Vulnerabilities > Redhat > Satellite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-4320 | Insufficient Session Expiration vulnerability in Redhat Satellite An arithmetic overflow flaw was found in Satellite when creating a new personal access token. | 7.5 |
| 2023-11-14 | CVE-2023-5189 | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-10-04 | CVE-2023-1832 | Incorrect Authorization vulnerability in multiple products An improper access control flaw was found in Candlepin. | 8.1 |
| 2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
| 2023-09-22 | CVE-2022-3874 | OS Command Injection vulnerability in multiple products A command injection flaw was found in foreman. | 9.1 |
| 2023-09-20 | CVE-2023-0118 | OS Command Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2023-09-12 | CVE-2023-0119 | Cross-site Scripting vulnerability in Redhat Satellite 6.13 A stored Cross-site scripting vulnerability was found in foreman. | 5.4 |
| 2022-12-16 | CVE-2022-4130 | Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9 A blind site-to-site request forgery vulnerability was found in Satellite server. | 4.5 |