Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)| Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/bcgit/bc-java • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
| #Vulnerabilities | 216 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-07-27 | CVE-2017-7470 | It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | Satellite, Spacewalk | 9.8 | ||
| 2018-07-30 | CVE-2017-7514 | A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users. | Satellite | 5.4 | ||
| 2018-08-09 | CVE-2018-10931 | It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. | Cobbler, Satellite | 9.8 | ||
| 2019-07-02 | CVE-2019-10136 | It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. | Satellite, Spacewalk | 4.3 | ||
| 2019-07-02 | CVE-2019-10137 | A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process. | Satellite, Spacewalk | 9.8 | ||
| 2019-12-03 | CVE-2013-2101 | Katello has multiple XSS issues in various entities | Satellite, Katello | 5.4 | ||
| 2020-07-31 | CVE-2020-14334 | A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | Satellite | 8.8 | ||
| 2021-02-23 | CVE-2021-20256 | A flaw was found in Red Hat Satellite. The BMC interface exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Satellite | 5.3 | ||
| 2021-06-02 | CVE-2020-14335 | A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets through the ISC DHCP of Smart-Proxy. This flaw allows an attacker to gain control of DHCP records from the network. The highest threat from this vulnerability is to system availability. | Satellite | 5.5 | ||
| 2021-06-02 | CVE-2020-14380 | An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite. | Satellite | 7.5 |