cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T10:00:51.745Z,0
CVE-2024-7700,https://securityvulnerability.io/vulnerability/CVE-2024-7700,Unauthorized Command Execution via Host Registration,"A command injection vulnerability exists in the 'Host Init Config' template of the Foreman application. This flaw allows attackers with appropriate privileges to inject arbitrary commands via the 'Install Packages' field on the 'Register Host' page. While user interaction is required to execute the injected commands, it presents a substantial security risk if a user unknowingly runs the affected registration script. Mitigating this vulnerability is crucial for maintaining the integrity of host registration processes.",Red Hat,Red Hat Satellite 6,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-08-12T16:48:54.120Z,0
CVE-2023-50782,https://securityvulnerability.io/vulnerability/CVE-2023-50782,Remote Decryption Vulnerability in TLS Servers Using RSA Key Exchanges,"A vulnerability has been identified in the python-cryptography package that may allow remote attackers to decrypt captured messages during TLS sessions employing RSA key exchanges. This can lead to significant risks, including the unintended exposure of confidential or sensitive data. Given the widespread use of TLS for securing communications, it is crucial for users and administrators to evaluate their systems and apply necessary updates to mitigate this risk. The flaw underscores the importance of maintaining robust security measures while using cryptographic libraries.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Update Infrastructure 4 For Cloud Providers",7.5,HIGH,0.0015399999683722854,false,,false,false,false,,,false,false,,2024-02-05T20:45:49.705Z,0
CVE-2023-1832,https://securityvulnerability.io/vulnerability/CVE-2023-1832,Improper authorization check in the server component,"An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.",Red Hat,"Candlepin-4.3.7,Candlepin-4.3.8,Red Hat Satellite 6",6.8,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-10-04T14:15:00.000Z,0
CVE-2022-3874,https://securityvulnerability.io/vulnerability/CVE-2022-3874,Os command injection via ct_command and fcct_command,"A command injection vulnerability has been identified in Foreman, enabling an authenticated user with admin privileges to execute arbitrary commands through CoreOS and Fedora CoreOS templates. This issue can potentially compromise the underlying operating system, making it crucial for administrators to apply necessary updates and mitigate risks associated with this flaw.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2023-09-22T13:56:54.314Z,0
CVE-2023-0462,https://securityvulnerability.io/vulnerability/CVE-2023-0462,Arbitrary code execution through yaml global parameters,"An arbitrary code execution vulnerability exists in Foreman, potentially allowing an admin user to execute unauthorized commands on the operating system. This vulnerability can be exploited by manipulating global parameters with specially crafted YAML payloads, posing a significant risk to system integrity. Administrators are advised to apply the necessary security patches to mitigate this risk effectively.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.0011599999852478504,false,,false,false,false,,,false,false,,2023-09-20T14:15:00.000Z,0
CVE-2014-3590,https://securityvulnerability.io/vulnerability/CVE-2014-3590,,"Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.",Red Hat Satellite 6,Red Hat Satellite 6,6.5,MEDIUM,0.00171999994199723,false,,false,false,false,,,false,false,,2020-01-02T19:52:06.000Z,0