Satellite Security Vulnerabilities and Issues — Satellite CVE List

Lucene search

RedhatSatellite

4 matches found

CVE•added 2018/02/06 3:29 p.m.•247 views

CVE-2017-15095

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-...

9.8CVSS9.2AI score0.77423EPSS

CVE•added 2018/02/09 8:29 p.m.•98 views

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

5.5CVSS5.5AI score0.00092EPSS

CVE•added 2018/02/09 8:29 p.m.•64 views

CVE-2017-10690

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

6.5CVSS6.5AI score0.00204EPSS

CVE•added 2018/02/27 9:29 p.m.•49 views

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

4CVSS4.1AI score0.00229EPSS