VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
> Satellite
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-09-04
CVE-2024-7012
Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.
network
low complexity
redhat
CWE-287
critical
9.8
9.8
2024-09-04
CVE-2024-7923
Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.
network
low complexity
redhat
critical
9.8
9.8
2024-06-05
CVE-2024-3716
Unspecified vulnerability in Redhat Satellite 6.0
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter.
local
low complexity
redhat
6.2
6.2
2024-06-05
CVE-2024-4812
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user.
network
low complexity
redhat
katello-project
4.8
4.8
2023-12-18
CVE-2023-4320
Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat
CWE-613
7.5
7.5
2023-11-14
CVE-2023-5189
Relative Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite
A path traversal vulnerability exists in Ansible when extracting tarballs.
network
low complexity
redhat
CWE-23
6.5
6.5
2023-10-10
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
network
low complexity
ietf
nghttp2
netty
envoyproxy
eclipse
caddyserver
golang
f5
apache
apple
grpc
microsoft
nodejs
dena
facebook
amazon
debian
kazu-yamamoto
istio
varnish-cache-project
traefik
projectcontour
linkerd
linecorp
redhat
fedoraproject
netapp
akka
konghq
jenkins
openresty
cisco
7.5
7.5
2023-10-04
CVE-2023-1832
Incorrect Authorization vulnerability in multiple products
An improper access control flaw was found in Candlepin.
network
low complexity
candlepinproject
redhat
CWE-863
8.1
8.1
2023-10-03
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman.
local
low complexity
theforeman
redhat
4.4
4.4
2023-09-22
CVE-2022-3874
OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat
theforeman
CWE-78
critical
9.1
9.1
«
1
(current)
2
3
4
5
...
20
21
»
Next