Vulnerabilities > Redhat > Satellite > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-7923 Unspecified vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration.
network
low complexity
redhat
critical
9.8
2024-09-04 CVE-2024-7012 Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15
An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration.
network
low complexity
redhat CWE-287
critical
9.8
2023-09-22 CVE-2022-3874 OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat theforeman CWE-78
critical
9.1
2023-09-20 CVE-2023-0462 Code Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-94
critical
9.1
2023-09-20 CVE-2023-0118 OS Command Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-78
critical
9.1
2019-10-17 CVE-2019-17631 Improper Privilege Management vulnerability in multiple products
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
network
low complexity
eclipse redhat CWE-269
critical
9.1
2019-07-02 CVE-2019-10137 Unspecified vulnerability in Redhat Satellite and Spacewalk
A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens.
network
low complexity
redhat
critical
9.8
2019-02-11 CVE-2018-12547 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter.
network
low complexity
eclipse redhat CWE-119
critical
9.8
2019-02-11 CVE-2018-12549 Improper Input Validation vulnerability in multiple products
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
network
low complexity
eclipse redhat CWE-20
critical
9.8
2018-10-17 CVE-2018-3183 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting).
network
high complexity
oracle redhat debian canonical hp
critical
9.0