Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Red Hat Satellite 6 Security Vulnerabilities

cve
cve

CVE-2024-3716

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the...

6.2CVSS

6.3AI Score

0.001EPSS

2024-06-05 03:15 PM
23
cve
cve

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host...

4.8CVSS

5.1AI Score

0.0004EPSS

2024-06-05 03:15 PM
23
cve
cve

CVE-2024-4871

A vulnerability was found in Satellite. When running a remote execution job on a host, the host's SSH key is not being checked. When the key changes, the Satellite still connects it because it uses "-o StrictHostKeyChecking=no". This flaw can lead to a man-in-the-middle attack (MITM), denial of...

6.8CVSS

6.6AI Score

0.0004EPSS

2024-05-14 04:17 PM
26
cve
cve

CVE-2023-50782

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive...

7.5CVSS

7.2AI Score

0.001EPSS

2024-02-05 09:15 PM
156
cve
cve

CVE-2023-1832

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected...

8.1CVSS

8AI Score

0.0005EPSS

2023-10-04 02:15 PM
22
cve
cve

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

9.1CVSS

9.3AI Score

0.001EPSS

2023-09-22 02:15 PM
41
cve
cve

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML...

9.1CVSS

9.3AI Score

0.001EPSS

2023-09-20 02:15 PM
27
cve
cve

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite...

8.8CVSS

8.4AI Score

0.0004EPSS

2020-07-31 01:15 PM
67
2
cve
cve

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted...

6.5CVSS

6.5AI Score

0.001EPSS

2020-01-02 08:15 PM
64