VYPR

Satellite

by Red Hat

Source repositories

CVEs (130)

  • CVE-2025-2157LowMar 15, 2025
    risk 0.21cvss 3.3epss 0.00

    A flaw was found in Foreman/Red Hat Satellite. Improper file permissions allow low-privileged OS users to monitor and access temporary files under /var/tmp, exposing sensitive command outputs, such as /etc/shadow. This issue can lead to information disclosure and privilege…

  • CVE-2017-10345LowOct 19, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows…

  • CVE-2017-3539LowApr 24, 2017
    risk 0.20cvss 3.1epss 0.02

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network…

  • CVE-2017-15136LowFeb 27, 2018
    risk 0.18cvss 2.7epss 0.01

    When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates.

  • CVE-2013-2143Apr 17, 2014
    risk 0.07cvss epss 0.48

    The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

  • CVE-2015-8126Nov 13, 2015
    risk 0.01cvss epss 0.10

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application…

  • CVE-2007-1349Mar 30, 2007
    risk 0.01cvss epss 0.10

    PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.

  • CVE-2026-0980Feb 27, 2026
    risk 0.00cvss epss 0.01

    A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This…

  • CVE-2023-1932Nov 7, 2024
    risk 0.00cvss epss 0.00

    A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML…

  • CVE-2024-7923Sep 4, 2024
    risk 0.00cvss epss 0.01

    An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in…

  • CVE-2023-4320Dec 18, 2023
    risk 0.00cvss epss 0.01

    An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity.

  • CVE-2023-1832Oct 4, 2023
    risk 0.00cvss epss 0.00

    An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

  • CVE-2022-4130Dec 16, 2022
    risk 0.00cvss epss 0.01

    A blind site-to-site request forgery vulnerability was found in Satellite server. It is possible to trigger an external interaction to an attacker's server by modifying the Referer header in an HTTP request of specific resources in the server.

  • CVE-2021-3414Aug 26, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.

  • CVE-2021-4142Aug 24, 2022
    risk 0.00cvss epss 0.00

    The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.

  • CVE-2020-10710Aug 16, 2022
    risk 0.00cvss epss 0.00

    A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.

  • CVE-2020-14380Jun 2, 2021
    risk 0.00cvss epss 0.01

    An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

  • CVE-2020-14371Jun 2, 2021
    risk 0.00cvss epss 0.01

    A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

  • CVE-2020-14335Jun 2, 2021
    risk 0.00cvss epss 0.00

    A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system…

  • CVE-2020-10716May 27, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw allows a malicious Satellite user to scan through the Job Invocation, with the ability to search for passwords and other sensitive data. This…

Page 5 of 7