Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)| Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 208 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-02-11 | CVE-2018-12549 | In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. | Openj9, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 9.8 | ||
| 2019-02-11 | CVE-2018-12547 | In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not directly callable by non-native user code. | Openj9, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 9.8 | ||
| 2019-01-13 | CVE-2018-16887 | A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. | Satellite, Katello | 5.4 | ||
| 2017-08-28 | CVE-2014-8168 | Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | Satellite | 6.1 | ||
| 2017-08-28 | CVE-2014-8163 | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | Satellite | 6.5 | ||
| 2017-08-28 | CVE-2014-0141 | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | Satellite | 6.1 |