Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat satellite vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2016-3072
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
Katello Katello -
Redhat Satellite 6.1
3.5
CVSSv2
CVE-2018-16887
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can po...
Redhat Satellite 6.0
Theforeman Katello
NA
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Theforeman Foreman
Redhat Satellite 6.0
3.5
CVSSv2
CVE-2013-2101
Katello has multiple XSS issues in various entities
Theforeman Katello -
Redhat Satellite 6.0
4
CVSSv2
CVE-2019-3893
In Foreman it exists that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this...
Theforeman Foreman
Redhat Satellite 6.0
4
CVSSv2
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman Foreman
Redhat Satellite 6.0
6.5
CVSSv2
CVE-2013-2143
The users controller in Katello 1.5.0-14 and previous versions, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Redhat Network Satellite -
Theforeman Katello
1 EDB exploit
NA
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
NA
CVE-2023-1832
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.
Candlepinproject Candlepin
Redhat Satellite 6.0
5.8
CVSSv2
CVE-2011-0717
Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote malicious users to hijack web sessions via unspecified vectors related to Spacewalk.
Redhat Network Satellite Server 5.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »