Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat satellite vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-16887
A cross-site scripting (XSS) flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can po...
Redhat Satellite 6.0
Theforeman Katello
NA
CVE-2023-1832
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.
Candlepinproject Candlepin
Redhat Satellite 6.0
655
VMScore
CVE-2013-2143
The users controller in Katello 1.5.0-14 and previous versions, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Redhat Network Satellite -
Theforeman Katello
1 EDB exploit
578
VMScore
CVE-2021-3589
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system avai...
Theforeman Foreman Ansible
Redhat Satellite 6.0
187
VMScore
CVE-2014-0241
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
Theforeman Hammer Cli -
Redhat Satellite 6.0
356
VMScore
CVE-2019-10198
An authentication bypass vulnerability exists in foreman-tasks prior to 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web ...
Theforeman Foreman-tasks
Redhat Satellite 6.6
NA
CVE-2022-3644
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
Pulpproject Pulp Ansible -
Redhat Satellite 6.0
Redhat Ansible Automation Platform 2.0
Redhat Update Infrastructure 3.0
801
VMScore
CVE-2021-3584
A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest threat from this vulnerability is to confidentiality, integrity a...
Theforeman Foreman
Theforeman Foreman 3.0.0
Redhat Satellite 6.0
356
VMScore
CVE-2017-10690
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
Puppet Puppet
Puppet Puppet Enterprise
Redhat Satellite 6.4
445
VMScore
CVE-2012-6685
Nokogiri prior to 1.5.4 is vulnerable to XXE attacks
Nokogiri Nokogiri
Redhat Cloudforms Management Engine 5.0
Redhat Enterprise Mrg 2.0
Redhat Openshift 2.0
Redhat Openstack 4.0
Redhat Openstack 6.0
Redhat Openstack Foreman -
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »