Redhat: >> Satellite Security Vulnerabilities
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVSS Score
5.3
EPSS Score
0.0
Published
2020-05-06
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-19
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-01-02
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-13
Katello has multiple XSS issues in various entities
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-02
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVSS Score
6.5
EPSS Score
0.025
Published
2019-11-05
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVSS Score
6.5
EPSS Score
0.02
Published
2019-11-05
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
CVSS Score
9.1
EPSS Score
0.005
Published
2019-10-17
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVSS Score
3.7
EPSS Score
0.006
Published
2019-10-16