Vulnerabilities > Redhat > Satellite
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-20 | CVE-2023-0118 | OS Command Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
2023-09-12 | CVE-2023-0119 | Cross-site Scripting vulnerability in Redhat Satellite 6.13 A stored Cross-site scripting vulnerability was found in foreman. | 5.4 |
2022-12-16 | CVE-2022-4130 | Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9 A blind site-to-site request forgery vulnerability was found in Satellite server. | 4.5 |
2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
2022-08-26 | CVE-2021-3414 | Improper Preservation of Permissions vulnerability in Redhat Satellite 6.7 A flaw was found in satellite. | 8.1 |
2022-08-22 | CVE-2021-3590 | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Foreman project. | 8.8 |
2022-03-23 | CVE-2021-3589 | Missing Authentication for Critical Function vulnerability in multiple products An authorization flaw was found in Foreman Ansible. | 8.0 |
2021-12-23 | CVE-2021-3584 | A server side remote code execution vulnerability was found in Foreman project. | 7.2 |