Vulnerabilities > Redhat > Satellite > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-3716 Unspecified vulnerability in Redhat Satellite 6.0
A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter.
local
low complexity
redhat
6.2
2024-06-05 CVE-2024-4812 A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user.
network
low complexity
redhat katello-project
4.8
2023-11-14 CVE-2023-5189 Relative Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite
A path traversal vulnerability exists in Ansible when extracting tarballs.
network
low complexity
redhat CWE-23
6.5
2023-10-03 CVE-2023-4886 A sensitive information exposure vulnerability was found in foreman.
local
low complexity
theforeman redhat
4.4
2023-09-12 CVE-2023-0119 Cross-site Scripting vulnerability in Redhat Satellite 6.13
A stored Cross-site scripting vulnerability was found in foreman.
network
low complexity
redhat CWE-79
5.4
2022-12-16 CVE-2022-4130 Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9
A blind site-to-site request forgery vulnerability was found in Satellite server.
network
low complexity
redhat
4.5
2022-10-25 CVE-2022-3644 Insufficiently Protected Credentials vulnerability in multiple products
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.
local
low complexity
pulpproject redhat CWE-522
5.5
2022-09-29 CVE-2015-1931 Cleartext Storage of Sensitive Information vulnerability in multiple products
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file.
local
low complexity
ibm suse redhat CWE-312
5.5
2021-12-16 CVE-2021-42550 Deserialization of Untrusted Data vulnerability in multiple products
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
network
high complexity
qos redhat netapp siemens CWE-502
6.6
2021-06-02 CVE-2020-14371 Unspecified vulnerability in Redhat Satellite 6.0
A credential leak vulnerability was found in Red Hat Satellite.
network
low complexity
redhat
6.5