Vulnerabilities > Redhat > Satellite > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-09 | CVE-2019-3893 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. | 4.9 |
2019-02-04 | CVE-2019-7317 | Use After Free vulnerability in multiple products png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | 5.3 |
2019-01-13 | CVE-2018-16887 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) flaw was found in the katello component of Satellite. | 5.4 |
2018-10-17 | CVE-2018-3214 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). | 5.3 |
2018-10-17 | CVE-2018-3180 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). | 5.6 |
2018-08-22 | CVE-2017-7513 | Improper Certificate Validation vulnerability in Redhat Satellite It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. | 5.4 |
2018-08-20 | CVE-2018-1656 | Path Traversal vulnerability in multiple products The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. | 6.5 |
2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
2018-07-30 | CVE-2017-7514 | Unspecified vulnerability in Redhat Satellite A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. | 5.4 |
2018-07-27 | CVE-2016-9595 | Link Following vulnerability in multiple products A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. | 5.5 |