Lucene search
K

195 matches found

NVD
NVD
added 2017/10/18 4:29 p.m.21 views

CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

9CVSS7.1AI score0.03956EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/10/18 4:0 p.m.18 views

CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp...

7.1AI score0.03956EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/12 12:0 a.m.3 views

pulp-consumer-client design flaws

pulp-consumer-client is a client for the Pulp platform codebase from the Pulp team. A design vulnerability exists in pulp-consumer-client versions 2.4.0 through 2.6.3, which stems from the program's failure to detect the server's TLS certificate signature. An attacker can exploit the vulnerabilit...

8.1CVSS8.1AI score0.00866EPSS
Exploits0References1
Prion
Prion
added 2017/09/25 9:29 p.m.78 views

Design/Logic Flaw

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...

6.8CVSS7.1AI score0.00866EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2017/09/25 9:29 p.m.16 views

CVE-2015-5263

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...

8.1CVSS8.1AI score0.00866EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/09/25 9:0 p.m.19 views

CVE-2015-5263

pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration...

8.2AI score0.00866EPSS
Exploits0References4
CNVD
CNVD
added 2017/08/30 12:0 a.m.2 views

Unspecified Vulnerability in Red Hat Satellite

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite version 6. A local...

6.1CVSS6.1AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2017/08/18 6:29 p.m.13 views

CVE-2015-5153

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name...

8.8CVSS8.8AI score0.01204EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/08/18 6:0 p.m.14 views

CVE-2015-5153

Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name...

8.8AI score0.01204EPSS
Exploits0References1
CVE
CVE
added 2017/08/18 6:0 p.m.47 views

CVE-2015-5153

CVE-2015-5153 affects Pulp: when named objects are deleted, permissions are not removed, enabling an authenticated user to gain the privileges of the deleted object by creating a new object with the same name. Root cause: leftover permissions on deleted objects. Documents describe the issue and p...

8.8CVSS8.7AI score0.01204EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2017/06/13 5:29 p.m.17 views

Code injection

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...

5CVSS6.8AI score0.0198EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2017/06/13 5:29 p.m.20 views

CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...

7.5CVSS7.7AI score0.0198EPSS
Exploits0References7
OSV
OSV
added 2017/06/13 5:29 p.m.20 views

CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...

7.5CVSS6.6AI score
Exploits0References7
CVE
CVE
added 2017/06/13 5:0 p.m.70 views

CVE-2016-3704

CVE-2016-3704 affects Pulp prior to 2.8.5, arising from the unsafe use of bash $RANDOM to generate NSS DB passwords/seeds. This Legacy issue is documented in Red Hat/Satellite advisories and Fedora/OpenVAS entries; exploitation details are not described in the provided docs. Remediation per sourc...

7.5CVSS7.2AI score0.0198EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2017/06/13 5:0 p.m.26 views

CVE-2016-3704

Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate passwords...

7.5AI score0.0198EPSS
Exploits0References7
Prion
Prion
added 2017/06/13 4:29 p.m.19 views

Code injection

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

2.1CVSS6.4AI score0.00352EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2017/06/13 4:29 p.m.14 views

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

5.5CVSS6.2AI score0.00352EPSS
Exploits0References5
NVD
NVD
added 2017/06/13 4:29 p.m.20 views

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

5.5CVSS6AI score0.00352EPSS
Exploits0References5
CVE
CVE
added 2017/06/13 4:0 p.m.74 views

CVE-2016-3696

CVE-2016-3696 concerns Pulp prior to 2.8.5 where the pulp-qpid-ssl-cfg script can leak the CA key to local users. The linked OpenVAS/NVD entries confirm exposure via the pulp-qpid-ssl-cfg handling, with impact limited to confidentiality of the CA key (no broader compromise described). Red Hat adv...

5.5CVSS5.9AI score0.00352EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/06/13 4:0 p.m.27 views

CVE-2016-3696

The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users to obtain the CA key...

6.1AI score0.00352EPSS
Exploits0References5
Rows per page
Query Builder