Vulnerabilities > Redhat > Satellite > 6.4

DATE CVE VULNERABILITY TITLE RISK
2018-04-05 CVE-2018-1096 SQL Injection vulnerability in multiple products
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1.
network
low complexity
theforeman redhat CWE-89
6.5
2018-04-04 CVE-2018-1097 A flaw was found in foreman before 1.16.1.
network
low complexity
theforeman redhat
8.8
2018-02-09 CVE-2017-10690 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from.
network
low complexity
puppet redhat CWE-269
6.5
2018-02-09 CVE-2017-10689 Improper Privilege Management vulnerability in multiple products
In previous versions of Puppet Agent it was possible to install a module with world writable permissions.
local
low complexity
puppet canonical redhat CWE-269
5.5
2018-02-06 CVE-2017-15095 Deserialization of Untrusted Data vulnerability in multiple products
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
network
low complexity
fasterxml debian redhat netapp oracle CWE-502
critical
9.8
2018-01-10 CVE-2017-7536 Unsafe Reflection vulnerability in Redhat products
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur.
local
high complexity
redhat CWE-470
7.0
2017-11-27 CVE-2017-15100 An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page.
network
low complexity
theforeman redhat
6.1
2017-03-13 CVE-2017-5929 Deserialization of Untrusted Data vulnerability in multiple products
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
network
low complexity
qos redhat CWE-502
critical
9.8