CVE-2018-10931 — CVSS 9.8 (critical): It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker…
CVE-2018-12547 — CVSS 9.8 (critical): In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This…
CVE-2018-12549 — CVSS 9.8 (critical): In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when…
CVE-2017-5929 — CVSS 9.8 (critical): QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVE-2024-7923 — CVSS 9.8 (critical): An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the…
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2024-7012 — CVSS 9.8 (critical): An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman…
CVE-2016-9843 — CVSS 9.8 (critical): The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving…
CVE-2016-9841 — CVSS 9.8 (critical): inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2017-10101 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10096 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2017-10090 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10346 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2017-10285 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2017-10087 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10089 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: ImageIO). Supported versions that are affected are Java SE: 6u151…
CVE-2017-10110 — CVSS 9.6 (critical): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u151…
CVE-2017-10107 — CVSS 9.6 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2015-5041 — CVSS 9.1 (critical): The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows…
CVE-2023-0118 — CVSS 9.1 (critical): An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute…
CVE-2008-2369 — CVSS 9.1 (critical): manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect…
CVE-2019-17631 — CVSS 9.1 (critical): From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without…
CVE-2018-3183 — CVSS 9.0 (critical): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are…
CVE-2017-10102 — CVSS 9.0 (critical): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2016-9840 — CVSS 8.8 (high): inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVE-2018-1097 — CVSS 8.8 (high): A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to…
CVE-2021-3590 — CVSS 8.8 (high): A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the…
CVE-2020-14334 — CVSS 8.8 (high): A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker…
CVE-2016-3072 — CVSS 8.8 (high): Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow…
CVE-2016-9842 — CVSS 8.8 (high): The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors…
CVE-2012-5562 — CVSS 8.6 (high): A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN…
CVE-2018-2633 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2018-2638 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2018-2639 — CVSS 8.3 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2017-10116 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2018-3149 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2018-3169 — CVSS 8.3 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2026-0980 — CVSS 8.3 (high): A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated…
CVE-2017-2667 — CVSS 8.1 (high): Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable…
CVE-2017-10078 — CVSS 8.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE…
CVE-2019-2698 — CVSS 8.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and…
CVE-2021-3414 — CVSS 8.1 (high): A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and…
CVE-2019-2697 — CVSS 8.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and…
CVE-2016-0363 — CVSS 8.1 (high): The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2016-0376 — CVSS 8.1 (high): The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2019-10137 — CVSS 8.1 (high): A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A…
CVE-2021-3589 — CVSS 8.0 (high): An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can…
CVE-2019-3845 — CVSS 8.0 (high): A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before…
CVE-2022-3874 — CVSS 8.0 (high): A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to…
CVE-2023-0462 — CVSS 8.0 (high): An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying…
CVE-2026-12112 — CVSS 7.8 (high): A flaw was found in the foreman-mcp-server. A session management vulnerability in the MCP Server allows unauthenticated attackers to hijack…
CVE-2026-48864 — CVSS 7.8 (high): A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within…
CVE-2019-3891 — CVSS 7.8 (high): It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the…
CVE-2018-2794 — CVSS 7.7 (high): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java…
CVE-2023-4320 — CVSS 7.6 (high): An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this…
CVE-2018-2627 — CVSS 7.5 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152…
CVE-2019-10245 — CVSS 7.5 (high): In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode…
CVE-2017-10067 — CVSS 7.5 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151…
CVE-2013-4480 — CVSS 7.5 (high): Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows…
CVE-2017-10115 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are…
CVE-2018-1000632 — CVSS 7.5 (high): dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute…
CVE-2020-14380 — CVSS 7.5 (high): An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant…
CVE-2016-1000338 — CVSS 7.5 (high): In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is…
CVE-2015-8126 — CVSS 7.5 (high): Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54…
