Redhat

Satellite

221 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.2

CVE-2018-2800

  • EPSS 0.19%
  • Veröffentlicht 19.04.2018 02:29:03
  • Zuletzt bearbeitet 21.11.2024 04:04:29

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit...

8.8

CVE-2016-9593

  • EPSS 0.15%
  • Veröffentlicht 16.04.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:01:28

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

4.4

CVE-2018-5382

  • EPSS 0.19%
  • Veröffentlicht 16.04.2018 14:29:01
  • Zuletzt bearbeitet 12.05.2025 17:37:16

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t...

6.5

CVE-2018-1096

  • EPSS 0.32%
  • Veröffentlicht 05.04.2018 21:29:01
  • Zuletzt bearbeitet 21.11.2024 03:59:10

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

8.8

CVE-2018-1097

  • EPSS 0.4%
  • Veröffentlicht 04.04.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:10

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

7.5

CVE-2018-1077

  • EPSS 0.22%
  • Veröffentlicht 14.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:07

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

8.1

CVE-2017-2667

  • EPSS 0.11%
  • Veröffentlicht 12.03.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:56

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middl...

4

CVE-2017-15136

  • EPSS 0.23%
  • Veröffentlicht 27.02.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 03:14:08

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

5.5

CVE-2017-10689

  • EPSS 0.09%
  • Veröffentlicht 09.02.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:06:18

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

6.5

CVE-2017-10690

  • EPSS 0.19%
  • Veröffentlicht 09.02.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:06:18

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4