Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulpproject pulp vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2015-5263
pulp-consumer-client 2.4.0 up to and including 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
Pulpproject Pulp 2.4.1
Pulpproject Pulp 2.4.2
Pulpproject Pulp 2.4.3
Pulpproject Pulp 2.4.4
Pulpproject Pulp 2.4.0
Pulpproject Pulp 2.5.1
Pulpproject Pulp 2.5.2
Pulpproject Pulp 2.5.3
Pulpproject Pulp 2.5.0
Pulpproject Pulp 2.6.1
Pulpproject Pulp 2.6.2
Pulpproject Pulp 2.6.3
Pulpproject Pulp 2.6.0
7.5
CVSSv3
CVE-2013-7450
Pulp prior to 2.3.0 uses the same the same certificate authority key and certificate for all installations.
Pulpproject Pulp
7.2
CVSSv3
CVE-2015-5164
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
Pulpproject Qpid -
6.5
CVSSv3
CVE-2018-10917
pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the 'apache' user. This may lead to overwrite of published content on other iso repositories.
Pulpproject Pulp 2.16.2
Pulpproject Pulp 2.16.1
Pulpproject Pulp 2.16.4
Pulpproject Pulp
5.5
CVSSv3
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
5.5
CVSSv3
CVE-2016-3095
server/bin/pulp-gen-ca-certificate in Pulp prior to 2.8.2 allows local users to read the generated private key.
Fedoraproject Fedora 24
Pulpproject Pulp
5.3
CVSSv3
CVE-2016-3106
Pulp prior to 2.8.3 creates a temporary directory during CA key generation in an insecure manner.
Pulpproject Pulp 2.8.2-1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started