VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Redhat
>
Satellite
> 6.0
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-06-05
CVE-2024-3716
Unspecified vulnerability in Redhat Satellite 6.0
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter.
local
low complexity
redhat
6.2
6.2
2024-06-05
CVE-2024-4812
A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user.
network
low complexity
redhat
katello-project
4.8
4.8
2023-12-18
CVE-2023-4320
Insufficient Session Expiration vulnerability in Redhat Satellite
An arithmetic overflow flaw was found in Satellite when creating a new personal access token.
network
low complexity
redhat
CWE-613
7.5
7.5
2023-11-14
CVE-2023-5189
Relative Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite
A path traversal vulnerability exists in Ansible when extracting tarballs.
network
low complexity
redhat
CWE-23
6.5
6.5
2023-10-10
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
network
low complexity
ietf
nghttp2
netty
envoyproxy
eclipse
caddyserver
golang
f5
apache
apple
grpc
microsoft
nodejs
dena
facebook
amazon
debian
kazu-yamamoto
istio
varnish-cache-project
traefik
projectcontour
linkerd
linecorp
redhat
fedoraproject
netapp
akka
konghq
jenkins
openresty
cisco
7.5
7.5
2023-10-04
CVE-2023-1832
Incorrect Authorization vulnerability in multiple products
An improper access control flaw was found in Candlepin.
network
low complexity
candlepinproject
redhat
CWE-863
8.1
8.1
2023-10-03
CVE-2023-4886
A sensitive information exposure vulnerability was found in foreman.
local
low complexity
theforeman
redhat
4.4
4.4
2023-09-22
CVE-2022-3874
OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat
theforeman
CWE-78
critical
9.1
9.1
2023-09-20
CVE-2023-0462
Code Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman
redhat
CWE-94
critical
9.1
9.1
2022-10-25
CVE-2022-3644
Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject
redhat
CWE-522
5.5
5.5
«
1
(current)
2
3
4
»
Next