Vulnerabilities > Redhat > Satellite
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
2020-01-02 | CVE-2014-3590 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Satellite 6.0 Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. | 6.5 |
2019-12-13 | CVE-2014-0241 | Insufficiently Protected Credentials vulnerability in multiple products rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | 5.5 |
2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
2019-12-02 | CVE-2012-5562 | Cleartext Transmission of Sensitive Information vulnerability in Redhat Satellite rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | 6.5 |
2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 6.5 |
2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 6.5 |
2019-10-17 | CVE-2019-17631 | Improper Privilege Management vulnerability in multiple products From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | 9.1 |
2019-10-16 | CVE-2019-2999 | Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). | 4.7 |
2019-10-16 | CVE-2019-2996 | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). | 4.2 |