Total
214 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-5189 | 1 Redhat | 2 Ansible Automation Platform, Satellite | 2024-03-27 | N/A | 6.5 MEDIUM |
A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | |||||
CVE-2023-4886 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-03-01 | N/A | 4.4 MEDIUM |
A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | |||||
CVE-2017-15100 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-02-15 | 4.3 MEDIUM | 6.1 MEDIUM |
An attacker submitting facts to the Foreman server containing HTML can cause a stored XSS on certain pages: (1) Facts page, when clicking on the "chart" button and hovering over the chart; (2) Trends page, when checking the graph for a trend based on a such fact; (3) Statistics page, for facts that are aggregated on this page. | |||||
CVE-2008-2369 | 1 Redhat | 1 Satellite | 2024-02-13 | 6.4 MEDIUM | 9.1 CRITICAL |
manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements. | |||||
CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 310 Http Server, Opensearch Data Prepper, Apisix and 307 more | 2024-02-02 | N/A | 7.5 HIGH |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | |||||
CVE-2017-2667 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Hammer Cli | 2024-01-26 | 6.8 MEDIUM | 8.1 HIGH |
Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks. | |||||
CVE-2016-10165 | 6 Canonical, Debian, Littlecms and 3 more | 19 Ubuntu Linux, Debian Linux, Little Cms Color Engine and 16 more | 2024-01-10 | 5.8 MEDIUM | 7.1 HIGH |
The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) allows remote attackers to obtain sensitive information or cause a denial of service via an image with a crafted ICC profile, which triggers an out-of-bounds heap read. | |||||
CVE-2023-4320 | 1 Redhat | 1 Satellite | 2024-01-03 | N/A | 7.5 HIGH |
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. | |||||
CVE-2023-0118 | 2 Redhat, Theforeman | 3 Enterprise Linux, Satellite, Foreman | 2023-12-10 | N/A | 9.1 CRITICAL |
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. | |||||
CVE-2022-3874 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-12-10 | N/A | 9.1 CRITICAL |
A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. | |||||
CVE-2023-0119 | 1 Redhat | 2 Enterprise Linux, Satellite | 2023-12-10 | N/A | 5.4 MEDIUM |
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials. | |||||
CVE-2023-0462 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-12-10 | N/A | 9.1 CRITICAL |
An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | |||||
CVE-2023-1832 | 2 Candlepinproject, Redhat | 2 Candlepin, Satellite | 2023-12-10 | N/A | 8.1 HIGH |
An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. | |||||
CVE-2022-4130 | 1 Redhat | 1 Satellite | 2023-12-10 | N/A | 4.5 MEDIUM |
A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server. | |||||
CVE-2021-3590 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2023-12-10 | N/A | 8.8 HIGH |
A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2015-1931 | 3 Ibm, Redhat, Suse | 8 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Eus and 5 more | 2023-12-10 | N/A | 5.5 MEDIUM |
IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 FP10, 7 before SR9 FP10, 6 R1 before SR8 FP7, 6 before SR16 FP7, and 5.0 before SR16 FP13 stores plaintext information in memory dumps, which allows local users to obtain sensitive information by reading a file. | |||||
CVE-2021-3414 | 1 Redhat | 1 Satellite | 2023-12-10 | N/A | 8.1 HIGH |
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | |||||
CVE-2022-3644 | 2 Pulpproject, Redhat | 4 Pulp Ansible, Ansible Automation Platform, Satellite and 1 more | 2023-12-10 | N/A | 5.5 MEDIUM |
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only. | |||||
CVE-2021-3589 | 2 Redhat, Theforeman | 2 Satellite, Foreman Ansible | 2023-12-10 | 6.5 MEDIUM | 8.0 HIGH |
An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2021-44420 | 5 Canonical, Debian, Djangoproject and 2 more | 5 Ubuntu Linux, Debian Linux, Django and 2 more | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. |