Vulnerabilities > Redhat > Satellite

DATE CVE VULNERABILITY TITLE RISK
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
2020-01-02 CVE-2014-3590 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Satellite 6.0
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action.
network
low complexity
redhat CWE-352
6.5
2019-12-13 CVE-2014-0241 Insufficiently Protected Credentials vulnerability in multiple products
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
local
low complexity
theforeman redhat CWE-522
5.5
2019-12-03 CVE-2013-2101 Cross-site Scripting vulnerability in multiple products
Katello has multiple XSS issues in various entities
network
low complexity
theforeman redhat CWE-79
5.4
2019-12-02 CVE-2012-5562 Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
low complexity
redhat CWE-319
6.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-10-17 CVE-2019-17631 Improper Privilege Management vulnerability in multiple products
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
network
low complexity
eclipse redhat CWE-269
critical
9.1
2019-10-16 CVE-2019-2999 Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc).
network
high complexity
oracle redhat netapp debian opensuse canonical
4.7
2019-10-16 CVE-2019-2996 Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment).
network
high complexity
oracle netapp redhat
4.2