Vulnerabilities > Redhat > Satellite > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-04-09 CVE-2019-3893 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource.
network
low complexity
theforeman redhat CWE-732
4.9
2019-02-04 CVE-2019-7317 Use After Free vulnerability in multiple products
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
5.3
2019-01-13 CVE-2018-16887 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) flaw was found in the katello component of Satellite.
network
low complexity
redhat theforeman CWE-79
5.4
2018-10-17 CVE-2018-3214 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound).
network
low complexity
oracle redhat debian canonical hp
5.3
2018-10-17 CVE-2018-3180 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE).
network
high complexity
oracle redhat debian canonical hp
5.6
2018-08-22 CVE-2017-7513 Improper Certificate Validation vulnerability in Redhat Satellite
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields.
network
low complexity
redhat CWE-295
5.4
2018-08-20 CVE-2018-1656 Path Traversal vulnerability in multiple products
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files.
network
low complexity
ibm redhat oracle CWE-22
6.5
2018-08-01 CVE-2016-8639 Cross-site Scripting vulnerability in multiple products
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name.
network
low complexity
theforeman redhat CWE-79
5.4
2018-07-30 CVE-2017-7514 Unspecified vulnerability in Redhat Satellite
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0.
network
low complexity
redhat
5.4
2018-07-27 CVE-2016-9595 Link Following vulnerability in multiple products
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files.
local
low complexity
theforeman redhat CWE-59
5.5