Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat satellite 6.3 vulnerabilities and exploits

(subscribe to this query)
3.6
CVSSv2
CVE-2016-9595
A flaw was found in katello-debug prior to 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Theforeman KatelloRedhat Satellite 6.3Redhat Satellite Capsule 6.3
3.5
CVSSv2
CVE-2016-8639
It was found that foreman prior to 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Theforeman ForemanRedhat Satellite 6.3Redhat Satellite Capsule 6.3
6.8
CVSSv2
CVE-2017-2667
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.
Theforeman Hammer CliRedhat Satellite 6.3Redhat Satellite Capsule 6.3
4
CVSSv2
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman ForemanRedhat Satellite 6.0
6.5
CVSSv2
CVE-2014-8183
It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Theforeman ForemanRedhat Satellite 6.0
4.4
CVSSv2
CVE-2017-7536
In Hibernate Validator 5.2.x prior to 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occ...
Redhat Hibernate ValidatorRedhat Satellite 6.4Redhat Satellite Capsule 6.4Redhat Jboss Enterprise Application Platform 6.0.0Redhat Jboss Enterprise Application Platform 6.4.0Redhat Jboss Enterprise Application Platform 7.0Redhat Jboss Enterprise Application Platform 7.1Redhat Virtualization 4.0Redhat Virtualization Host 4.0
5.8
CVSSv2
CVE-2019-0223
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenS...
Apache QpidRedhat Jboss Amq Clients 2 -Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Server Aus 7.2Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server Tus 7.2Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Aus 6.6Redhat Enterprise Linux Eus 6.7Redhat Enterprise Linux Server Aus 6.5Redhat Enterprise Linux Server Aus 6.4Redhat Enterprise Linux Desktop 6.0Redhat Enterprise Linux Server 6.0Redhat Enterprise Linux Workstation 6.0Redhat Enterprise Linux Server Tus 7.3Redhat Enterprise Linux Server Aus 7.3Redhat Enterprise Linux Server Aus 7.4Redhat Enterprise Linux Server Tus 7.4Redhat Enterprise Linux Eus 7.3Redhat Enterprise Linux Eus 7.4Redhat Enterprise Linux Eus 7.5Redhat Satellite 6.3
7.5
CVSSv2
CVE-2019-10086
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an malicious user to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of th...
Apache Commons BeanutilsApache Nifi 1.14.0Apache Nifi 1.15.0Debian Debian Linux 8.0Opensuse Leap 15.0Opensuse Leap 15.1Fedoraproject Fedora 30Fedoraproject Fedora 31Redhat Enterprise Linux Desktop 7.0Redhat Enterprise Linux Workstation 7.0Redhat Enterprise Linux Server 7.0Redhat Enterprise Linux Server Aus 7.7Redhat Enterprise Linux Server Tus 7.7Redhat Enterprise Linux Eus 7.7Redhat Jboss Enterprise Application Platform 7.2.0Oracle Retail Xstore Point Of Service 15.0Oracle Flexcube Private Banking 12.1.0Oracle Banking Platform 2.4.0Oracle Retail Xstore Point Of Service 7.1Oracle Flexcube Private Banking 12.0.0Oracle Service Bus 11.1.1.9.0Oracle Fusion Middleware 11.1.1.9
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook