Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)| Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 208 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-15 | CVE-2019-3891 | It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. | Satellite | 7.8 | ||
| 2019-04-11 | CVE-2019-3845 | A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. | Satellite | 8.0 | ||
| 2019-10-17 | CVE-2019-17631 | From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | Openj9, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 9.1 | ||
| 2019-11-05 | CVE-2013-6461 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | N/A | ||
| 2020-02-19 | CVE-2012-6685 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager | N/A | ||
| 2020-01-02 | CVE-2014-3590 | Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | Satellite | N/A | ||
| 2019-12-13 | CVE-2014-0241 | rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | Satellite, Hammer_cli | N/A | ||
| 2019-12-02 | CVE-2012-5562 | rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | Satellite | N/A | ||
| 2018-08-20 | CVE-2018-1656 | The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | Sdk, Enterprise_manager_base_platform, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 6.5 | ||
| 2018-08-20 | CVE-2018-1517 | A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | Software_development_kit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 7.5 |