High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-18	CVE-2023-4320	Insufficient Session Expiration vulnerability in Redhat Satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. network low complexity redhat CWE-613	7.5
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-10-04	CVE-2023-1832	Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. network low complexity candlepinproject redhat CWE-863	8.1
2022-03-23	CVE-2021-3589	Missing Authentication for Critical Function vulnerability in multiple products An authorization flaw was found in Foreman Ansible. network high complexity theforeman redhat CWE-306	8.0
2021-12-08	CVE-2021-44420	In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. network low complexity djangoproject redhat debian canonical fedoraproject	7.3
2021-06-02	CVE-2020-14380	Improper Authentication vulnerability in Redhat Satellite 6.7.2 An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. network high complexity redhat CWE-287	7.5
2020-07-31	CVE-2020-14334	Insufficiently Protected Credentials vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. local low complexity redhat CWE-522	8.8
2019-08-01	CVE-2014-8183	Improper Access Control vulnerability in multiple products It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. network low complexity theforeman redhat CWE-284	7.4
2019-04-23	CVE-2019-2602	Resource Exhaustion vulnerability in multiple products Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). network low complexity oracle redhat opensuse canonical debian mcafee hp CWE-400	7.5
2019-04-23	CVE-2019-0223	While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1.1.0. network high complexity apache redhat	7.4