Vulnerabilities > Redhat > Satellite

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-0118 OS Command Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-78
critical
9.1
2023-09-20 CVE-2023-0462 Code Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-94
critical
9.1
2023-09-12 CVE-2023-0119 Cross-site Scripting vulnerability in Redhat Satellite 6.13
A stored Cross-site scripting vulnerability was found in foreman.
network
low complexity
redhat CWE-79
5.4
2022-12-16 CVE-2022-4130 Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9
A blind site-to-site request forgery vulnerability was found in Satellite server.
network
low complexity
redhat
4.5
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2022-09-29 CVE-2015-1931 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
local
low complexity
ibm suse redhat CWE-312
5.5
2022-08-26 CVE-2021-3414 Improper Preservation of Permissions vulnerability in Redhat Satellite 6.7
A flaw was found in satellite.
network
low complexity
redhat CWE-281
8.1
2022-08-22 CVE-2021-3590 Cleartext Transmission of Sensitive Information vulnerability in multiple products
A flaw was found in Foreman project.
network
low complexity
theforeman redhat CWE-319
8.8
2022-03-23 CVE-2021-3589 Missing Authentication for Critical Function vulnerability in multiple products
An authorization flaw was found in Foreman Ansible.
network
high complexity
theforeman redhat CWE-306
8.0
2021-12-23 CVE-2021-3584 A server side remote code execution vulnerability was found in Foreman project.
network
low complexity
theforeman redhat
7.2