Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2025/11/06 2:27 a.m.6 views

foreman: OS command injection via ct_location and fcct_location parameters

A flaw was found in Red Hat Satellite Foreman component. This vulnerability allows an authenticated user with editsettings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting...

8CVSS6AI score0.00519EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.50 views

RHEL 7 / 8 : Satellite 6.11.5.6 async (RHSA-2023:5980)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5980 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessit...

10CVSS7.8AI score0.99999EPSS
Exploits25References20
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.69 views

RHEL 8 : Satellite 6.13.5 Async Security Update (Important) (RHSA-2023:5931)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5931 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...

10CVSS7.7AI score0.99999EPSS
Exploits26References42
RedHat Linux
RedHat Linux
added 2015/12/15 9:17 a.m.3 views

foreman: reports show/destroy not restricted by host authorization

A flaw was discovered where Satellite failed to properly enforce permissions on the show and delete actions for reports. An authenticated user with show or delete report permissions could use this flaw to view or delete any reports held in Foreman...

6CVSS5.8AI score0.01164EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/08/12 5:4 a.m.5 views

rhn_satellite_6: cross-site request forgery (CSRF) can force logout

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content...

6.5CVSS5.8AI score0.00522EPSS
Exploits0References4
Rows per page
Query Builder