Lucene search

K

18 matches found

CVE
CVE
added 2023/09/20 2:15 p.m.174 views

CVE-2023-0118

An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.

9.1CVSS9.4AI score0.00035EPSS
CVE
CVE
added 2023/09/20 2:15 p.m.126 views

CVE-2023-0462

An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.

9.1CVSS8.7AI score0.00079EPSS
CVE
CVE
added 2023/12/18 2:15 p.m.116 views

CVE-2023-4320

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

7.6CVSS7.4AI score0.0005EPSS
CVE
CVE
added 2020/07/31 1:15 p.m.114 views

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

8.8CVSS8.4AI score0.00263EPSS
CVE
CVE
added 2019/04/11 3:29 p.m.99 views

CVE-2019-3845

A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this fla...

8CVSS7.5AI score0.00085EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.96 views

CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

7.5CVSS7.4AI score0.00248EPSS
CVE
CVE
added 2021/04/08 11:15 p.m.92 views

CVE-2021-3413

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

6.5CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2021/02/23 11:15 p.m.66 views

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.3CVSS5.4AI score0.00043EPSS
CVE
CVE
added 2019/12/02 7:15 p.m.63 views

CVE-2012-5562

rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite

6.5CVSS6.5AI score0.00098EPSS
CVE
CVE
added 2018/07/26 5:29 p.m.61 views

CVE-2017-12175

Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality.

5.4CVSS5.9AI score0.00544EPSS
CVE
CVE
added 2013/11/18 2:55 a.m.60 views

CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

7.5CVSS6.7AI score0.00704EPSS
CVE
CVE
added 2018/07/30 3:29 p.m.57 views

CVE-2017-7514

A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.

5.4CVSS5.1AI score0.00205EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.55 views

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

5.5CVSS5.7AI score0.00043EPSS
CVE
CVE
added 2018/07/26 3:29 p.m.54 views

CVE-2017-7538

A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users.

5.4CVSS5.1AI score0.00246EPSS
CVE
CVE
added 2008/08/14 8:41 p.m.51 views

CVE-2008-2369

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

9.1CVSS9.2AI score0.00616EPSS
CVE
CVE
added 2022/08/26 4:15 p.m.48 views

CVE-2021-3414

A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.

8.1CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.45 views

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

6.5CVSS6.4AI score0.00274EPSS
CVE
CVE
added 2019/01/22 3:29 p.m.44 views

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

7.2CVSS6.8AI score0.00353EPSS