Lucene search

K

43 matches found

CVE
CVE
added 2019/04/23 7:32 p.m.733 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS5.7AI score0.01345EPSS
CVE
CVE
added 2019/02/04 8:29 a.m.690 views

CVE-2019-7317

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.

5.3CVSS6.3AI score0.00576EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.496 views

CVE-2019-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via mult...

7.5CVSS6.8AI score0.00123EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.446 views

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.7AI score0.03661EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.378 views

CVE-2019-2975

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

5.8CVSS4.8AI score0.0028EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.371 views

CVE-2019-2422

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co...

3.1CVSS2.4AI score0.00128EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.330 views

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.4CVSS3.6AI score0.00183EPSS
CVE
CVE
added 2019/04/23 7:32 p.m.322 views

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.5AI score0.07658EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.315 views

CVE-2019-2769

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.002EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.315 views

CVE-2019-2973

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00311EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.306 views

CVE-2019-2945

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

3.1CVSS3.8AI score0.00265EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.290 views

CVE-2019-2978

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...

4.3CVSS4AI score0.00265EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.288 views

CVE-2019-2999

Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS4.9AI score0.02646EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.287 views

CVE-2019-2964

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multi...

4.3CVSS3.9AI score0.00257EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.286 views

CVE-2019-2816

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access v...

5.8CVSS4.2AI score0.0012EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.283 views

CVE-2019-2988

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00286EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.275 views

CVE-2019-2983

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via mul...

4.3CVSS4AI score0.00257EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.270 views

CVE-2019-2981

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple pro...

4.3CVSS4AI score0.00249EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.269 views

CVE-2019-2962

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00257EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.265 views

CVE-2019-2992

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple proto...

4.3CVSS4AI score0.00672EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.262 views

CVE-2019-2762

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected are Java SE: 7u221, 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...

5.3CVSS4.6AI score0.00113EPSS
CVE
CVE
added 2019/07/02 8:15 p.m.184 views

CVE-2019-10137

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary...

9.8CVSS9.6AI score0.08937EPSS
CVE
CVE
added 2019/07/02 8:15 p.m.179 views

CVE-2019-10136

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.

4.3CVSS4.3AI score0.00102EPSS
CVE
CVE
added 2019/04/23 4:29 p.m.145 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS
CVE
CVE
added 2019/01/16 7:30 p.m.139 views

CVE-2019-2449

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks requ...

3.1CVSS4.3AI score0.03459EPSS
CVE
CVE
added 2019/10/16 6:15 p.m.128 views

CVE-2019-2996

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u221; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compr...

4.2CVSS4.5AI score0.0332EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.114 views

CVE-2018-12547

In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code.

9.8CVSS7AI score0.00834EPSS
CVE
CVE
added 2019/04/19 2:29 p.m.112 views

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

7.5CVSS7.6AI score0.01619EPSS
CVE
CVE
added 2019/07/31 10:15 p.m.104 views

CVE-2019-10198

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if...

6.5CVSS6.9AI score0.01182EPSS
CVE
CVE
added 2019/04/11 3:29 p.m.99 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this fla...

8CVSS7.5AI score0.00085EPSS
CVE
CVE
added 2019/10/17 6:15 p.m.94 views

CVE-2019-17631

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

9.1CVSS9AI score0.005EPSS
CVE
CVE
added 2019/02/11 3:29 p.m.89 views

CVE-2018-12549

In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.

9.8CVSS6.2AI score0.00762EPSS
CVE
CVE
added 2019/07/30 2:15 p.m.77 views

CVE-2019-11775

All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the mod...

7.4CVSS8.2AI score0.01505EPSS
CVE
CVE
added 2019/04/15 12:31 p.m.70 views

CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching pa...

7.8CVSS7.4AI score0.00042EPSS
CVE
CVE
added 2019/01/13 2:29 a.m.66 views

CVE-2018-16887

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to mali...

5.4CVSS5.4AI score0.00261EPSS
CVE
CVE
added 2019/12/02 7:15 p.m.63 views

CVE-2012-5562

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

6.5CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2019/08/01 2:15 p.m.63 views

CVE-2014-8183

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

7.4CVSS7.3AI score0.00153EPSS
CVE
CVE
added 2019/04/09 4:29 p.m.61 views

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control...

4.9CVSS5.5AI score0.01281EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.46 views

CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

5.5CVSS5.5AI score0.00104EPSS
CVE
CVE
added 2019/01/22 3:29 p.m.44 views

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

7.2CVSS6.8AI score0.00353EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.41 views

CVE-2013-2101

Katello has multiple XSS issues in various entities

5.4CVSS5.2AI score0.00261EPSS