Vulnerabilities > Redhat > Satellite > 5.7

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2018-2602 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). 4.5
2018-01-18 CVE-2018-2599 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). 4.8
2018-01-18 CVE-2018-2588 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). 4.3
2018-01-18 CVE-2018-2581 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX).
network
low complexity
oracle redhat netapp
4.7
2018-01-18 CVE-2018-2579 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). 3.7
2017-04-13 CVE-2016-2104 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
network
low complexity
redhat CWE-79
6.1
2016-08-05 CVE-2016-3097 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
network
low complexity
redhat CWE-79
6.1
2016-08-05 CVE-2016-3080 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
network
low complexity
redhat CWE-79
6.1
2016-06-06 CVE-2015-5041 Information Exposure vulnerability in multiple products
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
network
low complexity
ibm suse redhat CWE-200
critical
9.1
2016-06-03 CVE-2016-0376 The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface.
network
high complexity
novell ibm redhat
8.1