10 matches found
EUVD-2022-4457
Malicious code in bioql PyPI...
katello SQL Injection vulnerability
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
GHSA-JX5V-788G-QW58 katello SQL Injection vulnerability
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
katello SQL Injection vulnerability
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
Sql injection
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
CVE-2018-14623
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is...
CVE-2016-3072
Multiple SQL injection vulnerabilities in the scopedsearch function in app/controllers/katello/api/v2/apicontroller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the 1 sortby or 2 sortorder parameter...
CVE-2016-3072
CVE-2016-3072 is evidenced by multiple sources describing SQL injection in Katello’s API (scoped_search in app/controllers/katello/api/v2/api_controller.rb) allowing authenticated remote users to inject SQL via sort_by or sort_order. Connected advisories (GHSA-527R-MFMJ-PRQF, GHSA-JX5V-788G-QW58)...
RHEL 6 / 7 : ruby193-rubygem-katello (RHSA-2016:1083)
An update for ruby193-rubygem-katello is now available for Red Hat Satellite 6.1. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...