RHSA-2017:0256 Red Hat Security Advisory: tfm-rubygem-fusor_ui security update

Bulletin has no description...

RHEL 7 : tfm-rubygem-rubyzip (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - rubyzip: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file...

Satellite 6.12 Release

An update is available for libdb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Satellite is a systems management tool for...

Information Disclosure

tfm-rubygem is vulnerable to information disclosure. A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin...

CVE-2020-10716

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects...

Design/Logic Flaw

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This flaw affects...

CVE-2020-10716

CVE-2020-10716 describes a UI access-control flaw in Red Hat Satellite’s Job Invocation: the "User Input" entry is not properly restricted to the view, allowing a user with access to Job Invocation to scan the invocation and search for passwords or other sensitive data. Affected: tfm-rubygem-fore...

Design/Logic Flaw

A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

CVE-2021-3413

CVE-2021-3413 affects Red Hat Satellite’s tfm-rubygem-foreman_azure_rm: versions before 2.2.0 expose the Azure Resource Manager secret key via API output JSON, leading to potential information disclosure. Root cause: credential leakage in the API surface. Impact per sources: data confidentiality ...

CVE-2021-3413

A flaw was found in Red Hat Satellite in tfm-rubygem-foremanazurerm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...