Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulpproject pulp vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2015-5263
pulp-consumer-client 2.4.0 up to and including 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
Pulpproject Pulp 2.4.0
Pulpproject Pulp 2.4.2
Pulpproject Pulp 2.4.4
Pulpproject Pulp 2.4.1
Pulpproject Pulp 2.4.3
Pulpproject Pulp 2.5.1
Pulpproject Pulp 2.5.2
Pulpproject Pulp 2.5.3
Pulpproject Pulp 2.5.0
Pulpproject Pulp 2.6.2
Pulpproject Pulp 2.6.3
Pulpproject Pulp 2.6.0
Pulpproject Pulp 2.6.1
356
VMScore
CVE-2018-10917
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Pulpproject Pulp 2.16.2
Pulpproject Pulp 2.16.1
Pulpproject Pulp 2.16.4
Pulpproject Pulp
445
VMScore
CVE-2013-7450
Pulp prior to 2.3.0 uses the same the same certificate authority key and certificate for all installations.
Pulpproject Pulp
445
VMScore
CVE-2016-3106
Pulp prior to 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
Pulpproject Pulp 2.8.2-1
187
VMScore
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp prior to 2.8.2 allows local users to read the generated private key.
Fedoraproject Fedora 24
Pulpproject Pulp
NA
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
801
VMScore
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started