Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
satellite vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2017-7513
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.
Redhat Satellite 5.0
Redhat Satellite 5.4
Redhat Satellite 5.2
Redhat Satellite 5.8
Redhat Satellite 5.7
Redhat Satellite 5.6
Redhat Satellite 5.5
Redhat Satellite 5.4.1
Redhat Satellite 5.3
Redhat Satellite 5.1.1
6
CVSSv2
CVE-2010-2236
The monitoring probe display in spacewalk-java prior to 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 up to and including 4.2.0 and 5.1.0 up to and including 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execut...
Redhat Satellite 4.0
Redhat Satellite 4.2
Redhat Satellite 5.3
Redhat Spacewalk-java
Redhat Network Proxy 5.3
Redhat Satellite 5.1
Redhat Satellite 5.2
Redhat Satellite 4.1
NA
CVE-2022-4130
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.
Redhat Satellite 6.11
Redhat Satellite 6.9
Redhat Satellite 6.10
7.5
CVSSv2
CVE-2013-4480
Red Hat Satellite 5.6 and previous versions does not disable the web interface that is used to create the first user for a satellite, which allows remote malicious users to create administrator accounts.
Redhat Network Satellite
Redhat Satellite With Embedded Oracle 5.4
Redhat Satellite With Embedded Oracle 5.3
Redhat Satellite With Embedded Oracle 5.5
Redhat Satellite
Redhat Satellite With Embedded Oracle 5.2
Suse Manager 1.7
Suse Linux Enterprise 11.0
5.5
CVSSv2
CVE-2010-1171
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files ...
Redhat Satellite 5.4
Redhat Satellite 5.3
3.6
CVSSv2
CVE-2016-9595
A flaw was found in katello-debug prior to 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
Theforeman Katello
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
3.5
CVSSv2
CVE-2016-8639
It was found that foreman prior to 1.13.0 is vulnerable to a stored XSS via an organization or location name. This could allow an attacker with privileges to set the organization or location name to display arbitrary HTML including scripting code within the web interface.
Theforeman Foreman
Redhat Satellite 6.3
Redhat Satellite Capsule 6.3
6.8
CVSSv2
CVE-2009-4139
Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 up to and including 5.4.1 and other products, allows remote malicious users to hijack the authent...
Redhat Network Satellite Server 5.4.0
Redhat Network Satellite Server 5.3.0
Redhat Network Satellite Server 5.4.1
Redhat Spacewalk-java 1.2.39
4.3
CVSSv2
CVE-2014-3595
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 up to and including 5.6 allows remote malicious users to inject arbitrary web script or HTML via a crafted request that is not properly handle...
Redhat Satellite 5.4
Redhat Satellite 5.5
Redhat Satellite 5.6
Redhat Satellite With Embedded Oracle 5.4
Redhat Satellite With Embedded Oracle 5.5
Redhat Spacewalk-java 1.2.39
Redhat Spacewalk-java 1.7.54
Redhat Spacewalk-java 2.0.2
Suse Manager 1.7
Suse Manager Server -
4
CVSSv2
CVE-2020-10716
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitiv...
Redhat Satellite Capsule 6.7
Redhat Satellite 6.7
Theforeman Foreman Ansible
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »