21 matches found
rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
EUVD-2026-12572
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
GHSA-FWJ4-6WGP-MPXM Katello: Denial of Service and potential information disclosure via SQL injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
CVE-2026-4324
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
CVE-2026-4324 Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
CVE-2026-4324
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
CVE-2026-4324
The vulnerability CVE-2026-4324 affects the Katello plugin for Red Hat Satellite. It arises from improper sanitization in the sort_by parameter of the /api/hosts/bootc_images endpoint, enabling remote SQL injection that can cause Denial of Service via database errors and potentially extract data ...
CVE-2026-4324
A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sortby parameter of the /api/hosts/bootcimages API endpoint. This can lead to a Denial of...
PT-2026-25899
Name of the Vulnerable Software and Affected Versions Red Hat Satellite Katello Plugin affected versions not specified Description A flaw exists in the Katello plugin for Red Hat Satellite due to improper sanitization of user-provided input. This allows a remote attacker to inject arbitrary SQL...
EUVD-2024-44560
Malicious code in bioql PyPI...
EUVD-2022-3607
Malicious code in bioql PyPI...
CVE-2024-4812
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections...
CVE-2024-4812
The CVE-2024-4812 entries describe a stored cross-site scripting (XSS) vulnerability in the Katello plugin for Foreman, where malicious JavaScript can be saved in a user Description field and executed when loading pages such as Host Collections. Root cause: insufficient input sanitization of the ...
foreman: Managing repositories with their id via hammer does not respect the role filters
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter filter set on the Product Name, the filter is not respected when the actions are done via hammer using the repository id...
CVE-2017-2662
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter filter set on the Product Name, the filter is not respected when the actions are done via hammer using the repository id...
CVE-2017-2662
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter filter set on the Product Name, the filter is not respected when the actions are done via hammer using the repository id...
CVE-2017-2662
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter filter set on the Product Name, the filter is not respected when the actions are done via hammer using the repository id...
PT-2018-7165 · Foreman · Foreman +1
Name of the Vulnerable Software and Affected Versions: Foreman's katello plugin version 3.4.5 Description: A flaw was found in Foreman's katello plugin. The issue occurs when a new role is set to allow restricted access on a repository with a filter, specifically a filter set on the Product Name...