| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment. |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. |
| Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. |
| Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. |
| Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. |
| GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503. |
| Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. |
| Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. |
| Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. |
| Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. |
