High |
| Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. | ||||