Vulnerabilities > Redhat > Satellite > 5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-4320 | Insufficient Session Expiration vulnerability in Redhat Satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. | 7.5 |
| 2019-12-02 | CVE-2012-5562 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | 6.5 |
| 2019-07-02 | CVE-2019-10137 | Unspecified vulnerability in Redhat Satellite and Spacewalk A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. | 9.8 |
| 2019-04-11 | CVE-2019-3845 | Unspecified vulnerability in Redhat Satellite A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. low complexity redhat | 8.0 |
| 2018-08-22 | CVE-2017-7513 | Improper Certificate Validation vulnerability in Redhat Satellite It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. | 5.4 |
| 2018-07-30 | CVE-2017-7514 | Unspecified vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. | 5.4 |
| 2018-07-26 | CVE-2017-12175 | Unspecified vulnerability in Redhat Satellite Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | 5.4 |
| 2018-07-26 | CVE-2017-7538 | Cross-site Scripting vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. | 5.4 |
| 2018-03-14 | CVE-2018-1077 | XXE vulnerability in Redhat Satellite and Spacewalk Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. | 7.5 |
| 2017-08-28 | CVE-2014-8163 | Path Traversal vulnerability in Redhat Satellite 5.0 Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | 6.5 |