RHSA-2021:1313MediumCVSS 8.8

Red Hat Security Advisory: Satellite 6.9 Release

Published
April 21, 2021
Last Modified
June 30, 2026

🔗 CVE IDs covered (17)

📋 Description

CVE-2015-1820 — rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses CVE-2015-3448 — rubygem-rest-client: unsanitized application logging CVE-2017-2662 — foreman: Managing repositories with their id via hammer does not respect the role filters CVE-2018-1000119 — rack-protection: Timing attack in authenticity_token.rb CVE-2019-16782 — rubygem-rack: hijack sessions by using timing attacks targeting the session id CVE-2019-18874 — python-psutil: Double free because of refcount mishandling CVE-2020-8162 — rubygem-activestorage: circumvention of file size limits in ActiveStorage CVE-2020-8164 — rubygem-actionpack: possible strong parameters bypass CVE-2020-8165 — rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore CVE-2020-8166 — rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token CVE-2020-8167 — rubygem-actionview: CSRF vulnerability in rails-ujs CVE-2020-8185 — rubygem-rails: untrusted users able to run pending migrations in production CVE-2020-9402 — django: potential SQL injection via "tolerance" parameter in GIS functions and aggregates on Oracle CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-14335 — foreman: world-readable OMAPI secret through the ISC DHCP server CVE-2020-15169 — rubygem-activeview: Cross-site scripting in translation helpers CVE-2020-25633 — resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling

🔗 References (328)