Redhat ≫ Satellite

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping...

Nokogiri before 1.5.4 is vulnerable to XXE attacks

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

Katello has multiple XSS issues in various entities

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticate...