cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T10:00:51.745Z,0
CVE-2024-7923,https://securityvulnerability.io/vulnerability/CVE-2024-7923,Pulpcore Authentication Bypass Vulnerability Affects Satellite Deployments,"An authentication bypass vulnerability has been identified in Pulpcore, particularly affecting deployments running with Gunicorn versions prior to 22.0. This vulnerability is caused by the puppet-pulpcore configuration and Apache's mod_proxy failing to properly unset headers, which restricts underscores in HTTP headers. As a result, unauthorized users can exploit this flaw to gain administrative access to systems. The issue impacts all active Satellite deployments (versions 6.13, 6.14, and 6.15) that utilize Pulpcore version 3.0 and above. Organizations using these systems are strongly advised to review their configurations and implement necessary security measures.",Red Hat,"Red Hat Satellite 6.13 For Rhel 8,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",9.8,CRITICAL,0.0012400000123307109,false,false,false,false,,false,false,2024-09-04T14:15:00.000Z,0
CVE-2024-7700,https://securityvulnerability.io/vulnerability/CVE-2024-7700,Unauthorized Command Execution via Host Registration,"A command injection vulnerability exists in the 'Host Init Config' template of the Foreman application. This flaw allows attackers with appropriate privileges to inject arbitrary commands via the 'Install Packages' field on the 'Register Host' page. While user interaction is required to execute the injected commands, it presents a substantial security risk if a user unknowingly runs the affected registration script. Mitigating this vulnerability is crucial for maintaining the integrity of host registration processes.",Red Hat,Red Hat Satellite 6,6.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-12T16:48:54.120Z,0
CVE-2024-3716,https://securityvulnerability.io/vulnerability/CVE-2024-3716,Foreman-installer: candlepin database password being leaked to local users via the process list,A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.,Red Hat,Red Hat Satellite 6,6.2,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-06-05T15:15:00.000Z,0
CVE-2023-50782,https://securityvulnerability.io/vulnerability/CVE-2023-50782,Remote Decryption Vulnerability in TLS Servers Using RSA Key Exchanges,"A vulnerability has been identified in the python-cryptography package that may allow remote attackers to decrypt captured messages during TLS sessions employing RSA key exchanges. This can lead to significant risks, including the unintended exposure of confidential or sensitive data. Given the widespread use of TLS for securing communications, it is crucial for users and administrators to evaluate their systems and apply necessary updates to mitigate this risk. The flaw underscores the importance of maintaining robust security measures while using cryptographic libraries.",Red Hat,"Red Hat Ansible Automation Platform 2,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Satellite 6,Red Hat Update Infrastructure 4 For Cloud Providers",7.5,HIGH,0.0010600000387057662,false,false,false,false,,false,false,2024-02-05T20:45:49.705Z,0
CVE-2023-4320,https://securityvulnerability.io/vulnerability/CVE-2023-4320,Satellite: arithmetic overflow in satellite,"An arithmetic overflow flaw in Red Hat Satellite enables attackers to generate personal access tokens that remain valid indefinitely. This vulnerability compromises the system's integrity by allowing unauthorized access, which can lead to further exploitation of system resources and sensitive information. It is crucial to apply security patches and monitor access token validity to mitigate potential risks.",Red Hat,Red Hat Satellite 6.15 For Rhel 8,7.6,HIGH,0.0008099999977275729,false,false,false,false,,false,false,2023-12-18T14:15:00.000Z,0
CVE-2023-5189,https://securityvulnerability.io/vulnerability/CVE-2023-5189,Hub: insecure galaxy-importer tarfile extraction,"A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.",Red Hat,"Red Hat Ansible Automation Platform 2.4 For Rhel 8,Red Hat Ansible Automation Platform 2.4 For Rhel 9,Red Hat Satellite 6.14 For Rhel 8,Red Hat Satellite 6.15 For Rhel 8",6.5,MEDIUM,0.001290000043809414,false,false,false,false,,false,false,2023-11-14T23:15:00.000Z,0
