Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Satellite
Total 223 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-10388 4 Debian, Netapp, Oracle and 1 more 29 Debian Linux, Active Iq Unified Manager, Cloud Backup and 26 more 2024-02-28 5.1 MEDIUM 7.5 HIGH
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: Applies to the Java SE Kerberos client. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
CVE-2017-10067 4 Debian, Netapp, Oracle and 1 more 26 Debian Linux, Active Iq Unified Manager, Cloud Backup and 23 more 2024-02-28 5.1 MEDIUM 7.5 HIGH
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
CVE-2017-10096 4 Debian, Netapp, Oracle and 1 more 26 Debian Linux, Active Iq Unified Manager, Cloud Backup and 23 more 2024-02-28 6.8 MEDIUM 9.6 CRITICAL
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 9.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
CVE-2018-2581 3 Netapp, Oracle, Redhat 20 Active Iq Unified Manager, Cloud Backup, E-series Santricity Management Plug-ins and 17 more 2024-02-28 4.3 MEDIUM 4.7 MEDIUM
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161, 8u152 and 9.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N).
CVE-2017-3539 3 Debian, Oracle, Redhat 11 Debian Linux, Jdk, Jre and 8 more 2024-02-28 2.1 LOW 3.1 LOW
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).
CVE-2017-3533 3 Debian, Oracle, Redhat 12 Debian Linux, Jdk, Jre and 9 more 2024-02-28 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via FTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2016-9840 8 Apple, Canonical, Debian and 5 more 19 Iphone Os, Mac Os X, Tvos and 16 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-3544 4 Debian, Google, Oracle and 1 more 13 Debian Linux, Android, Jdk and 10 more 2024-02-28 4.3 MEDIUM 3.7 LOW
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more 2024-02-28 5.8 MEDIUM 7.1 HIGH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-9841 9 Apple, Canonical, Debian and 6 more 39 Iphone Os, Mac Os X, Tvos and 36 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2016-9843 10 Apple, Canonical, Debian and 7 more 24 Iphone Os, Mac Os X, Tvos and 21 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
CVE-2016-2104 1 Redhat 1 Satellite 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
CVE-2017-5929 2 Qos, Redhat 3 Logback, Satellite, Satellite Capsule 2024-02-28 7.5 HIGH 9.8 CRITICAL
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVE-2016-3080 1 Redhat 1 Satellite 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
CVE-2016-3097 1 Redhat 1 Satellite 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
CVE-2015-0284 1 Redhat 2 Satellite, Spacewalk-java 2024-02-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2016-3079 1 Redhat 2 Satellite, Spacewalk-java 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
CVE-2016-3072 2 Katello, Redhat 3 Katello, Enterprise Linux, Satellite 2024-02-28 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
CVE-2016-0264 3 Ibm, Redhat, Suse 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more 2024-02-28 6.8 MEDIUM 5.6 MEDIUM
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2016-0376 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2024-02-28 5.1 MEDIUM 8.1 HIGH
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.