Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulpproject pulp vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2015-5263
pulp-consumer-client 2.4.0 up to and including 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
Pulpproject Pulp 2.4.0
Pulpproject Pulp 2.4.2
Pulpproject Pulp 2.4.4
Pulpproject Pulp 2.4.1
Pulpproject Pulp 2.4.3
Pulpproject Pulp 2.5.1
Pulpproject Pulp 2.5.2
Pulpproject Pulp 2.5.3
Pulpproject Pulp 2.5.0
Pulpproject Pulp 2.6.2
Pulpproject Pulp 2.6.3
Pulpproject Pulp 2.6.0
Pulpproject Pulp 2.6.1
4
CVSSv2
CVE-2018-10917
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Pulpproject Pulp 2.16.2
Pulpproject Pulp 2.16.1
Pulpproject Pulp 2.16.4
Pulpproject Pulp
5
CVSSv2
CVE-2013-7450
Pulp prior to 2.3.0 uses the same the same certificate authority key and certificate for all installations.
Pulpproject Pulp
5
CVSSv2
CVE-2016-3106
Pulp prior to 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
Pulpproject Pulp 2.8.2-1
2.1
CVSSv2
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp prior to 2.8.2 allows local users to read the generated private key.
Fedoraproject Fedora 24
Pulpproject Pulp
NA
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
9
CVSSv2
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started