Vulnerabilities > Redhat > Satellite Capsule

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-10716 A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman
6.5
2020-05-06 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final.
network
low complexity
redhat ibm quarkus oracle
5.3
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-08-01 CVE-2016-8639 Cross-site Scripting vulnerability in multiple products
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name.
network
low complexity
theforeman redhat CWE-79
5.4
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5
2018-06-01 CVE-2016-1000338 Improper Verification of Cryptographic Signature vulnerability in multiple products
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification.
network
low complexity
bouncycastle redhat canonical netapp CWE-347
7.5
2018-04-26 CVE-2018-10237 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
network
high complexity
google redhat oracle CWE-770
5.9
2018-04-16 CVE-2018-5382 Improper Validation of Integrity Check Value vulnerability in multiple products
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore.
local
low complexity
bouncycastle redhat CWE-354
4.4
2018-03-12 CVE-2017-2667 Improper Certificate Validation vulnerability in multiple products
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default.
network
high complexity
theforeman redhat CWE-295
8.1
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8