Skip to main content

Satellite Capsule

6 CVEs product

Monthly

CVE-2020-10693 Maven MEDIUM PATCH This Month

A flaw was found in Hibernate Validator version 6.1.2.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Hibernate Validator Websphere Application Server Jboss Enterprise Application Platform Satellite +3
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2018-1000632 Maven HIGH POC PATCH This Week

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dom4J Debian Linux Flexcube Investor Servicing Primavera P6 Enterprise Project Portfolio Management +10
NVD GitHub
CVSS 3.1
7.5
EPSS
6.6%
CVE-2018-10237 Maven MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service Guava Openshift Container Platform +15
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2018-5382 Maven MEDIUM PATCH This Month

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bc Java Satellite Satellite Capsule
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2017-15100 MEDIUM PATCH This Month

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Foreman Satellite Satellite Capsule
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2017-5929 Maven CRITICAL PATCH Act Now

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.1%.

Deserialization Logback Satellite Satellite Capsule
NVD
CVSS 3.1
9.8
EPSS
10.1%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in Hibernate Validator version 6.1.2.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Hibernate Validator Websphere Application Server +5
NVD
EPSS 7% CVSS 7.5
HIGH POC PATCH This Week

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Dom4J Debian Linux +12
NVD GitHub
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Google Java Denial Of Service +17
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bc Java Satellite +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Foreman Satellite +1
NVD GitHub
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.1%.

Deserialization Logback Satellite +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy