Lucene search

K
RedhatSatellite

29 matches found

CVE
CVE
added 2017/05/23 4:29 a.m.860 views

CVE-2016-9843

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

9.8CVSS9.9AI score0.09233EPSS
CVE
CVE
added 2017/05/23 4:29 a.m.511 views

CVE-2016-9841

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

9.8CVSS9.9AI score0.20848EPSS
CVE
CVE
added 2018/10/17 1:31 a.m.408 views

CVE-2018-3183

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network ...

9CVSS8.8AI score0.00226EPSS
CVE
CVE
added 2018/02/06 3:29 p.m.244 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS9.2AI score0.77336EPSS
CVE
CVE
added 2019/07/02 8:15 p.m.184 views

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary...

9.8CVSS9.6AI score0.08937EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.182 views

CVE-2017-10087

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple ...

9.6CVSS9AI score0.00416EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.177 views

CVE-2017-10090

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco...

9.6CVSS9AI score0.00416EPSS
CVE
CVE
added 2017/03/13 6:59 a.m.176 views

CVE-2017-5929

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

9.8CVSS9.2AI score0.16014EPSS
CVE
CVE
added 2023/09/20 2:15 p.m.176 views

CVE-2023-0118

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

9.1CVSS9.4AI score0.00035EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.172 views

CVE-2017-10346

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...

9.6CVSS9.1AI score0.00416EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.171 views

CVE-2017-10107

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoc...

9.6CVSS9AI score0.00416EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.169 views

CVE-2017-10102

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot...

9CVSS8.7AI score0.00525EPSS
CVE
CVE
added 2017/10/19 5:29 p.m.165 views

CVE-2017-10285

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pro...

9.6CVSS9AI score0.00393EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.163 views

CVE-2017-10096

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto...

9.6CVSS9.1AI score0.00416EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.163 views

CVE-2017-10110

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attac...

9.6CVSS9.1AI score0.00365EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.162 views

CVE-2017-10089

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful a...

9.6CVSS9.1AI score0.00416EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.162 views

CVE-2017-10101

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple proto...

9.6CVSS9AI score0.00365EPSS
CVE
CVE
added 2018/08/09 8:29 p.m.157 views

CVE-2018-10931

It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon.

9.8CVSS9.4AI score0.67782EPSS
CVE
CVE
added 2023/09/22 2:15 p.m.136 views

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating syste...

9.1CVSS8.8AI score0.00171EPSS
CVE
CVE
added 2023/09/20 2:15 p.m.128 views

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

9.1CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.114 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.94 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

9.1CVSS9AI score0.005EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.89 views

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

9.8CVSS6.2AI score0.00762EPSS
CVE
CVE
added 2024/09/04 2:15 p.m.89 views

CVE-2024-7012

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authen...

9.8CVSS9.5AI score0.00655EPSS
CVE
CVE
added 2024/09/04 2:15 p.m.89 views

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allow...

9.8CVSS9.5AI score0.00455EPSS
CVE
CVE
added 2021/12/23 8:15 p.m.68 views

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of ...

9CVSS7.5AI score0.00725EPSS
CVE
CVE
added 2016/06/06 5:59 p.m.66 views

CVE-2015-5041

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

9.1CVSS8.7AI score0.01297EPSS
CVE
CVE
added 2018/07/27 1:29 p.m.56 views

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

9.8CVSS9.2AI score0.01046EPSS
CVE
CVE
added 2008/08/14 8:41 p.m.51 views

CVE-2008-2369

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

9.1CVSS9.2AI score0.00616EPSS