Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Capsule Subscriptions

Search

Switch to Advanced Search (Beta)
Total 286 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-7077 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 N/A
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6.
CVE-2016-10745 2 Palletsprojects, Redhat 9 Jinja, Enterprise Linux, Rhel Aus and 6 more 2024-11-21 N/A
In Pallets Jinja before 2.8.1, str.format allows a sandbox escape.
CVE-2015-0203 2 Apache, Redhat 4 Qpid, Enterprise Mrg, Satellite and 1 more 2024-11-21 N/A
The qpidd broker in Apache Qpid 0.30 and earlier allows remote authenticated users to cause a denial of service (daemon crash) via an AMQP message with (1) an invalid range in a sequence set, (2) content-bearing methods other than message-transfer, or (3) a session-gap control before a corresponding session-attach.
CVE-2014-8183 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2024-11-21 7.4 High
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
CVE-2014-3590 1 Redhat 2 Satellite, Satellite Capsule 2024-11-21 6.5 Medium
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVE-2024-8376 2 Eclipse, Redhat 3 Mosquitto, Satellite, Satellite Capsule 2024-11-15 7.5 High
In Eclipse Mosquitto up to version 2.0.18a, an attacker can achieve memory leaking, segmentation fault or heap-use-after-free by sending specific sequences of "CONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" packets.