Search for packages
| purl | pkg:rpm/redhat/tfm-rubygem-foreman-redhat_access@2.0.13-1?arch=el7sat |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-18aq-72zg-3uc9
Aliases: CVE-2017-2295 |
puppet: Unsafe YAML deserialization | There are no reported fixed by versions. |
|
VCID-1fgf-s31g-pfac
Aliases: CVE-2014-8183 |
foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization | There are no reported fixed by versions. |
|
VCID-27wt-wmzc-1bc2
Aliases: CVE-2018-6188 GHSA-rf4j-j272-fj86 PYSEC-2018-4 |
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is inactive. | There are no reported fixed by versions. |
|
VCID-2y5d-qg7z-2kdg
Aliases: CVE-2017-5929 GHSA-vmfg-rjjm-rjrj |
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. | There are no reported fixed by versions. |
|
VCID-31h9-7jrr-9kdt
Aliases: CVE-2016-1000340 GHSA-r97x-3g8f-gx3m |
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | There are no reported fixed by versions. |
|
VCID-3j8j-qks5-m3ew
Aliases: CVE-2016-4451 |
foreman: privilege escalation through Organization and Locations API | There are no reported fixed by versions. |
|
VCID-3zeq-dyj1-8bdm
Aliases: CVE-2018-1097 |
foreman: Ovirt admin password exposed by foreman API | There are no reported fixed by versions. |
|
VCID-4d6e-mx3k-yqgk
Aliases: CVE-2016-7078 |
foreman: Information leak through organizations and locations feature | There are no reported fixed by versions. |
|
VCID-5434-f6g7-8kdw
Aliases: CVE-2015-3208 GHSA-x6rc-54xp-ccxx |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | There are no reported fixed by versions. |
|
VCID-6bhb-kgf4-abe7
Aliases: CVE-2016-8613 |
foreman: Stored XSS vulnerability in remote execution plugin | There are no reported fixed by versions. |
|
VCID-6hub-g2ja-afaw
Aliases: CVE-2016-3693 GHSA-c92m-rrrc-q5wf |
Information disclosure vulnerability safemode for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method. | There are no reported fixed by versions. |
|
VCID-6jdw-pp1b-1qan
Aliases: CVE-2016-9595 |
katello-debug: Possible symlink attacks due to use of predictable file names | There are no reported fixed by versions. |
|
VCID-73c1-6ytd-ykf9
Aliases: CVE-2018-1096 |
foreman: SQL injection due to improper handling of the widget id parameter | There are no reported fixed by versions. |
|
VCID-7zj1-ye9x-cueu
Aliases: CVE-2016-3696 |
pulp: Leakage of CA key in pulp-qpid-ssl-cfg | There are no reported fixed by versions. |
|
VCID-8fnw-r4f3-xqcg
Aliases: CVE-2017-2672 |
foreman: Image password leak | There are no reported fixed by versions. |
|
VCID-8xgm-pabz-hkeg
Aliases: CVE-2017-10689 GHSA-vw22-465p-8j5w |
Improper Privilege Management In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | There are no reported fixed by versions. |
|
VCID-am23-ncy4-27ck
Aliases: CVE-2017-15100 |
foreman: Stored XSS in fact name or value | There are no reported fixed by versions. |
|
VCID-asqu-5r9h-9yav
Aliases: CVE-2018-14623 GHSA-jx5v-788g-qw58 |
SQL Injection An SQL injection was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. | There are no reported fixed by versions. |
|
VCID-avsj-f1g8-yfen
Aliases: CVE-2016-6319 |
foreman: Persistent XSS in Foreman remote execution plugin | There are no reported fixed by versions. |
|
VCID-bdms-nb18-guf9
Aliases: CVE-2017-7233 GHSA-37hp-765x-j95x PYSEC-2017-9 |
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. | There are no reported fixed by versions. |
|
VCID-bvrv-wvt6-8yfy
Aliases: CVE-2017-2667 GHSA-77h8-xr85-3x5q |
Improper Certificate Validation Hammer CLI, a CLI utility for Foreman, does not explicitly set the `verify_ssl` flag for `apipie-bindings`. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. | There are no reported fixed by versions. |
|
VCID-cc8z-r1zy-23f2
Aliases: CVE-2016-4995 |
foreman: Information disclosure in provisioning template previews | There are no reported fixed by versions. |
|
VCID-ceub-d4s9-dkcd
Aliases: CVE-2017-15095 GHSA-h592-38cm-4ggp |
Deserialization of Untrusted Data A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the `readValue` method of the `ObjectMapper`. | There are no reported fixed by versions. |
|
VCID-crf9-zn1q-vya8
Aliases: CVE-2015-6644 |
Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | There are no reported fixed by versions. |
|
VCID-ddqw-aj7g-s7c2
Aliases: CVE-2016-1000341 GHSA-r9ch-m4fh-fc7q |
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. | There are no reported fixed by versions. |
|
VCID-dfb9-31gj-57fs
