Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite
(Redhat)Repositories |
• https://github.com/madler/zlib
• https://github.com/spacewalkproject/spacewalk • https://github.com/bcgit/bc-java • https://github.com/mm2/Little-CMS • https://github.com/dom4j/dom4j |
#Vulnerabilities | 216 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-06-05 | CVE-2024-3716 | A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. | Satellite | 6.2 | ||
2024-06-05 | CVE-2024-4812 | A flaw was found in the Katello plugin for Foreman, where it is possible to store malicious JavaScript code in the "Description" field of a user. This code can be executed when opening certain pages, for example, Host Collections. | Katello, Satellite | 4.8 | ||
2024-09-04 | CVE-2024-7923 | An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) which are using Pulpcore version 3.0+ and could potentially enable... | Satellite | 9.8 | ||
2024-09-04 | CVE-2024-7012 | An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing authentication through a malformed header. This flaw impacts all active Satellite deployments (6.13, 6.14 and 6.15) and could potentially enable unauthorized users to gain administrative access. | Satellite | 9.8 | ||
2019-02-04 | CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. | Ubuntu_linux, Debian_linux, Xp7_command_view, Xp7_command_view_advanced_edition_suite, Libpng, Firefox, Thunderbird, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Snapmanager, Steelstore, Leap, Package_hub, Hyperion_infrastructure_technology, Java_se, Jdk, Mysql, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_scientific_computing, Enterprise_linux_workstation, Satellite | 5.3 | ||
2016-04-21 | CVE-2016-3427 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. | Cassandra, Ubuntu_linux, Debian_linux, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_balance, Oncommand_cloud_manager, Oncommand_insight, Oncommand_performance_manager, Oncommand_report, Oncommand_shift, Oncommand_unified_manager, Oncommand_workflow_automation, Storagegrid, Vasa_provider_for_clustered_data_ontap, Virtual_storage_console, Leap, Opensuse, Jdk, Jre, Jrockit, Linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_desktop, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit, Manager, Manager_proxy, Openstack_cloud | 9.8 | ||
2018-06-01 | CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Ubuntu_linux, 7\-Mode_transition_tool, Satellite, Satellite_capsule | 7.5 | ||
2017-05-23 | CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | Iphone_os, Mac_os_x, Tvos, Watchos, Ubuntu_linux, Debian_linux, Node\.js, Leap, Opensuse, Database_server, Jdk, Jre, Mysql, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_workstation, Satellite, Zlib | 8.8 | ||
2015-10-22 | CVE-2015-4902 | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment. | Leap, Opensuse, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_eus_compute_node, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_from_rhui, Enterprise_linux_workstation, Satellite, Linux_enterprise_module_for_legacy, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
2015-07-16 | CVE-2015-2590 | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732. | Ubuntu_linux, Debian_linux, Opensuse, Jdk, Jre, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Satellite, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server | 9.8 |