Lucene search

K
RedhatSatellite6.0

30 matches found

CVE
CVE
added 2023/10/10 2:15 p.m.4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS
CVE
CVE
added 2022/08/22 3:15 p.m.2031 views

CVE-2021-3590

A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8.8CVSS8.6AI score0.00057EPSS
CVE
CVE
added 2021/12/16 7:15 p.m.254 views

CVE-2021-42550

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

8.5CVSS7AI score0.03447EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.195 views

CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks

7.5CVSS7.3AI score0.00323EPSS
CVE
CVE
added 2021/12/08 12:15 a.m.161 views

CVE-2021-44420

In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

7.5CVSS7.1AI score0.00102EPSS
CVE
CVE
added 2023/11/14 11:15 p.m.153 views

CVE-2023-5189

A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten.

6.5CVSS6.2AI score0.00424EPSS
CVE
CVE
added 2022/10/25 6:15 p.m.145 views

CVE-2022-3644

The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.

5.5CVSS5.8AI score0.00032EPSS
CVE
CVE
added 2023/09/22 2:15 p.m.134 views

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating syste...

9.1CVSS8.8AI score0.00171EPSS
CVE
CVE
added 2023/10/03 3:15 p.m.132 views

CVE-2023-4886

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.

6.7CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2020/07/31 1:15 p.m.114 views

CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

8.8CVSS8.4AI score0.00263EPSS
CVE
CVE
added 2022/03/23 8:15 p.m.103 views

CVE-2021-3589

An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

8CVSS7.5AI score0.00219EPSS
CVE
CVE
added 2021/04/08 11:15 p.m.92 views

CVE-2021-3413

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity ...

6.5CVSS6.3AI score0.00217EPSS
CVE
CVE
added 2020/01/02 8:15 p.m.86 views

CVE-2014-3590

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

6.5CVSS6.5AI score0.0012EPSS
CVE
CVE
added 2021/12/23 8:15 p.m.68 views

CVE-2021-3584

A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity and availability of ...

9CVSS7.5AI score0.00725EPSS
CVE
CVE
added 2019/01/13 2:29 a.m.66 views

CVE-2018-16887

A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to mali...

5.4CVSS5.4AI score0.00261EPSS
CVE
CVE
added 2021/02/23 11:15 p.m.66 views

CVE-2021-20256

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

5.3CVSS5.4AI score0.00043EPSS
CVE
CVE
added 2019/08/01 2:15 p.m.63 views

CVE-2014-8183

It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.

7.4CVSS7.3AI score0.00153EPSS
CVE
CVE
added 2019/04/09 4:29 p.m.61 views

CVE-2019-3893

In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this flaw to take control...

4.9CVSS5.5AI score0.01281EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.55 views

CVE-2020-14335

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

5.5CVSS5.7AI score0.00043EPSS
CVE
CVE
added 2018/04/16 3:29 p.m.50 views

CVE-2016-9593

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

8.8CVSS8.3AI score0.00146EPSS
CVE
CVE
added 2024/06/05 3:15 p.m.50 views

CVE-2024-4812

A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections.

4.8CVSS5AI score0.00079EPSS
CVE
CVE
added 2018/02/27 9:29 p.m.49 views

CVE-2017-15136

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

4CVSS4.1AI score0.00229EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2017/08/28 3:29 p.m.47 views

CVE-2014-8168

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

6.1CVSS6.1AI score0.00034EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.46 views

CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

5.5CVSS5.5AI score0.00104EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.45 views

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

6.5CVSS6.4AI score0.00274EPSS
CVE
CVE
added 2024/06/05 3:15 p.m.44 views

CVE-2024-3716

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

6.2CVSS6.3AI score0.00043EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.41 views

CVE-2013-2101

Katello has multiple XSS issues in various entities

5.4CVSS5.2AI score0.00261EPSS
CVE
CVE
added 2023/10/04 2:15 p.m.38 views

CVE-2023-1832

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

8.1CVSS7.3AI score0.00116EPSS