Satellite Security Vulnerabilities and Issues — Page 5 of Satellite CVE List

Lucene search

RedhatSatellite

220 matches found

CVE•added 2018/08/22 3:29 p.m.•51 views

CVE-2017-7513

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

5.8CVSS5.2AI score0.0009EPSS

CVE•added 2014/02/14 3:55 p.m.•50 views

CVE-2013-1871

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

3.5CVSS5.7AI score0.00287EPSS

Web

CVE•added 2018/02/27 9:29 p.m.•50 views

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

4CVSS4.1AI score0.00229EPSS

CVE•added 2019/12/03 2:15 p.m.•49 views

CVE-2013-2101

Katello has multiple XSS issues in various entities

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2016/08/05 2:59 p.m.•49 views

CVE-2016-3080

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

6.1CVSS6AI score0.00235EPSS

CVE•added 2022/08/26 4:15 p.m.•49 views

CVE-2021-3414

A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.

8.1CVSS7.8AI score0.00134EPSS

CVE•added 2019/11/05 3:15 p.m.•48 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS

CVE•added 2017/08/28 3:29 p.m.•48 views

CVE-2014-8168

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

6.1CVSS6.1AI score0.00034EPSS

CVE•added 2016/04/14 2:59 p.m.•48 views

CVE-2016-2103

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.

6.1CVSS6AI score0.00236EPSS

Web

CVE•added 2013/07/31 1:20 p.m.•46 views

CVE-2013-2056

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5CVSS6.9AI score0.00377EPSS

CVE•added 2017/04/13 2:59 p.m.•46 views

CVE-2016-2104

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/Na...

6.1CVSS6AI score0.00301EPSS

Web

CVE•added 2021/06/02 1:15 p.m.•46 views

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

6.5CVSS6.4AI score0.00274EPSS

CVE•added 2024/06/05 3:15 p.m.•46 views

CVE-2024-3716

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

6.2CVSS6.3AI score0.00043EPSS

CVE•added 2014/02/14 3:55 p.m.•45 views

CVE-2012-6149

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

3.5CVSS5.7AI score0.00252EPSS

Web

CVE•added 2017/08/28 7:29 p.m.•45 views

CVE-2014-8163

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.

6.5CVSS6.5AI score0.00684EPSS

CVE•added 2019/01/22 3:29 p.m.•45 views

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

7.2CVSS6.8AI score0.00353EPSS

CVE•added 2018/03/14 6:29 p.m.•42 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

7.5CVSS7.3AI score0.00234EPSS

CVE•added 2014/04/15 11:55 p.m.•40 views

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rel...

6CVSS7.6AI score0.02056EPSS

CVE•added 2023/10/04 2:15 p.m.•40 views

CVE-2023-1832

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

8.1CVSS7.3AI score0.00116EPSS

CVE•added 2017/08/28 3:29 p.m.•36 views

CVE-2014-0141

Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.

6.1CVSS6.1AI score0.0028EPSS

Total number of security vulnerabilities220