RHSA-2018:0336HighCVSS 8.1

Red Hat Security Advisory: Satellite 6.3 security, bug fix, and enhancement update

Published
February 21, 2018
Last Modified
June 27, 2026

🔗 CVE IDs covered (22)

📋 Description

CVE-2013-6459 — rubygem-will_paginate: XSS vulnerabilities CVE-2014-8183 — foreman: models with a 'belongs_to' association to an Organization do not verify association belongs to that Organization CVE-2016-1669 — V8: integer overflow leading to buffer overflow in Zone::New CVE-2016-3693 — foreman: inspect in a provisioning template exposes sensitive controller information CVE-2016-3696 — pulp: Leakage of CA key in pulp-qpid-ssl-cfg CVE-2016-3704 — pulp: Unsafe use of bash $RANDOM for NSS DB password and seed CVE-2016-4451 — foreman: privilege escalation through Organization and Locations API CVE-2016-4995 — foreman: Information disclosure in provisioning template previews CVE-2016-4996 — foreman: inside discovery-debug, the root password is displayed in plaintext CVE-2016-6319 — foreman: Persistent XSS in Foreman remote execution plugin CVE-2016-7077 — foreman: Foreman information leak through unauthorized multiple_checkboxes helper CVE-2016-7078 — foreman: Information leak through organizations and locations feature CVE-2016-8613 — foreman: Stored XSS vulnerability in remote execution plugin CVE-2016-8634 — foreman: Stored XSS in org/loc wizard CVE-2016-8639 — foreman: Stored XSS via organization/location with HTML in name CVE-2016-9593 — foreman-debug: missing obfuscation of sensitive information CVE-2016-9595 — katello-debug: Possible symlink attacks due to use of predictable file names CVE-2017-2295 — puppet: Unsafe YAML deserialization CVE-2017-2667 — rubygem-hammer_cli: no verification of API server's SSL certificate CVE-2017-2672 — foreman: Image password leak CVE-2017-15699 — Interconnect: Denial of Service vulnerability in Red Hat JBoss AMQ Interconnect CVE-2018-14623 — katello: SQL inject in errata-related REST API

🔗 References (116)