Export limit exceeded: 362717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1820 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2025-04-20 N/A
REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect.
CVE-2022-40899 2 Pythoncharmers, Redhat 4 Python-future, Rhui, Satellite and 1 more 2025-04-15 7.5 High
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
CVE-2022-4130 1 Redhat 3 Satellite, Satellite Capsule, Satellite Utils 2025-04-14 4.5 Medium
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
CVE-2015-0284 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2016-6346 1 Redhat 6 Jboss Bpms, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more 2025-04-12 N/A
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-6320 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form.
CVE-2016-6319 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
CVE-2016-4995 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly restrict access to preview provisioning templates, which allows remote authenticated users with permission to view some hosts to obtain sensitive host configuration information via a URL with a hostname.
CVE-2015-0223 2 Apache, Redhat 4 Qpid, Enterprise Mrg, Satellite and 1 more 2025-04-12 N/A
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling.
CVE-2016-4475 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
The (1) Organization and (2) Locations APIs and UIs in Foreman before 1.11.4 and 1.12.x before 1.12.0-RC3 allow remote authenticated users to bypass organization and location restrictions and (a) read, (b) edit, or (c) delete arbitrary organizations or locations via unspecified vectors.
CVE-2016-4451 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 and 1.12.x before 1.12.0-RC1 allow remote authenticated users with unlimited filters to bypass organization and location restrictions and read or modify data for an arbitrary organization by leveraging knowledge of the id of that organization.
CVE-2013-1869 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2025-04-12 N/A
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
CVE-2016-3728 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATH_INFO to tftp/.
CVE-2016-3693 2 Redhat, Safemode Project 3 Satellite, Satellite Capsule, Safemode 2025-04-12 N/A
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.
CVE-2014-7812 2 Redhat, Suse 4 Network Satellite, Satellite, Spacewalk and 1 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2016-3097 1 Redhat 2 Network Satellite, Satellite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
CVE-2016-3080 1 Redhat 2 Network Satellite, Satellite 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
CVE-2016-3079 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
CVE-2014-3691 2 Redhat, Theforeman 5 Openstack, Openstack-installer, Satellite and 2 more 2025-04-12 N/A
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
CVE-2016-3072 2 Katello, Redhat 3 Katello, Enterprise Linux, Satellite 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.