Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Filtered by product Satellite
Total 202 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0264 3 Ibm, Redhat, Suse 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more 2021-09-09 6.8 MEDIUM 5.6 MEDIUM
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2018-1000632 5 Debian, Dom4j Project, Netapp and 2 more 15 Debian Linux, Dom4j, Oncommand Workflow Automation and 12 more 2021-09-06 5.0 MEDIUM 7.5 HIGH
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CVE-2012-6685 2 Nokogiri, Redhat 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more 2021-07-15 5.0 MEDIUM 7.5 HIGH
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2013-6460 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2021-07-15 4.3 MEDIUM 6.5 MEDIUM
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVE-2013-6461 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2021-07-15 4.3 MEDIUM 6.5 MEDIUM
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVE-2020-14371 1 Redhat 1 Satellite 2021-06-11 4.0 MEDIUM 6.5 MEDIUM
A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.
CVE-2021-3413 2 Redhat, Theforeman 2 Satellite, Foreman Azurerm 2021-04-14 6.5 MEDIUM 6.3 MEDIUM
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2015-2808 9 Canonical, Debian, Fujitsu and 6 more 99 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 96 more 2020-11-23 5.0 MEDIUM N/A
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.
CVE-2019-17631 2 Eclipse, Redhat 7 Openj9, Enterprise Linux, Enterprise Linux Desktop and 4 more 2020-10-16 6.4 MEDIUM 9.1 CRITICAL
From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks.
CVE-2019-3891 1 Redhat 1 Satellite 2020-10-15 2.1 LOW 7.8 HIGH
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.
CVE-2019-3845 1 Redhat 1 Satellite 2020-10-15 5.2 MEDIUM 8.0 HIGH
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands.
CVE-2019-11775 2 Eclipse, Redhat 5 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2020-10-08 5.8 MEDIUM 7.4 HIGH
All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems.
CVE-2019-10198 2 Redhat, Theforeman 2 Satellite, Foreman-tasks 2020-09-30 4.0 MEDIUM 6.5 MEDIUM
An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through find_resource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, if they can discover or guess the UUID of the task.
CVE-2014-3590 1 Redhat 1 Satellite 2020-01-14 4.3 MEDIUM 6.5 MEDIUM
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVE-2014-0241 2 Redhat, Theforeman 2 Satellite, Hammer Cli 2019-12-18 2.1 LOW 5.5 MEDIUM
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVE-2012-5562 1 Redhat 1 Satellite 2019-12-13 3.3 LOW 6.5 MEDIUM
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVE-2018-1656 3 Ibm, Oracle, Redhat 6 Sdk, Enterprise Manager Base Platform, Enterprise Linux Desktop and 3 more 2019-10-09 4.3 MEDIUM 6.5 MEDIUM
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVE-2018-1517 2 Ibm, Redhat 5 Software Development Kit, Enterprise Linux Desktop, Enterprise Linux Server and 2 more 2019-10-09 5.0 MEDIUM 7.5 HIGH
A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681.
CVE-2018-1096 2 Redhat, Theforeman 2 Satellite, Foreman 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database.
CVE-2018-1090 3 Fedoraproject, Pulpproject, Redhat 3 Fedora, Pulp, Satellite 2019-10-09 5.0 MEDIUM 7.5 HIGH
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.