Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
satellite vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2023-0118
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system.
Theforeman Foreman
Redhat Satellite
9.1
CVSSv3
CVE-2023-0462
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload.
Theforeman Foreman
Redhat Satellite
5.4
CVSSv3
CVE-2013-2101
Katello has multiple XSS issues in various entities
Theforeman Katello -
Redhat Satellite 6.0
NA
CVE-2015-6923
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
Vboxcomm Satellite Express Protocol 2.3.17.3
1 EDB exploit
NA
CVE-2013-2143
The users controller in Katello 1.5.0-14 and previous versions, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.
Redhat Network Satellite -
Theforeman Katello
1 EDB exploit
8.8
CVSSv3
CVE-2016-9593
foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.
Theforeman Foreman
Redhat Satellite 6.0
7.4
CVSSv3
CVE-2014-8183
It was found that foreman, versions 1.x.x prior to 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
Theforeman Foreman
Redhat Satellite 6.0
8.8
CVSSv3
CVE-2021-3590
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Theforeman Foreman
Redhat Satellite 6.0
4.3
CVSSv3
CVE-2019-10136
It was found that Spacewalk, all versions up to and including 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the c...
Redhat Satellite 5.8
Redhat Spacewalk
9.8
CVSSv3
CVE-2019-10137
A path traversal flaw was found in spacewalk-proxy, all versions up to and including 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's ...
Redhat Satellite 5.0
Redhat Spacewalk
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »