Redhat

Satellite

225 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2017-5929

  • EPSS 9.94%
  • Veröffentlicht 13.03.2017 06:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.

7.1

CVE-2016-10165

  • EPSS 0.51%
  • Veröffentlicht 03.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read.

6.1

CVE-2016-3097

  • EPSS 0.21%
  • Veröffentlicht 05.08.2016 14:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

6.1

CVE-2016-3080

  • EPSS 0.19%
  • Veröffentlicht 05.08.2016 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

8.8

CVE-2016-3072

  • EPSS 0.86%
  • Veröffentlicht 07.06.2016 18:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.

9.1

CVE-2015-5041

  • EPSS 1%
  • Veröffentlicht 06.06.2016 17:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject data by invoking non-public interface methods.

8.1

CVE-2016-0376

  • EPSS 1.93%
  • Veröffentlicht 03.06.2016 14:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) does not pr...

8.1

CVE-2016-0363

  • EPSS 0.64%
  • Veröffentlicht 03.06.2016 14:59:01
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke...

6.8

CVE-2016-0264

  • EPSS 12.8%
  • Veröffentlicht 24.05.2016 15:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows re...

10

CVE-2016-3427

Warnung
  • EPSS 92.58%
  • Veröffentlicht 21.04.2016 11:00:21
  • Zuletzt bearbeitet 22.10.2025 00:15:51

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.