RHSA-2021:4702MediumCVSS 9.8

Red Hat Security Advisory: Satellite 6.10 Release

Published
November 16, 2021
Last Modified
June 25, 2026

🔗 CVE IDs covered (21)

📋 Description

CVE-2019-14853 — python-ecdsa: Unexpected and undocumented exceptions during signature decoding CVE-2019-14859 — python-ecdsa: DER encoding is not being verified in signatures CVE-2019-25025 — rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id CVE-2020-8130 — rake: OS Command Injection via egrep in Rake::FileList CVE-2020-8908 — guava: local information disclosure via temporary directory created with unsafe permissions CVE-2020-14343 — PyYAML: incomplete fix for CVE-2020-1747 CVE-2020-26247 — rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema CVE-2021-3413 — Satellite: Azure compute resource secret_key leak to authenticated users CVE-2021-3494 — foreman: possible man-in-the-middle in smart_proxy realm_freeipa CVE-2021-20256 — Satellite: BMC controller credential leak via API CVE-2021-21330 — python-aiohttp: Open redirect in aiohttp.web_middlewares.normalize_path_middleware CVE-2021-22885 — rubygem-actionpack: Possible Information Disclosure / Unintended Method Execution in Action Pack CVE-2021-22902 — rails: Possible Denial of Service vulnerability in Action Dispatch CVE-2021-22904 — rails: Possible DoS Vulnerability in Action Controller Token Authentication CVE-2021-28658 — django: potential directory-traversal via uploaded files CVE-2021-29509 — rubygem-puma: incomplete fix for CVE-2019-16770 allows Denial of Service (DoS) CVE-2021-31542 — django: Potential directory-traversal via uploaded files CVE-2021-32740 — rubygem-addressable: ReDoS in templates CVE-2021-33203 — django: Potential directory traversal via admindocs CVE-2021-33503 — python-urllib3: ReDoS in the parsing of authority part of URL CVE-2021-33571 — django: Possible indeterminate SSRF, RFI, and LFI attacks since validators accepted leading zeros in IPv4 addresses

🔗 References (512)