Redhat: >> Satellite Security Vulnerabilities
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-02-23
A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-31
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-05-06
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVSS Score
7.5
EPSS Score
0.003
Published
2020-02-19
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-01-02
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVSS Score
5.5
EPSS Score
0.001
Published
2019-12-13
Katello has multiple XSS issues in various entities
CVSS Score
5.4
EPSS Score
0.003
Published
2019-12-03
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVSS Score
6.5
EPSS Score
0.001
Published
2019-12-02
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVSS Score
6.5
EPSS Score
0.025
Published
2019-11-05
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVSS Score
6.5
EPSS Score
0.02
Published
2019-11-05