RSS   Vulnerabilities for 'Satellite'   RSS

2021-12-16
 
CVE-2021-42550

CWE-502
 

 
In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.

 
2021-12-08
 
CVE-2021-44420

CWE-287
 

 
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths.

 
2021-06-02
 
CVE-2020-14335

CWE-200
 

 
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability.

 
 
CVE-2020-14380

CWE-287
 

 
An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

 
2021-04-08
 
CVE-2021-3413

CWE-200
 

 
A flaw was found in Red Hat Satellite in tfm-rubygem-foreman_azure_rm in versions before 2.2.0. A credential leak was identified which will expose Azure Resource Manager's secret key through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 
2021-02-23
 
CVE-2021-20256

CWE-200
 

 
A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 
2020-12-03
 
CVE-2020-25649

CWE-611
 

 
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

 
2020-05-06
 
CVE-2020-10693

CWE-20
 

 
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

 
2020-02-19
 
CVE-2012-6685

CWE-776
 

 
Nokogiri before 1.5.4 is vulnerable to XXE attacks

 
2020-01-02
 
CVE-2014-3590

CWE-352
 

 
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.

 


Copyright 2024, cxsecurity.com

 

Back to Top