Search Results (574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4386 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2012-1145 1 Redhat 3 Enterprise Linux, Network Satellite, Satellite 2025-04-11 N/A
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
CVE-2011-4346 1 Redhat 3 Enterprise Linux, Network Satellite, Satellite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
CVE-2013-4182 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4180 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-2882 4 Debian, Google, Nodejs and 1 more 6 Debian Linux, Chrome, Node.js and 3 more 2025-04-11 N/A
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2013-2121 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2012-6149 1 Redhat 4 Network Satellite, Satellite, Satellite 5 Managed Db and 1 more 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.
CVE-2012-1717 5 Linux, Oracle, Redhat and 2 more 23 Linux Kernel, Jdk, Jre and 20 more 2025-04-11 N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
CVE-2013-6640 2 Google, Redhat 5 Chrome, V8, Rhel Software Collections and 2 more 2025-04-11 N/A
The DehoistArrayIndex function in hydrogen-dehoist.cc (aka hydrogen.cc) in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
CVE-2013-2099 3 Canonical, Python, Redhat 8 Ubuntu Linux, Python, Openstack and 5 more 2025-04-11 N/A
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
CVE-2013-2056 1 Redhat 2 Network Satellite, Satellite 2025-04-11 N/A
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2013-1871 1 Redhat 2 Network Satellite, Satellite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2010-1171 1 Redhat 2 Network Satellite, Satellite 2025-04-11 N/A
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
CVE-2022-46648 3 Debian, Redhat, Ruby-git Project 3 Debian Linux, Satellite, Ruby-git 2025-04-04 8 High
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47318.
CVE-2022-47318 4 Debian, Fedoraproject, Redhat and 1 more 4 Debian Linux, Fedora, Satellite and 1 more 2025-04-04 8.8 High
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46648.
CVE-2023-23969 3 Debian, Djangoproject, Redhat 5 Debian Linux, Django, Rhui and 2 more 2025-03-27 7.5 High
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large.
CVE-2022-44566 2 Activerecord Project, Redhat 2 Activerecord, Satellite 2025-03-25 7.5 High
A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service.
CVE-2023-22792 2 Redhat, Rubyonrails 2 Satellite, Rails 2025-03-24 7.5 High
A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2023-24580 3 Debian, Djangoproject, Redhat 6 Debian Linux, Django, Ansible Automation Platform and 3 more 2025-03-18 7.5 High
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.