Vulnerabilities > Redhat > Satellite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-20 | CVE-2018-1517 | Improper Input Validation vulnerability in multiple products A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. | 5.0 |
| 2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
| 2018-08-09 | CVE-2018-10931 | Exposed Dangerous Method or Function vulnerability in multiple products It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. | 9.8 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-07-30 | CVE-2017-7514 | Cross-site Scripting vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. | 5.4 |
| 2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |
| 2018-07-27 | CVE-2017-7470 | Incorrect Authorization vulnerability in Redhat Satellite and Spacewalk It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | 9.8 |
| 2018-07-26 | CVE-2017-12175 | Cross-site Scripting vulnerability in Redhat Satellite Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. | 5.4 |
| 2018-07-26 | CVE-2017-7538 | Cross-site Scripting vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. | 3.5 |
| 2018-07-18 | CVE-2018-2973 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). | 4.3 |