Satellite

This hub aggregates every CVE we track for Satellite, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Satellite.

• CVE-2026-48864Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data7.8May 26, 2026
• CVE-2026-9149Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file6.5May 20, 2026
• CVE-2026-9150Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums6.5May 20, 2026
• CVE-2026-0980Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username8.3Feb 27, 2026
• CVE-2024-7923Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore9.8Sep 4, 2024
• CVE-2024-7012Puppet-foreman: an authentication bypass vulnerability exists in foreman9.8Sep 4, 2024
• CVE-2024-4812Katello: potential cross-site scripting exploit in ui4.8Jun 5, 2024
• CVE-2024-3716Foreman-installer: candlepin database password being leaked to local users via the process list6.2Jun 5, 2024
• CVE-2023-4320Satellite: arithmetic overflow in satellite7.6Dec 18, 2023
• CVE-2023-5189Hub: insecure galaxy-importer tarfile extraction6.3Nov 14, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-1832Improper authorization check in the server component6.8Oct 4, 2023
• CVE-2023-4886Foreman: world readable file containing secrets6.7Oct 3, 2023
• CVE-2022-3874Os command injection via ct_command and fcct_command8.0Sep 22, 2023
• CVE-2023-0462Arbitrary code execution through yaml global parameters8.0Sep 20, 2023