Home/Product/redhat satellite
Product

redhat satellite

223 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-0980
all versions
A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authentic
8.3HIGH
 CVE-2025-9572
all versions
n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Un
5.0MEDIUM
 CVE-2024-7923
all versions
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to
9.8CRITICAL
 CVE-2024-7012
all versions
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppe
9.8CRITICAL
 CVE-2024-4812
all versions
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" f
4.8MEDIUM
 CVE-2024-3716
all versions
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the pa
6.2MEDIUM
 CVE-2023-4320
< 6.13
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who use
7.6HIGH
 CVE-2023-5189
all versions
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that whe
6.3MEDIUM
 CVE-2023-44487
all versions
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5HIGH
 CVE-2023-1832
all versions
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which ca
6.8MEDIUM
 CVE-2023-4886
all versions
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords
6.7MEDIUM
 CVE-2022-3874
all versions
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instanc
8.0HIGH
 CVE-2023-0462
>= 6.0
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underly
8.0HIGH
 CVE-2023-0118
>= 6.13 and < 6.13.3
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute
9.1CRITICAL
 CVE-2023-0119
all versions
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of
5.4MEDIUM
 CVE-2022-4130
all versions
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interactio
4.5MEDIUM
 CVE-2022-3644
all versions
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read
5.5MEDIUM
 CVE-2015-1931
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1
5.5MEDIUM
 CVE-2021-3414
all versions
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to v
8.1HIGH
 CVE-2021-3590
all versions
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSO
8.8HIGH
 CVE-2021-3589
all versions
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible j
8.0HIGH
 CVE-2021-3584
all versions
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail config
7.2HIGH
 CVE-2021-42550
all versions
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a m
6.6MEDIUM
 CVE-2021-44420
all versions
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass
7.3HIGH
 CVE-2020-14380
all versions
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relev
7.5HIGH
 CVE-2020-14371
all versions
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs th
6.5MEDIUM
 CVE-2020-14335
all versions
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Prox
5.5MEDIUM
 CVE-2020-10716
all versions
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This
6.5MEDIUM
 CVE-2021-3413
all versions
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified w
6.3MEDIUM
 CVE-2021-20256
all versions
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker w
5.3MEDIUM
 CVE-2020-14334
all versions
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help a
8.8HIGH
 CVE-2020-10693
all versions
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expre
5.3MEDIUM
 CVE-2012-6685
all versions
Nokogiri before 1.5.4 is vulnerable to XXE attacks
7.5HIGH
 CVE-2014-3590
all versions
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, a
6.5MEDIUM
 CVE-2014-0241
all versions
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
5.5MEDIUM
 CVE-2013-2101
all versions
Katello has multiple XSS issues in various entities
5.4MEDIUM
 CVE-2012-5562
< 5.6
A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it acces
8.6HIGH
 CVE-2013-6461
all versions
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
6.5MEDIUM
 CVE-2013-6460
all versions
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
6.5MEDIUM
 CVE-2019-17631
all versions
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted
9.1CRITICAL
 CVE-2019-2999
all versions
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u2
4.7MEDIUM
 CVE-2019-2996
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is af
4.2MEDIUM
 CVE-2019-2992
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2988
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2983
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are a
3.7LOW
 CVE-2019-2981
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7LOW
 CVE-2019-2978
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.7LOW
 CVE-2019-2975
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affec
4.8MEDIUM
 CVE-2019-2973
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected a
3.7LOW
 CVE-2019-2964
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are aff
3.7LOW
 CVE-2019-2962
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are
3.7LOW
 CVE-2019-2945
all versions
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affe
3.1LOW
 CVE-2014-8183
all versions
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resour
7.4HIGH
 CVE-2019-10198
all versions
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched throu
6.5MEDIUM
 CVE-2019-11775
all versions
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out
7.4HIGH
 CVE-2019-2816
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
4.8MEDIUM
 CVE-2019-2786
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4LOW
 CVE-2019-2769
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3MEDIUM
 CVE-2019-2762
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are
5.3MEDIUM
 CVE-2019-10137
all versions
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens.
8.1HIGH
 CVE-2019-10136
all versions
It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, bu
4.3MEDIUM
 CVE-2019-2698
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1HIGH
 CVE-2019-2697
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u2
8.1HIGH
 CVE-2019-2684
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
5.9MEDIUM
 CVE-2019-2602
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5HIGH
 CVE-2019-0223
all versions
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C libr
7.4HIGH
 CVE-2019-10245
all versions
In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of b
7.5HIGH
 CVE-2019-3891
all versions
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials
7.8HIGH
 CVE-2019-3845
< 6.2
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versio
8.0HIGH
 CVE-2019-3893
all versions
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosu
4.9MEDIUM
 CVE-2018-12549
all versions
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe ca
9.8CRITICAL
 CVE-2018-12547
all versions
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter
9.8CRITICAL
 CVE-2019-7317
all versions
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_saf
5.3MEDIUM
 CVE-2018-14666
>= 6.0 and <= 6.4
An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of
6.8MEDIUM
 CVE-2019-2449
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Jav
3.1LOW
 CVE-2019-2422
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java
3.1LOW
 CVE-2018-16887
all versions
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organ
5.4MEDIUM
 CVE-2018-3214
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that
5.3MEDIUM
 CVE-2018-3183
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions
9.0CRITICAL
 CVE-2018-3180
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that
5.6MEDIUM
 CVE-2018-3169
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
8.3HIGH
 CVE-2018-3149
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3HIGH
 CVE-2018-3139
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are
3.1LOW
 CVE-2018-3136
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.4LOW
 CVE-2017-7513
all versions
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certifi
5.4MEDIUM
 CVE-2018-1656
all versions
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8
7.4HIGH
 CVE-2018-1517
all versions
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-
5.9MEDIUM
 CVE-2018-1000632
all versions
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAtt
7.5HIGH
 CVE-2018-10931
all versions
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated
9.8CRITICAL
 CVE-2016-8639
all versions
It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an at
6.1MEDIUM
 CVE-2017-7514
< 5.8.0
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0.
4.3MEDIUM
 CVE-2016-9595
all versions
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user cou
7.3HIGH
 CVE-2017-7470
all versions
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an in
6.5MEDIUM
 CVE-2017-12175
< 6.5
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functi
3.5LOW
 CVE-2017-7538
< 5.8
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to ch
3.5LOW
 CVE-2018-2973
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affec
5.9MEDIUM
 CVE-2018-2952
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported version
3.7LOW
 CVE-2018-2940
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
4.3MEDIUM
 CVE-2017-2672
all versions
A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the fo
6.5MEDIUM
 CVE-2018-1090
all versions
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all user
5.5MEDIUM
 CVE-2016-1000338
all versions
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification
7.5HIGH
 CVE-2018-11212
all versions
An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of
6.5MEDIUM
 CVE-2018-10237
all versions
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service a
5.9MEDIUM
 CVE-2018-2800
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Ja
4.2MEDIUM
 CVE-2018-2799
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that
5.3MEDIUM
 CVE-2018-2798
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that a
5.3MEDIUM
 CVE-2018-2797
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that a
5.3MEDIUM
 CVE-2018-2796
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported version
5.3MEDIUM
 CVE-2018-2795
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
5.3MEDIUM
 CVE-2018-2794
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected a
7.7HIGH
 CVE-2018-2790
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1LOW
 CVE-2018-2783
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
7.4HIGH
 CVE-2016-9593
all versions
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log
4.7MEDIUM
 CVE-2018-5382
all versions
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS k
4.4MEDIUM
 CVE-2018-1096
all versions
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this f
6.5MEDIUM
 CVE-2018-1097
all versions
A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off
8.8HIGH
 CVE-2018-1077
all versions
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the serv
7.5HIGH
 CVE-2017-2667
all versions
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that
8.1HIGH
 CVE-2017-15136
all versions
When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of
2.7LOW
 CVE-2017-10690
all versions
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classifie
6.5MEDIUM
 CVE-2017-10689
all versions
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1
5.5MEDIUM
 CVE-2017-15095
all versions
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti
9.8CRITICAL
 CVE-2018-2678
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
4.3MEDIUM
 CVE-2018-2677
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affect
4.3MEDIUM
 CVE-2018-2663
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
4.3MEDIUM
 CVE-2018-2657
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affec
5.3MEDIUM
 CVE-2018-2641
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affect
6.1MEDIUM
 CVE-2018-2639
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3HIGH
 CVE-2018-2638
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
8.3HIGH
 CVE-2018-2637
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that a
7.4HIGH
 CVE-2018-2634
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affec
6.8MEDIUM
 CVE-2018-2633
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
8.3HIGH
 CVE-2018-2629
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that
5.3MEDIUM
 CVE-2018-2627
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java
7.5HIGH
 CVE-2018-2618
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
5.9MEDIUM
 CVE-2018-2603
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
5.3MEDIUM
 CVE-2018-2602
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affec
4.5MEDIUM
 CVE-2018-2599
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that
4.8MEDIUM
 CVE-2018-2588
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that
4.3MEDIUM
 CVE-2018-2582
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
6.5MEDIUM
 CVE-2018-2581
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE:
4.7MEDIUM
 CVE-2018-2579
