193 matches found
pulp-consumer-client design flaws
pulp-consumer-client is a client for the Pulp platform codebase from the Pulp team. A design vulnerability exists in pulp-consumer-client versions 2.4.0 through 2.6.3, which stems from the program's failure to detect the server's TLS certificate signature. An attacker can exploit the vulnerabilit...
CVE-2015-5263
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...
Design/Logic Flaw
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...
CVE-2015-5263
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...
Unspecified Vulnerability in Red Hat Satellite
Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite version 6. A local...
CVE-2015-5153
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name...
CVE-2015-5153
CVE-2015-5153 affects Pulp: when named objects are deleted, permissions are not removed, enabling an authenticated user to gain the privileges of the deleted object by creating a new object with the same name. Root cause: leftover permissions on deleted objects. Documents describe the issue and p...
CVE-2015-5153
Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name...
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...
Code injection
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...
CVE-2016-3704
Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...
CVE-2016-3704
CVE-2016-3704 affects Pulp prior to 2.8.5, arising from the unsafe use of bash $RANDOM to generate NSS DB passwords/seeds. This Legacy issue is documented in Red Hat/Satellite advisories and Fedora/OpenVAS entries; exploitation details are not described in the provided docs. Remediation per sourc...
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...
Code injection
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...
CVE-2016-3696
CVE-2016-3696 concerns Pulp prior to 2.8.5 where the pulp-qpid-ssl-cfg script can leak the CA key to local users. The linked OpenVAS/NVD entries confirm exposure via the pulp-qpid-ssl-cfg handling, with impact limited to confidentiality of the CA key (no broader compromise described). Red Hat adv...
CVE-2016-3696
The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...
PT-2017-8413 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue arises from the unsafe use of bash's $RANDOM variable to generate passwords. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...
PT-2017-8411 · Pulp · Pulp
Name of the Vulnerable Software and Affected Versions: Pulp versions prior to 2.8.5 Description: The issue allows local users to obtain the CA key due to a problem in the pulp-qpid-ssl-cfg script. Recommendations: For versions prior to 2.8.5, update to version 2.8.5 or later to resolve the issue...