Vulnerabilities > Redhat > Satellite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-02 | CVE-2020-14335 | Information Exposure vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. | 5.5 |
| 2021-05-27 | CVE-2020-10716 | A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. | 6.5 |
| 2021-04-08 | CVE-2021-3413 | Information Exposure vulnerability in multiple products A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. | 6.5 |
| 2021-02-23 | CVE-2021-20256 | Information Exposure vulnerability in Redhat Satellite 6.0 A flaw was found in Red Hat Satellite. | 5.3 |
| 2020-05-06 | CVE-2020-10693 | Improper Input Validation vulnerability in multiple products A flaw was found in Hibernate Validator version 6.1.2.Final. | 5.3 |
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
| 2020-01-02 | CVE-2014-3590 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Satellite 6.0 Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. | 4.3 |
| 2019-12-03 | CVE-2013-2101 | Cross-site Scripting vulnerability in multiple products Katello has multiple XSS issues in various entities | 5.4 |
| 2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 4.3 |
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 4.3 |