CVE-2023-1832,https://securityvulnerability.io/vulnerability/CVE-2023-1832,Improper authorization check in the server component,"An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.",Red Hat,"Candlepin-4.3.7,Candlepin-4.3.8,Red Hat Satellite 6",6.8,MEDIUM,0.0007399999885819852,false,false,false,false,,false,false,2023-10-04T14:15:00.000Z,0
CVE-2023-4886,https://securityvulnerability.io/vulnerability/CVE-2023-4886,Foreman: world readable file containing secrets,"A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.",Red Hat,"Red Hat Satellite 6.13 For Rhel 8,Red Hat Satellite 6.14 For Rhel 8",6.7,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2023-10-03T15:15:00.000Z,0
CVE-2022-3874,https://securityvulnerability.io/vulnerability/CVE-2022-3874,Os command injection via ct_command and fcct_command,"A command injection vulnerability has been identified in Foreman, enabling an authenticated user with admin privileges to execute arbitrary commands through CoreOS and Fedora CoreOS templates. This issue can potentially compromise the underlying operating system, making it crucial for administrators to apply necessary updates and mitigate risks associated with this flaw.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.001019999966956675,false,false,false,false,,false,false,2023-09-22T13:56:54.314Z,0
CVE-2023-0118,https://securityvulnerability.io/vulnerability/CVE-2023-0118,Arbitrary code execution through templates,"An arbitrary code execution vulnerability has been identified in Foreman, allowing an admin user to bypass safe mode in templates. This potentially malicious action enables the execution of arbitrary code on the underlying operating system, creating severe risks for system integrity and security. It is crucial for administrators to address this issue promptly to safeguard their environments.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",9.1,CRITICAL,0.0016799999866634607,false,false,false,false,,false,false,2023-09-20T14:15:00.000Z,0
CVE-2023-0462,https://securityvulnerability.io/vulnerability/CVE-2023-0462,Arbitrary code execution through yaml global parameters,"An arbitrary code execution vulnerability exists in Foreman, potentially allowing an admin user to execute unauthorized commands on the operating system. This vulnerability can be exploited by manipulating global parameters with specially crafted YAML payloads, posing a significant risk to system integrity. Administrators are advised to apply the necessary security patches to mitigate this risk effectively.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2023-09-20T14:15:00.000Z,0
CVE-2023-0119,https://securityvulnerability.io/vulnerability/CVE-2023-0119,Stored cross-site scripting in host tab,"A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",5.4,MEDIUM,0.0011699999449774623,false,false,false,false,,false,false,2023-09-12T16:15:00.000Z,0
CVE-2014-3590,https://securityvulnerability.io/vulnerability/CVE-2014-3590,,"Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.",Red Hat Satellite 6,Red Hat Satellite 6,6.5,MEDIUM,0.00171999994199723,false,false,false,false,,false,false,2020-01-02T19:52:06.000Z,0
CVE-2017-7513,https://securityvulnerability.io/vulnerability/CVE-2017-7513,,It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.,Red Hat,Red Hat Satellite,5.4,MEDIUM,0.0006600000197067857,false,false,false,false,,false,false,2018-08-22T15:00:00.000Z,0
CVE-2017-7514,https://securityvulnerability.io/vulnerability/CVE-2017-7514,,A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.,Red Hat,Red Hat Satellite,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2018-07-30T13:00:00.000Z,0
CVE-2017-12175,https://securityvulnerability.io/vulnerability/CVE-2017-12175,,Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.,Red Hat,Satellite,3.5,LOW,0.001990000018849969,false,false,false,false,,false,false,2018-07-26T17:00:00.000Z,0
CVE-2017-7538,https://securityvulnerability.io/vulnerability/CVE-2017-7538,,"A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.",Red Hat,Satellite,3.5,LOW,0.0007699999841861427,false,false,false,false,,false,false,2018-07-26T15:00:00.000Z,0
CVE-2017-15136,https://securityvulnerability.io/vulnerability/CVE-2017-15136,,When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.,Red Hat,Satellite 6,2.7,LOW,0.0007699999841861427,false,false,false,false,,false,false,2018-02-27T21:00:00.000Z,0