CVE-2025-10622

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting. Mitigation Mitigation f...

PT-2025-45091

Name of the Vulnerable Software and Affected Versions Red Hat Satellite Foreman component affected versions not specified Description A flaw exists in Red Hat Satellite’s Foreman component that could allow an authenticated user with edit settings permissions to execute arbitrary commands on the...

foreman: OS command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

Red Hat Satellite 操作系统命令注入漏洞

Red Hat Satellite is a system management platform from Red Hat. The platform can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in Red Hat Satellite, which originates in the...

foreman: stored XSS in success notification after entity creation

A cross-site scripting XSS flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and...

CVE-2018-14664

A cross-site scripting XSS flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and...