Vulnerabilities > Redhat > Satellite > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-04 | CVE-2024-7923 | Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. | 9.8 |
| 2024-09-04 | CVE-2024-7012 | Improper Authentication vulnerability in Redhat Satellite 6.13/6.14/6.15 An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. | 9.8 |
| 2023-09-22 | CVE-2022-3874 | OS Command Injection vulnerability in multiple products A command injection flaw was found in foreman. | 9.1 |
| 2023-09-20 | CVE-2023-0462 | Code Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2023-09-20 | CVE-2023-0118 | OS Command Injection vulnerability in multiple products An arbitrary code execution flaw was found in Foreman. | 9.1 |
| 2021-12-23 | CVE-2021-3584 | OS Command Injection vulnerability in multiple products A server side remote code execution vulnerability was found in Foreman project. | 9.0 |
| 2019-07-02 | CVE-2019-10137 | Path Traversal vulnerability in Redhat Satellite and Spacewalk A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. | 9.8 |
| 2018-08-09 | CVE-2018-10931 | Exposed Dangerous Method or Function vulnerability in multiple products It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. | 9.8 |
| 2018-07-27 | CVE-2017-7470 | Incorrect Authorization vulnerability in Redhat Satellite and Spacewalk It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | 9.8 |
| 2018-02-06 | CVE-2017-15095 | Deserialization of Untrusted Data vulnerability in multiple products A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | 9.8 |