Redhat Satellite Capsule — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Satellite Capsule, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2017-5929 — CVSS 9.8 (critical): QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVE-2017-15095 — CVSS 9.8 (critical): A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated…
CVE-2017-2667 — CVSS 8.1 (high): Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable…
CVE-2018-1000632 — CVSS 7.5 (high): dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute…
CVE-2016-1000338 — CVSS 7.5 (high): In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is…
CVE-2016-9595 — CVSS 7.3 (high): A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could…
CVE-2017-7536 — CVSS 7.0 (high): In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions…
CVE-2020-10716 — CVSS 6.5 (medium): A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw…
CVE-2016-8639 — CVSS 6.1 (medium): It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker…
CVE-2017-15100 — CVSS 6.1 (medium): An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking…
CVE-2018-10237 — CVSS 5.9 (medium): Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks…
CVE-2020-10693 — CVSS 5.3 (medium): A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to…
CVE-2025-9572 — CVSS 5.0 (medium): n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the…
CVE-2018-5382 — CVSS 4.4 (medium): The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore…