Vulnerabilities > Redhat > Satellite Capsule > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-10716 A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view.
network
low complexity
redhat theforeman
6.5
2020-05-06 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final.
network
low complexity
redhat ibm quarkus oracle
5.3
2018-08-01 CVE-2016-8639 Cross-site Scripting vulnerability in multiple products
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name.
network
low complexity
theforeman redhat CWE-79
5.4
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5
2018-04-26 CVE-2018-10237 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
network
high complexity
google redhat oracle CWE-770
5.9
2018-04-16 CVE-2018-5382 Improper Validation of Integrity Check Value vulnerability in multiple products
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore.
local
low complexity
bouncycastle redhat CWE-354
4.4
2017-11-27 CVE-2017-15100 An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
network
low complexity
theforeman redhat
6.1