Filtered by vendor Redhat
Subscriptions
Filtered by product Satellite
Subscriptions
Total
552 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12790 | 1 Redhat | 1 Satellite | 2025-11-08 | 7.4 High |
| A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack. | ||||
| CVE-2024-11831 | 1 Redhat | 34 Acm, Advanced Cluster Security, Ansible Automation Platform and 31 more | 2025-11-06 | 5.4 Medium |
| A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package. | ||||
| CVE-2025-10622 | 1 Redhat | 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more | 2025-11-06 | 8 High |
| A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting. | ||||
| CVE-2023-50471 | 2 Davegamble, Redhat | 3 Cjson, Satellite, Satellite Capsule | 2025-11-04 | 7.5 High |
| cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. | ||||
| CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 367 Http Server, Opensearch Data Prepper, Apisix and 364 more | 2025-11-04 | 7.5 High |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| CVE-2024-28219 | 3 Debian, Python, Redhat | 6 Debian Linux, Pillow, Ansible Automation Platform and 3 more | 2025-11-04 | 6.7 Medium |
| In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy. | ||||
| CVE-2024-27351 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2025-11-04 | 5.3 Medium |
| In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. | ||||
| CVE-2024-24680 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. | ||||
| CVE-2023-49082 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2025-11-04 | 5.3 Medium |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0. | ||||
| CVE-2023-49081 | 2 Aiohttp, Redhat | 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more | 2025-11-04 | 7.2 High |
| aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0. | ||||
| CVE-2023-43665 | 3 Djangoproject, Fedoraproject, Redhat | 6 Django, Fedora, Ansible Automation Platform and 3 more | 2025-11-04 | 7.5 High |
| In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | ||||
| CVE-2023-41164 | 3 Djangoproject, Fedoraproject, Redhat | 6 Django, Fedora, Ansible Automation Platform and 3 more | 2025-11-04 | 7.5 High |
| In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | ||||
| CVE-2023-36053 | 4 Debian, Djangoproject, Fedoraproject and 1 more | 8 Debian Linux, Django, Fedora and 5 more | 2025-11-04 | 7.5 High |
| In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | ||||
| CVE-2024-42005 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Discovery and 3 more | 2025-11-04 | 9.8 Critical |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. QuerySet.values() and values_list() methods on models with a JSONField are subject to SQL injection in column aliases via a crafted JSON object key as a passed *arg. | ||||
| CVE-2024-41991 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Discovery and 3 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget, are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. | ||||
| CVE-2024-39614 | 2 Djangoproject, Redhat | 6 Django, Ansible Automation Platform, Openstack and 3 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. get_supported_language_variant() was subject to a potential denial-of-service attack when used with very long strings containing specific characters. | ||||
| CVE-2024-39330 | 2 Djangoproject, Redhat | 5 Django, Ansible Automation Platform, Openstack and 2 more | 2025-11-04 | 4.3 Medium |
| An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they override generate_filename() without replicating the file-path validations from the parent class, potentially allow directory traversal via certain inputs during a save() call. (Built-in Storage sub-classes are unaffected.) | ||||
| CVE-2024-39329 | 2 Djangoproject, Redhat | 5 Django, Ansible Automation Platform, Openstack and 2 more | 2025-11-04 | 5.3 Medium |
| An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate() method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password. | ||||
| CVE-2024-38875 | 2 Djangoproject, Redhat | 5 Django, Ansible Automation Platform, Openstack and 2 more | 2025-11-04 | 7.5 High |
| An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with a very large number of brackets. | ||||
| CVE-2022-29970 | 3 Debian, Redhat, Sinatrarb | 7 Debian Linux, Enterprise Linux, Rhel E4s and 4 more | 2025-11-04 | 7.5 High |
| Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | ||||