Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite_capsule
(Redhat)| Repositories |
• https://github.com/bcgit/bc-java
• https://github.com/dom4j/dom4j |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-01 | CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Ubuntu_linux, 7\-Mode_transition_tool, Satellite, Satellite_capsule | 7.5 | ||
| 2017-11-27 | CVE-2017-15100 | An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | Satellite, Satellite_capsule, Foreman | 6.1 | ||
| 2018-03-12 | CVE-2017-2667 | Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. | Satellite, Satellite_capsule, Hammer_cli | 8.1 |