Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)| Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/bcgit/bc-java • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-04-11 | CVE-2019-3845 | A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. | Satellite | 8.0 | ||
| 2019-10-17 | CVE-2019-17631 | From Eclipse OpenJ9 0.15 to 0.16, access to diagnostic operations such as causing a GC or creating a diagnostic file are permitted without any privilege checks. | Openj9, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 9.1 | ||
| 2019-11-05 | CVE-2013-6461 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | N/A | ||
| 2020-02-19 | CVE-2012-6685 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager | N/A | ||
| 2020-01-02 | CVE-2014-3590 | Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | Satellite | N/A | ||
| 2019-12-13 | CVE-2014-0241 | rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | Satellite, Hammer_cli | N/A | ||
| 2019-12-02 | CVE-2012-5562 | rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | Satellite | N/A | ||
| 2018-08-20 | CVE-2018-1656 | The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882. | Sdk, Enterprise_manager_base_platform, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 6.5 | ||
| 2018-08-20 | CVE-2018-1517 | A flaw in the java.math component in IBM SDK, Java Technology Edition 6.0, 7.0, and 8.0 may allow an attacker to inflict a denial-of-service attack with specially crafted String data. IBM X-Force ID: 141681. | Software_development_kit, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Satellite | 7.5 | ||
| 2019-01-22 | CVE-2018-14666 | An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions. | Satellite | 7.2 |