Redhat

Satellite

228 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-4324

  • EPSS 0.08%
  • Veröffentlicht 17.03.2026 14:16:19
  • Zuletzt bearbeitet 17.03.2026 14:20:01

A flaw was found in the Katello plugin for Red Hat Satellite. This vulnerability, caused by improper sanitization of user-provided input, allows a remote attacker to inject arbitrary SQL commands into the sort_by parameter of the /api/hosts/bootc_ima...

8.8

CVE-2026-0980

  • EPSS 0.07%
  • Veröffentlicht 27.02.2026 07:30:42
  • Zuletzt bearbeitet 05.03.2026 02:04:57

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username...

6.5

CVE-2025-9572

  • EPSS 0.01%
  • Veröffentlicht 27.02.2026 07:28:44
  • Zuletzt bearbeitet 17.03.2026 21:06:12

n authorization flaw in Foreman's GraphQL API allows low-privileged users to access metadata beyond their assigned permissions. Unlike the REST API, which correctly enforces access controls, the GraphQL endpoint does not apply proper filtering, leadi...

8.1

CVE-2026-1530

  • EPSS 0.01%
  • Veröffentlicht 02.02.2026 05:47:10
  • Zuletzt bearbeitet 03.02.2026 16:44:36

A flaw was found in fog-kubevirt. This vulnerability allows a remote attacker to perform a Man-in-the-Middle (MITM) attack due to disabled certificate validation. This enables the attacker to intercept and potentially alter sensitive communications b...

8.1

CVE-2026-1531

  • EPSS 0.01%
  • Veröffentlicht 02.02.2026 05:47:09
  • Zuletzt bearbeitet 03.02.2026 16:44:36

A flaw was found in foreman_kubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority (CA) certificate is not explicitly set. This insecure default allows a remote attacker, capable of int...

7.4

CVE-2025-12790

  • EPSS 0.07%
  • Veröffentlicht 06.11.2025 21:15:40
  • Zuletzt bearbeitet 12.11.2025 16:20:22

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.

8

CVE-2025-10622

  • EPSS 0.15%
  • Veröffentlicht 05.11.2025 07:32:14
  • Zuletzt bearbeitet 06.02.2026 21:16:14

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validatio...

3.3

CVE-2025-2157

  • EPSS 0.03%
  • Veröffentlicht 15.03.2025 06:35:52
  • Zuletzt bearbeitet 15.03.2025 07:15:34

A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information d...

5

CVE-2024-12840

  • EPSS 0.06%
  • Veröffentlicht 20.12.2024 16:15:23
  • Zuletzt bearbeitet 12.05.2025 21:15:46

Rejected reason: Red Hat Product Security has come to the conclusion that this CVE is not needed. The problem described was inteded behavior and therefore not a bug.

9.8

CVE-2024-7012

  • EPSS 0.22%
  • Veröffentlicht 04.09.2024 14:15:14
  • Zuletzt bearbeitet 06.11.2024 09:15:04

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restriction...