Redhat

Satellite

228 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-14380

  • EPSS 0.32%
  • Veröffentlicht 02.06.2021 13:15:09
  • Zuletzt bearbeitet 21.11.2024 05:03:08

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellit...

6.5

CVE-2020-14371

  • EPSS 0.27%
  • Veröffentlicht 02.06.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:03:06

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

5.5

CVE-2020-14335

  • EPSS 0.1%
  • Veröffentlicht 02.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:03:02

A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerabi...

6.5

CVE-2020-10716

  • EPSS 0.16%
  • Veröffentlicht 27.05.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 04:55:54

A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and...

6.5

CVE-2021-3413

  • EPSS 0.32%
  • Veröffentlicht 08.04.2021 23:15:12
  • Zuletzt bearbeitet 21.11.2024 06:21:26

A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulner...

5.3

CVE-2021-20256

  • EPSS 0.12%
  • Veröffentlicht 23.02.2021 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:46:13

A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

8.8

CVE-2020-14334

  • EPSS 0.11%
  • Veröffentlicht 31.07.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 05:03:02

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

5.3

CVE-2020-10693

  • EPSS 0.28%
  • Veröffentlicht 06.05.2020 14:15:10
  • Zuletzt bearbeitet 21.11.2024 04:55:52

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping...

7.5

CVE-2012-6685

Exploit
  • EPSS 0.32%
  • Veröffentlicht 19.02.2020 15:15:11
  • Zuletzt bearbeitet 21.11.2024 01:46:40

Nokogiri before 1.5.4 is vulnerable to XXE attacks

6.5

CVE-2014-3590

  • EPSS 0.24%
  • Veröffentlicht 02.01.2020 20:15:19
  • Zuletzt bearbeitet 21.11.2024 02:08:27

Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.