Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Satellite
Total 223 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3097 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
CVE-2016-3080 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
CVE-2016-3079 1 Redhat 2 Satellite, Spacewalk-java 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM).
CVE-2016-3072 2 Katello, Redhat 3 Katello, Enterprise Linux, Satellite 2024-11-21 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
CVE-2016-2104 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags.
CVE-2016-2103 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.
CVE-2016-10165 6 Canonical, Debian, Littlecms and 3 more 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more 2024-11-21 5.8 MEDIUM 7.1 HIGH
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.
CVE-2016-1000338 4 Bouncycastle, Canonical, Netapp and 1 more 5 Legion-of-the-bouncy-castle-java-crytography-api, Ubuntu Linux, 7-mode Transition Tool and 2 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
CVE-2016-0376 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2024-11-21 5.1 MEDIUM 8.1 HIGH
The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not properly deserialize classes in an AccessController doPrivileged block, which allows remote attackers to bypass a sandbox protection mechanism and execute arbitrary code as demonstrated by the readValue method of the com.ibm.rmi.io.ValueHandlerPool.ValueHandlerSingleton class, which implements the javax.rmi.CORBA.ValueHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-5456.
CVE-2016-0363 3 Ibm, Novell, Redhat 13 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 10 more 2024-11-21 6.8 MEDIUM 8.1 HIGH
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2016-0264 3 Ibm, Redhat, Suse 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more 2024-11-21 6.8 MEDIUM 5.6 MEDIUM
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-8126 9 Apple, Canonical, Debian and 6 more 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more 2024-11-21 7.5 HIGH N/A
Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.
CVE-2015-5233 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 6.0 MEDIUM 4.2 MEDIUM
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.
CVE-2015-5164 2 Pulpproject, Redhat 2 Qpid, Satellite 2024-11-21 9.0 HIGH 7.2 HIGH
The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.
CVE-2015-5041 3 Ibm, Redhat, Suse 6 Java Sdk, Websphere Application Server, Satellite and 3 more 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.
CVE-2015-5006 3 Ibm, Redhat, Suse 9 Java 2 Sdk, Java Sdk, Enterprise Linux Desktop and 6 more 2024-11-21 2.1 LOW N/A
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.
CVE-2015-4902 4 Opensuse, Oracle, Redhat and 1 more 21 Leap, Opensuse, Jdk and 18 more 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more 2024-11-21 5.0 MEDIUM N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2015-2590 6 Canonical, Debian, Opensuse and 3 more 21 Ubuntu Linux, Debian Linux, Opensuse and 18 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.
CVE-2015-1931 3 Ibm, Redhat, Suse 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more 2024-11-21 N/A 5.5 MEDIUM
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.