CVE Daily – Red Hat Satellite (High+Critical)

[High] CVE-2026-0980 – A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller ...

Fri, 27 Feb 2026 08:17:09 +0000

High CVE-2026-0980

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller (BMC) component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote code execution (RCE) on the system.

CVSS: 8.3 · CWE: CWE-78

View on NVD

[High] CVE-2025-10622 – A flaw was found in Red Hat Satellite (Foreman component). This vulnerability al...

Wed, 05 Nov 2025 08:15:32 +0000

High CVE-2025-10622

A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.

CVSS: 8.0 · CWE: CWE-78

View on NVD

[High] CVE-2020-14380 – An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potentia...

Wed, 02 Jun 2021 13:15:09 +0000

High CVE-2020-14380

An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. A potential attacker with proper authentication to the relevant external authentication source (SSO or Open ID) can claim the privileges of already existing local users of Satellite.

CVSS: 7.5 · CWE: CWE-287

View on NVD

[High] CVE-2020-14334 – A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read...

Fri, 31 Jul 2020 13:15:12 +0000

High CVE-2020-14334

A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance.

CVSS: 8.8 · CWE: CWE-522

View on NVD

[High] CVE-2019-3891 – It was discovered that a world-readable log file belonging to Candlepin componen...

Mon, 15 Apr 2019 12:31:42 +0000

High CVE-2019-3891

It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates.

CVSS: 7.8 · CWE: CWE-532

View on NVD

[High] CVE-2015-5164 – The Qpid server on Red Hat Satellite 6 does not properly restrict message types,...

Wed, 18 Oct 2017 16:29:00 +0000

High CVE-2015-5164

The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing problem in pulp.

CVSS: 7.2 · CWE: CWE-502

View on NVD

[High] CVE-2013-4480 – Red Hat Satellite 5.6 and earlier does not disable the web interface that is use...

Mon, 18 Nov 2013 02:55:07 +0000

High CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

CVSS: 7.5 · CWE: CWE-668

View on NVD