Redhat

Satellite

221 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.2

CVE-2018-2800

  • EPSS 0.19%
  • Published 19.04.2018 02:29:03
  • Last modified 21.11.2024 04:04:29

Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit...

8.8

CVE-2016-9593

  • EPSS 0.15%
  • Published 16.04.2018 15:29:00
  • Last modified 21.11.2024 03:01:28

foreman-debug before version 1.15.0 is vulnerable to a flaw in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems.

4.4

CVE-2018-5382

  • EPSS 0.19%
  • Published 16.04.2018 14:29:01
  • Last modified 12.05.2025 17:37:16

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies t...

6.5

CVE-2018-1096

  • EPSS 0.32%
  • Published 05.04.2018 21:29:01
  • Last modified 21.11.2024 03:59:10

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.

8.8

CVE-2018-1097

  • EPSS 0.4%
  • Published 04.04.2018 21:29:00
  • Last modified 21.11.2024 03:59:10

A flaw was found in foreman before 1.16.1. The issue allows users with limited permissions for powering oVirt/RHV hosts on and off to discover the username and password used to connect to the compute resource.

7.5

CVE-2018-1077

  • EPSS 0.22%
  • Published 14.03.2018 18:29:00
  • Last modified 21.11.2024 03:59:07

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

8.1

CVE-2017-2667

  • EPSS 0.11%
  • Published 12.03.2018 15:29:00
  • Last modified 21.11.2024 03:23:56

Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middl...

4

CVE-2017-15136

  • EPSS 0.23%
  • Published 27.02.2018 21:29:00
  • Last modified 21.11.2024 03:14:08

When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

5.5

CVE-2017-10689

  • EPSS 0.09%
  • Published 09.02.2018 20:29:00
  • Last modified 21.11.2024 03:06:18

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

6.5

CVE-2017-10690

  • EPSS 0.19%
  • Published 09.02.2018 20:29:00
  • Last modified 21.11.2024 03:06:18

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4