CVE-2017-10388 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2018-1077 — CVSS 7.5 (high): Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
CVE-2019-2602 — CVSS 7.5 (high): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2019-0223 — CVSS 7.4 (high): While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and…
CVE-2014-8183 — CVSS 7.4 (high): It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An…
CVE-2019-11775 — CVSS 7.4 (high): All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the…
CVE-2018-2783 — CVSS 7.4 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2018-2637 — CVSS 7.4 (high): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are…
CVE-2018-1656 — CVSS 7.4 (high): The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does…
CVE-2016-9595 — CVSS 7.3 (high): A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could…
CVE-2021-44420 — CVSS 7.3 (high): In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream…
CVE-2021-3584 — CVSS 7.2 (high): A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration…
CVE-2016-10165 — CVSS 7.1 (high): The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a…
CVE-2017-10309 — CVSS 7.1 (high): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2017-7536 — CVSS 7.0 (high): In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions…
CVE-2016-4996 — CVSS 7.0 (high): discovery-debug in Foreman before 6.2 when the ssh service has been enabled on discovered nodes displays the root password in plaintext in…
CVE-2018-2634 — CVSS 6.8 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JGSS). Supported versions that are affected are…
CVE-2018-14666 — CVSS 6.8 (medium): An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host…
CVE-2023-1832 — CVSS 6.8 (medium): An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result…
CVE-2023-4886 — CVSS 6.7 (medium): A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to…
CVE-2021-42550 — CVSS 6.6 (medium): In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious…
CVE-2026-9150 — CVSS 6.5 (medium): A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing…
CVE-2014-3590 — CVSS 6.5 (medium): Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an…
CVE-2017-10243 — CVSS 6.5 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are…
CVE-2017-10690 — CVSS 6.5 (medium): In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to…
CVE-2017-2672 — CVSS 6.5 (medium): A flaw was found in foreman before version 1.15 in the logging of adding and registering images. An attacker with access to the foreman log…
CVE-2017-7470 — CVSS 6.5 (medium): It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect…
CVE-2018-1096 — CVSS 6.5 (medium): An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to…
CVE-2018-11212 — CVSS 6.5 (medium): An issue was discovered in libjpeg 9a and 9d. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service…
CVE-2018-2582 — CVSS 6.5 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected…
CVE-2019-10198 — CVSS 6.5 (medium): An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through…
CVE-2020-10716 — CVSS 6.5 (medium): A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw…
CVE-2020-14371 — CVSS 6.5 (medium): A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are…
CVE-2026-9149 — CVSS 6.5 (medium): A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file…
CVE-2021-3413 — CVSS 6.3 (medium): A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will…
CVE-2023-5189 — CVSS 6.3 (medium): A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using…
CVE-2026-9073 — CVSS 6.2 (medium): A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and…
CVE-2017-10356 — CVSS 6.2 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2024-3716 — CVSS 6.2 (medium): A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in…
CVE-2016-2103 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML…
CVE-2016-8639 — CVSS 6.1 (medium): It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker…
CVE-2016-2104 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML…
CVE-2016-3079 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject…
CVE-2016-3097 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script…
CVE-2018-2641 — CVSS 6.1 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are…
CVE-2017-15100 — CVSS 6.1 (medium): An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking…
CVE-2016-3080 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script…
CVE-2010-2236 — CVSS 6.0 (medium): The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through…
CVE-2019-2684 — CVSS 5.9 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are…
CVE-2018-1517 — CVSS 5.9 (medium): A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a…
CVE-2018-2973 — CVSS 5.9 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are…
CVE-2018-2618 — CVSS 5.9 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are…
CVE-2018-10237 — CVSS 5.9 (medium): Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks…
CVE-2018-3180 — CVSS 5.6 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are…
CVE-2016-0264 — CVSS 5.6 (medium): Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25…
CVE-2010-1171 — CVSS 5.5 (medium): Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access…
CVE-2022-3644 — CVSS 5.5 (medium): The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write…
CVE-2017-10689 — CVSS 5.5 (medium): In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10…
CVE-2015-1931 — CVSS 5.5 (medium): IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before…
CVE-2020-14335 — CVSS 5.5 (medium): A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This…