Aliases: CVE-2016-8634 |
foreman: Stored XSS in org/loc wizard | There are no reported fixed by versions. |
|
VCID-dh5x-wb2a-1ufj
Aliases: CVE-2013-6459 GHSA-8r6h-7x9g-xmw9 OSV-101138 |
XSS vulnerabiliy in generated pagination links The package will_paginate generate pagination links without escaping result. If user-controlled data is sent to will_paginate, there is a potential XSS vulnerability. | There are no reported fixed by versions. |
|
VCID-dtva-ze8n-vycd
Aliases: CVE-2016-4996 |
foreman: inside discovery-debug, the root password is displayed in plaintext | There are no reported fixed by versions. |
|
VCID-e488-4fjn-z3g2
Aliases: CVE-2016-7077 |
foreman: Foreman information leak through unauthorized multiple_checkboxes helper | There are no reported fixed by versions. |
|
VCID-egve-f1uw-nfff
Aliases: CVE-2016-9593 |
foreman-debug: missing obfuscation of sensitive information | There are no reported fixed by versions. |
|
VCID-f4qa-9fn6-97az
Aliases: CVE-2016-1000342 GHSA-qcj7-g2j5-g7r3 |
In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | There are no reported fixed by versions. |
|
VCID-f73y-mjrg-yfc9
Aliases: CVE-2016-1000344 GHSA-2j2x-hx4g-2gf4 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. | There are no reported fixed by versions. |
|
VCID-jae8-w85w-cyfu
Aliases: CVE-2018-7537 GHSA-2f9x-5v75-3qv4 PYSEC-2018-6 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | There are no reported fixed by versions. |
|
VCID-jr7u-m7gc-pydy
Aliases: CVE-2016-1000339 GHSA-c8xf-m4ff-jcxj |
In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate. | There are no reported fixed by versions. |
|
VCID-jua2-2byr-t3cv
Aliases: CVE-2016-1000338 GHSA-4vhj-98r6-424h |
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | There are no reported fixed by versions. |
|
VCID-ka8b-44hx-mkc5
Aliases: CVE-2016-1000352 GHSA-w285-wf9q-5w69 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider. | There are no reported fixed by versions. |
|
VCID-kra9-9yr7-nbg6
Aliases: CVE-2017-15699 |
Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect | There are no reported fixed by versions. |
|
VCID-kwyu-yq4w-kqe4
Aliases: CVE-2018-10237 GHSA-mvr2-9pj6-7w5j |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. | There are no reported fixed by versions. |
|
VCID-mv1p-yxvp-pbh6
Aliases: CVE-2018-7536 GHSA-r28v-mw67-m5p9 PYSEC-2018-5 |
An issue was discovered in Django 2.0 before 2.0.3, 1.11 before 1.11.11, and 1.8 before 1.8.19. The django.utils.html.urlize() function was extremely slow to evaluate certain inputs due to catastrophic backtracking vulnerabilities in two regular expressions (only one regular expression for Django 1.8.x). The urlize() function is used to implement the urlize and urlizetrunc template filters, which were thus vulnerable. | There are no reported fixed by versions. |
|
VCID-mwus-fmc5-27f2
Aliases: CVE-2017-12175 |
6: XSS in discovery rule filter autocomplete functionality | There are no reported fixed by versions. |
|
VCID-p8ab-a4gk-eyd2
Aliases: CVE-2016-1669 |
Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-pd7m-bhqf-kkge
Aliases: CVE-2017-7536 GHSA-xxgp-pcfc-3vgc |
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue(). | There are no reported fixed by versions. |
|
VCID-ph9r-qphf-8fam
Aliases: CVE-2016-3704 |
pulp: Unsafe use of bash $RANDOM for NSS DB password and seed | There are no reported fixed by versions. |
|
VCID-qr8s-5r61-skhw
Aliases: CVE-2016-1000345 GHSA-9gp4-qrff-c648 |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding. | There are no reported fixed by versions. |
|
VCID-sa68-rwqe-tfgp
Aliases: CVE-2016-8639 |
foreman: Stored XSS via organization/location with HTML in name | There are no reported fixed by versions. |
|
VCID-sg6x-y34w-37bc
Aliases: CVE-2018-1090 |
pulp: sensitive credentials revealed through the API | There are no reported fixed by versions. |
|
VCID-tnen-a68v-9bfk
Aliases: CVE-2016-1000343 GHSA-rrvx-pwf8-p59p |
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator. | There are no reported fixed by versions. |
|
VCID-w543-qxxs-f7g7
Aliases: CVE-2018-5382 GHSA-8477-3v39-ggpm |
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself. | There are no reported fixed by versions. |
|
VCID-wnjy-ggeb-eqcn
Aliases: CVE-2017-10690 |
puppet: Environment leakage in puppet-agent | There are no reported fixed by versions. |
|
VCID-xzbt-bkdp-8bgh
Aliases: CVE-2016-1000346 GHSA-fjqm-246c-mwqg |
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||