Satellite Security Vulnerabilities and Issues — Satellite CVE List

Lucene search

RedhatSatellite

8 matches found

CVE•added 2018/07/18 1:29 p.m.•318 views

CVE-2018-2952

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated at...

4.3CVSS4AI score0.00042EPSS

CVE•added 2018/07/18 1:29 p.m.•211 views

CVE-2018-2973

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/...

5.9CVSS6.2AI score0.00203EPSS

CVE•added 2018/07/18 1:29 p.m.•201 views

CVE-2018-2940

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via m...

4.3CVSS4.2AI score0.00082EPSS

CVE•added 2018/07/27 6:29 p.m.•61 views

CVE-2016-9595

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

7.3CVSS5.2AI score0.00042EPSS

CVE•added 2018/07/26 5:29 p.m.•61 views

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.

5.4CVSS5.9AI score0.00544EPSS

CVE•added 2018/07/30 3:29 p.m.•57 views

CVE-2017-7514

A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

5.4CVSS5.1AI score0.00205EPSS

CVE•added 2018/07/27 1:29 p.m.•56 views

CVE-2017-7470

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

9.8CVSS9.2AI score0.01046EPSS

CVE•added 2018/07/26 3:29 p.m.•54 views

CVE-2017-7538

A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

5.4CVSS5.1AI score0.00246EPSS