CVE-2018-1090 — CVSS 5.5 (medium): In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with…
CVE-2017-7513 — CVSS 5.4 (medium): It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host…
CVE-2023-0119 — CVSS 5.4 (medium): A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user…
CVE-2015-0284 — CVSS 5.4 (medium): Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to…
CVE-2018-16887 — CVSS 5.4 (medium): A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations…
CVE-2021-20256 — CVSS 5.3 (medium): A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with…
CVE-2017-10357 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are…
CVE-2017-10355 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are…
CVE-2017-10350 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are…
CVE-2018-2603 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…
CVE-2017-10349 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are…
CVE-2018-2629 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JGSS). Supported versions that are…
CVE-2017-10348 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2017-10347 — CVSS 5.3 (medium): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are…
CVE-2017-10281 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that…
CVE-2018-2657 — CVSS 5.3 (medium): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are…
CVE-2017-10109 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that…
CVE-2017-10108 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that…
CVE-2018-2795 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are…
CVE-2018-2796 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that…
CVE-2018-2797 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are…
CVE-2018-2798 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are…
CVE-2018-2799 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are…
CVE-2017-10053 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are…
CVE-2018-3214 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are…
CVE-2019-2762 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected…
CVE-2019-2769 — CVSS 5.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Utilities). Supported versions that are affected…
CVE-2019-7317 — CVSS 5.3 (medium): png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2020-10693 — CVSS 5.3 (medium): A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to…
CVE-2012-1145 — CVSS 5.0 (medium): spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the…
CVE-2007-1349 — CVSS 5.0 (medium): PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a…
CVE-2013-2056 — CVSS 5.0 (medium): The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client…
CVE-2025-9572 — CVSS 5.0 (medium): n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the…
CVE-2019-3893 — CVSS 4.9 (medium): In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the…
CVE-2012-0059 — CVSS 4.9 (medium): A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails…
CVE-2019-2975 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are…
CVE-2019-2816 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected…
CVE-2024-4812 — CVSS 4.8 (medium): A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a…
CVE-2018-2599 — CVSS 4.8 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2018-2581 — CVSS 4.7 (medium): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Supported versions that are affected are Java SE: 7u161…
CVE-2016-9593 — CVSS 4.7 (medium): foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file…
CVE-2019-2999 — CVSS 4.7 (medium): Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231…
CVE-2018-2602 — CVSS 4.5 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: I18n). Supported versions that are affected are…
CVE-2022-4130 — CVSS 4.5 (medium): A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an…
CVE-2026-13316 — CVSS 4.4 (medium): A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform…
CVE-2018-5382 — CVSS 4.4 (medium): The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore…
CVE-2017-10105 — CVSS 4.3 (medium): Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE…
CVE-2017-7514 — CVSS 4.3 (medium): A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user…
CVE-2013-4415 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject…
CVE-2018-2940 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected…
CVE-2018-2678 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are…
CVE-2013-1869 — CVSS 4.3 (medium): CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject…
CVE-2019-10136 — CVSS 4.3 (medium): It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but…
CVE-2018-2677 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are…
CVE-2018-2588 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: LDAP). Supported versions that are…
CVE-2014-3595 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4…
CVE-2014-3654 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6…
CVE-2018-2663 — CVSS 4.3 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…
CVE-2015-5233 — CVSS 4.2 (medium): Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with…
CVE-2018-2800 — CVSS 4.2 (medium): Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE…
CVE-2019-2996 — CVSS 4.2 (medium): Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). The supported version that is affected is…
CVE-2017-10295 — CVSS 4.0 (medium): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are…
CVE-2017-3533 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are…
CVE-2018-2579 — CVSS 3.7 (low): Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are…