Product:

Satellite

(Redhat)
Date Id Summary Products Score Patch Annotated
2021-04-08 CVE-2021-3413 A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Satellite, Foreman_azurerm 6.3
2019-04-15 CVE-2019-3891 It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. Satellite 7.8
2019-04-11 CVE-2019-3845 A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. Satellite 8.0
2019-10-17 CVE-2019-17631 From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. Openj9, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite 9.1
2019-11-05 CVE-2013-6461 Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager N/A
2020-02-19 CVE-2012-6685 Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager N/A
2020-01-02 CVE-2014-3590 Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. Satellite N/A
2019-12-13 CVE-2014-0241 rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable Satellite, Hammer_cli N/A
2019-12-02 CVE-2012-5562 rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite Satellite N/A
2018-08-20 CVE-2018-1656 The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. Sdk, Enterprise_manager_base_platform, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite 6.5