Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
satellite vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-3893
In Foreman it exists that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resource" permission can use this...
Theforeman Foreman
Redhat Satellite 6.0
NA
CVE-2023-1832
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.
Candlepinproject Candlepin
Redhat Satellite 6.0
3.5
CVSSv2
CVE-2013-2101
Katello has multiple XSS issues in various entities
Theforeman Katello -
Redhat Satellite 6.0
6.5
CVSSv2
CVE-2013-2143
The users controller in Katello 1.5.0-14 and previous versions, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Redhat Network Satellite -
Theforeman Katello
1 EDB exploit
5.8
CVSSv2
CVE-2011-0717
Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote malicious users to hijack web sessions via unspecified vectors related to Spacewalk.
Redhat Network Satellite Server 5.4
4
CVSSv2
CVE-2018-1097
A flaw was found in foreman prior to 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.
Theforeman Foreman
Redhat Satellite 6.4
7.5
CVSSv2
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions up to and including 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's ...
Redhat Satellite 5.0
Redhat Spacewalk
7.2
CVSSv2
CVE-2015-6923
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
Vboxcomm Satellite Express Protocol 2.3.17.3
1 EDB exploit
NA
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
Theforeman Foreman
Redhat Satellite 6.0
4.3
CVSSv2
CVE-2011-2927
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote malicious users to inject arbitrary web script or HTML via vectors related to Search forms.
Redhat Spacewalk 1.6
Redhat Network Satellite -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »