Satellite Security Vulnerabilities and Issues — Satellite CVE List

Lucene search

RedhatSatellite

9 matches found

CVE•added 2019/04/23 7:32 p.m.•733 views

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

5.9CVSS5.7AI score0.00237EPSS

CVE•added 2019/04/23 7:32 p.m.•496 views

CVE-2019-2602

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows unauthenticated attacker with network access via mult...

7.5CVSS6.8AI score0.00103EPSS

CVE•added 2019/04/23 7:32 p.m.•446 views

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of ...

8.1CVSS7.7AI score0.03101EPSS

CVE•added 2019/04/23 7:32 p.m.•322 views

CVE-2019-2697

8.1CVSS7.5AI score0.06542EPSS

CVE•added 2019/04/23 4:29 p.m.•147 views

CVE-2019-0223

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS even when configured to verify the peer certificate while used with OpenSSL versions before 1....

7.4CVSS7AI score0.00532EPSS

CVE•added 2019/04/19 2:29 p.m.•112 views

CVE-2019-10245

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load.

7.5CVSS7.6AI score0.01619EPSS

CVE•added 2019/04/11 3:29 p.m.•99 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this fla...

8CVSS7.5AI score0.00085EPSS

CVE•added 2019/04/15 12:31 p.m.•71 views

CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching pa...

7.8CVSS7.4AI score0.00042EPSS

CVE•added 2019/04/09 4:29 p.m.•62 views

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control...

4.9CVSS5.5AI score0.01281EPSS