Satellite@6.4 Security Vulnerabilities and Issues — Satellite@6.4 CVE List

Lucene search

RedhatSatellite6.4

10 matches found

CVE•added 2018/04/26 9:29 p.m.•519 views

CVE-2018-10237

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) ...

5.9CVSS5.9AI score0.03259EPSS

CVE•added 2018/02/06 3:29 p.m.•244 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS9.2AI score0.77336EPSS

CVE•added 2018/01/10 3:29 p.m.•153 views

CVE-2017-7536

In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the callin...

7CVSS7.3AI score0.00104EPSS

CVE•added 2018/04/16 2:29 p.m.•141 views

CVE-2018-5382

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. Fo...

4.4CVSS4.9AI score0.00189EPSS

CVE•added 2018/06/01 8:29 p.m.•118 views

CVE-2016-1000338

In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisibl...

7.5CVSS7.2AI score0.0043EPSS

CVE•added 2018/02/09 8:29 p.m.•96 views

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

5.5CVSS5.5AI score0.00092EPSS

CVE•added 2018/02/09 8:29 p.m.•62 views

CVE-2017-10690

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

6.5CVSS6.5AI score0.00204EPSS

CVE•added 2018/04/04 9:29 p.m.•61 views

CVE-2018-1097

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

8.8CVSS8.5AI score0.00403EPSS

CVE•added 2018/04/05 9:29 p.m.•57 views

CVE-2018-1096

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

6.5CVSS7AI score0.00315EPSS

CVE•added 2018/06/18 2:29 p.m.•53 views

CVE-2018-1090

In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.

7.5CVSS7.3AI score0.00289EPSS