Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)| Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/bcgit/bc-java • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-01-13 | CVE-2018-16887 | A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to malicious code execution and extraction of the anti-CSRF token of higher privileged users. Versions before 3.9.0 are vulnerable. | Satellite, Katello | 5.4 | ||
| 2017-08-28 | CVE-2014-8168 | Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | Satellite | 6.1 | ||
| 2017-08-28 | CVE-2014-8163 | Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | Satellite | 6.5 | ||
| 2017-08-28 | CVE-2014-0141 | Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | Satellite | 6.1 |