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions
3.7LOW
 CVE-2017-7536
all versions
In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permis
7.0HIGH
 CVE-2017-15100
all versions
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when c
6.1MEDIUM
 CVE-2017-10388
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
7.5HIGH
 CVE-2017-10357
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that
5.3MEDIUM
 CVE-2017-10356
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
6.2MEDIUM
 CVE-2017-10355
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
5.3MEDIUM
 CVE-2017-10350
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are aff
5.3MEDIUM
 CVE-2017-10349
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
5.3MEDIUM
 CVE-2017-10348
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
5.3MEDIUM
 CVE-2017-10347
all versions
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affec
5.3MEDIUM
 CVE-2017-10346
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are af
9.6CRITICAL
 CVE-2017-10345
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
3.1LOW
 CVE-2017-10309
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
7.1HIGH
 CVE-2017-10295
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
4.0MEDIUM
 CVE-2017-10285
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6CRITICAL
 CVE-2017-10281
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2014-8163
all versions
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
6.5MEDIUM
 CVE-2014-8168
all versions
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
6.1MEDIUM
 CVE-2014-0141
all versions
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
6.1MEDIUM
 CVE-2017-10243
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions tha
6.5MEDIUM
 CVE-2017-10116
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions t
8.3HIGH
 CVE-2017-10115
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that a
7.5HIGH
 CVE-2017-10110
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u
9.6CRITICAL
 CVE-2017-10109
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2017-10108
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versi
5.3MEDIUM
 CVE-2017-10107
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.6CRITICAL
 CVE-2017-10105
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java
4.3MEDIUM
 CVE-2017-10102
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affect
9.0CRITICAL
 CVE-2017-10101
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6CRITICAL
 CVE-2017-10096
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affec
9.6CRITICAL
 CVE-2017-10090
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6CRITICAL
 CVE-2017-10089
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE
9.6CRITICAL
 CVE-2017-10087
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are
9.6CRITICAL
 CVE-2017-10078
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java
8.1HIGH
 CVE-2017-10067
all versions
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java S
7.5HIGH
 CVE-2017-10053
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that ar
5.3MEDIUM
 CVE-2016-4996
all versions
discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plai
7.0HIGH
 CVE-2016-9843
all versions
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors inv
9.8CRITICAL
 CVE-2016-9842
all versions
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors
8.8HIGH
 CVE-2016-9841
all versions
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmet
9.8CRITICAL
 CVE-2016-9840
all versions
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithme
8.8HIGH
 CVE-2017-3544
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
3.7LOW
 CVE-2017-3539
all versions
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are a
3.1LOW
 CVE-2017-3533
all versions
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions
3.7LOW
 CVE-2016-2104
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script o
6.1MEDIUM
 CVE-2017-5929
all versions
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
9.8CRITICAL
 CVE-2016-10165
all versions
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or caus
7.1HIGH
 CVE-2016-3097
all versions
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary we
6.1MEDIUM
 CVE-2016-3080
all versions
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary we
6.1MEDIUM
 CVE-2016-3072
all versions
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katell
8.8HIGH
 CVE-2015-5041
all versions
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP
9.1CRITICAL
 CVE-2016-0376
all versions
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR
8.1HIGH
 CVE-2016-0363
all versions
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP
8.1HIGH
 CVE-2016-0264
all versions
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before
5.6MEDIUM
 CVE-2016-3427
all versions
Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attack
9.8CRITICAL
 CVE-2016-3079
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to
6.1MEDIUM
 CVE-2016-2103
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script o
6.1MEDIUM
 CVE-2015-0284
all versions
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated user
5.4MEDIUM
 CVE-2015-5233
all versions
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated us
4.2MEDIUM
 CVE-2015-5006
all versions
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 befor
 CVE-2015-8126
all versions
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1
 CVE-2015-4902
all versions
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors
5.3MEDIUM
 CVE-2015-2590
all versions
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to af
9.8CRITICAL
 CVE-2015-2808
all versions
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the ini
3.7LOW
 CVE-2014-7812
all versions
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated
 CVE-2014-3654
all versions
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 a
 CVE-2014-3595
all versions
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satell
 CVE-2010-2236
all versions
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0
 CVE-2013-1869
all versions
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to
 CVE-2013-4415
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to
 CVE-2013-1871
all versions
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows rem
 CVE-2012-6149
all versions
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6
 CVE-2012-0059
all versions
A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fa
4.9MEDIUM
 CVE-2013-4480
<= 5.6
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which
 CVE-2013-2056
all versions
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "auth
 CVE-2012-1145
all versions
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploa
 CVE-2011-4346
all versions
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated
 CVE-2010-1171
all versions
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to
 CVE-2008-2369
< 5.1.1
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to
9.1CRITICAL
 CVE-2007-3332
all versions
Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a
 CVE-2007-1349
all versions
PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin