Lucene search
K

985 matches found

RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.7 views

Important: Red Hat Security Advisory: Satellite 6.16.10 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS5.7AI score0.00297EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.7 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.7 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:33 p.m.5 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.4 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:32 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.13 views

Important: Red Hat Security Advisory: Satellite 6.18.7 Async Update

A new release is now available for Red Hat Satellite 6.18 for RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS6.8AI score0.00671EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.7 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.6 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.5 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.4 views

foreman: foreman: Cross-tenant private SSH key disclosure via taxonomy scoping bypass

A flaw was found in foreman. Authenticated users with 'viewkeypairs' permission can bypass taxonomy scoping, allowing them to download private SSH Secure Shell keys from other organizations by directly querying key pair IDs. This vulnerability leads to cross-tenant data exposure in multi-tenant...

6.5CVSS5.7AI score0.00253EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 5:30 p.m.15 views

foreman: Foreman: Privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 3:17 p.m.9 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS0.00242EPSS
Exploits0References6
NVD
NVD
added 2026/07/01 2:16 p.m.8 views

CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS0.00297EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.5 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/01 2:8 p.m.32 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS0.00231EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/07/01 2:8 p.m.7 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder