Vulnerabilities > Redhat > Satellite > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-08-28 CVE-2014-8163 Path Traversal vulnerability in Redhat Satellite 5.0
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
network
low complexity
redhat CWE-22
6.5
2017-08-28 CVE-2014-8168 Improper Access Control vulnerability in Redhat Satellite 6.0
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
local
low complexity
redhat CWE-284
6.1
2017-08-28 CVE-2014-0141 Cross-site Scripting vulnerability in Redhat Satellite 6.0.3
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
network
low complexity
redhat CWE-79
6.1
2017-08-08 CVE-2017-10243 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS).
network
low complexity
oracle debian netapp redhat
6.5
2017-08-08 CVE-2017-10109 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).
network
low complexity
oracle debian redhat netapp
5.3
2017-08-08 CVE-2017-10108 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization).
network
low complexity
oracle debian phoenixcontact redhat netapp
5.3
2017-08-08 CVE-2017-10105 Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).
network
low complexity
oracle redhat netapp
4.3
2017-08-08 CVE-2017-10053 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).
network
low complexity
oracle debian redhat netapp phoenixcontact
5.3
2017-04-13 CVE-2016-2104 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
network
low complexity
redhat CWE-79
6.1
2016-08-05 CVE-2016-3097 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
network
low complexity
redhat CWE-79
6.1