Vulnerabilities > Redhat > Satellite > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-05 | CVE-2024-3716 | Unspecified vulnerability in Redhat Satellite 6.0 A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. | 6.2 |
| 2024-06-05 | CVE-2024-4812 | Cross-site Scripting vulnerability in multiple products A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. | 4.8 |
| 2023-11-14 | CVE-2023-5189 | Path Traversal vulnerability in Redhat Ansible Automation Platform and Satellite A path traversal vulnerability exists in Ansible when extracting tarballs. | 6.5 |
| 2023-10-03 | CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. | 4.4 |
| 2023-09-12 | CVE-2023-0119 | Cross-site Scripting vulnerability in Redhat Satellite 6.13 A stored Cross-site scripting vulnerability was found in foreman. | 5.4 |
| 2022-12-16 | CVE-2022-4130 | Unspecified vulnerability in Redhat Satellite 6.10/6.11/6.9 A blind site-to-site request forgery vulnerability was found in Satellite server. | 4.5 |
| 2022-10-25 | CVE-2022-3644 | Insufficiently Protected Credentials vulnerability in multiple products The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | 5.5 |
| 2022-09-29 | CVE-2015-1931 | Cleartext Storage of Sensitive Information vulnerability in multiple products IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | 5.5 |
| 2021-12-16 | CVE-2021-42550 | Deserialization of Untrusted Data vulnerability in multiple products In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | 6.6 |
| 2021-06-02 | CVE-2020-14371 | Information Exposure vulnerability in Redhat Satellite 6.0 A credential leak vulnerability was found in Red Hat Satellite. | 4.0 |