← Back

Katello

katello

Vendor: Katello • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2013-4201
1Katello
1Katello
Nov 21, 2024
May 1, 2018
N/A· v4
4.3 MEDIUM· v3
4.0 MEDIUM· v2
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVE-2016-3072
2Katello
Redhat
2Katello
Satellite
May 6, 2026
Jun 7, 2016
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by o...Show more
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.Show less
CVE-2014-3712
1Katello
1Katello
May 6, 2026
Nov 3, 2014
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in...Show more
Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in the respond function in api/api_controller.rb in app/controllers/katello/, which is passed to the to_sym method.Show less
CVE-2012-6116
1Katello
2Katello
Katello Configure
Apr 29, 2026
Mar 1, 2013
N/A· v4
N/A· v3
2.1 LOW· v2
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writin...Show more
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.Show less
CVE-2012-5561
1Katello
1Katello
Apr 29, 2026
Mar 1, 2013
N/A· v4
N/A· v3
2.1 LOW· v2
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.