Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4320 |
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Published: December 18, 2023; 9:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-5189 |
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. Published: November 14, 2023; 6:15:12 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-44487 |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Published: October 10, 2023; 10:15:10 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-1832 |
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. Published: October 04, 2023; 10:15:10 AM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-4886 |
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. Published: October 03, 2023; 11:15:40 AM -0400 |
V3.1: 4.4 MEDIUM V2.0:(not available) |
CVE-2022-3874 |
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. Published: September 22, 2023; 10:15:44 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2023-0462 |
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. Published: September 20, 2023; 10:15:12 AM -0400 |
V3.1: 9.1 CRITICAL V2.0:(not available) |
CVE-2022-3644 |
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. Published: October 25, 2022; 2:15:10 PM -0400 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2021-3590 |
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: August 22, 2022; 11:15:13 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2021-3589 |
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: March 23, 2022; 4:15:09 PM -0400 |
V3.1: 8.0 HIGH V2.0: 6.5 MEDIUM |
CVE-2021-42550 |
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. Published: December 16, 2021; 2:15:08 PM -0500 |
V3.1: 6.6 MEDIUM V2.0: 8.5 HIGH |
CVE-2020-14371 |
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite. Published: June 02, 2021; 9:15:08 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-14335 |
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. Published: June 02, 2021; 8:15:08 AM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2021-3413 |
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: April 08, 2021; 7:15:12 PM -0400 |
V3.1: 6.3 MEDIUM V2.0: 6.5 MEDIUM |
CVE-2021-20256 |
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Published: February 23, 2021; 6:15:13 PM -0500 |
V3.1: 5.3 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2020-14334 |
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. Published: July 31, 2020; 9:15:12 AM -0400 |
V3.1: 8.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2012-6685 |
Nokogiri before 1.5.4 is vulnerable to XXE attacks Published: February 19, 2020; 10:15:11 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2014-3590 |
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. Published: January 02, 2020; 3:15:19 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2014-0241 |
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable Published: December 13, 2019; 8:15:11 AM -0500 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2013-2101 |
Katello has multiple XSS issues in various entities Published: December 03, 2019; 9:15:09 AM -0500 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |