Redhat Satellite With Embedded Oracle vulnerabilities
5 known vulnerabilities affecting redhat/satellite_with_embedded_oracle.
Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM2LOW1
Vulnerabilities
Page 1 of 1
CVE-2014-3654MEDIUMCVSS 4.3v5.52014-11-03
CVE-2014-3654 [MEDIUM] CWE-79 CVE-2014-3654: Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
nvd
CVE-2014-3595MEDIUMCVSS 4.3v5.4v5.52014-09-22
CVE-2014-3595 [MEDIUM] CWE-79 CVE-2014-3595: Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk an
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
nvd
CVE-2013-4480HIGHCVSS 7.5v5.2v5.3+2 more2013-11-18
CVE-2013-4480 [HIGH] CWE-668 CVE-2013-4480: Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the firs
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
nvd
CVE-2012-1717LOWCVSS 2.1v5.52012-06-16
CVE-2012-1717 [LOW] CVE-2012-1717: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux.
nvd
CVE-2011-3544CRITICALCVSS 9.8KEVPoCv5.42011-10-19
CVE-2011-3544 [CRITICAL] CWE-284 CVE-2011-3544: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
nvd