Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:8506
HistoryNov 16, 2022 - 1:21 p.m.

(RHSA-2022:8506) Important: Satellite 6.12 Release

2022-11-1613:21:30
access.redhat.com
50

0.183 Low

EPSS

Percentile

96.2%

JSON

Red Hat Satellite is a systems management tool for Linux-based
infrastructure. It allows for provisioning, remote management, and
monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)
  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)
  • python3-django: Possible XSS via template tag (CVE-2022-22818)
  • tfm-rubygem-nokogiri: ReDoS in HTML encoding detection (CVE-2022-24836)
  • tfm-rubygem-sinatra: Path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
  • tfm-rubygem-git: Package vulnerable to Command Injection via git argument injection (CVE-2022-25648)
  • rubygem-rails-html-sanitizer: Possible XSS with certain configurations (CVE-2022-32209)
  • python3-django: Potential SQL injection via Trunc and Extract arguments (CVE-2022-34265)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

The items above are not a complete list of changes. This update also fixes
several bugs and adds various enhancements. Documentation for these changes
is available from the Release Notes document.

OSVersionArchitecturePackageVersionFilename
RedHat8noarchpython39-pulp-rpm< 3.18.7-1.el8pcpython39-pulp-rpm-3.18.7-1.el8pc.noarch.rpm
RedHat8noarchrubygem-net-scp< 1.2.1-5.el8satrubygem-net-scp-1.2.1-5.el8sat.noarch.rpm
RedHat8noarchrubygem-parse-cron< 0.1.4-5.el8satrubygem-parse-cron-0.1.4-5.el8sat.noarch.rpm
RedHat8noarchpython39-iniparse< 0.4-35.el8pcpython39-iniparse-0.4-35.el8pc.noarch.rpm
RedHat8x86_64rubygem-nio4r< 2.5.4-2.1.el8satrubygem-nio4r-2.5.4-2.1.el8sat.x86_64.rpm
RedHat8noarchrubygem-hammer_cli_foreman_bootdisk< 0.3.0-2.el8satrubygem-hammer_cli_foreman_bootdisk-0.3.0-2.el8sat.noarch.rpm
RedHat8noarchrubygem-i18n< 1.8.2-2.el8satrubygem-i18n-1.8.2-2.el8sat.noarch.rpm
RedHat8noarchrubygem-server_sent_events< 0.1.2-2.el8satrubygem-server_sent_events-0.1.2-2.el8sat.noarch.rpm
RedHat8x86_64python3-createrepo_c-debuginfo< 0.20.1-1.el8pcpython3-createrepo_c-debuginfo-0.20.1-1.el8pc.x86_64.rpm
RedHat8x86_64python39-yarl-debuginfo< 1.7.2-2.el8pcpython39-yarl-debuginfo-1.7.2-2.el8pc.x86_64.rpm
Rows per page:
1-10 of 6311

Related

rocky 2
nessus 25
osv 28
openvas 24
redhat 5
ibm 7
gentoo 1
cve 8
fedora 11
ubuntucve 8
cnvd 2
github 7
nvd 9
githubexploit 3
alpinelinux 4
debiancve 9
debian 4
prion 8
veracode 7
mageia 4
amazon 2
cvelist 7
redhatcve 7
suse 2
hackerone 2
jvn 1
almalinux 1
oraclelinux 1
rocky
rocky
Satellite 6.12 Release
2022-11-16 13:21:30
pcs security update
2022-05-18 13:52:10
nessus
nessus
Rocky Linux 8 : Satellite 6.12 Release (Important) (RLSA-2022:8506)
2023-11-06 00:00:00
RHEL 8 : Satellite 6.12 Release (Important) (RHSA-2022:8506)
2024-04-28 00:00:00
SUSE SLED15 / SLES15 Security Update : rubygem-nokogiri (SUSE-SU-2022:4016-1)
2022-11-17 00:00:00
osv
osv
Important: Satellite 6.12 Release
2022-11-16 13:21:30
CVE-2021-37136
2021-10-19 15:15:07
CVE-2022-29181
2022-05-20 19:15:08
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4016-1)
2022-11-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4015-1)
2022-11-17 00:00:00
Fedora: Security Advisory for rubygem-rails-html-sanitizer (FEDORA-2022-ce4719993c)
2022-08-15 00:00:00
redhat
redhat
(RHSA-2021:3959) Moderate: Red Hat build of Eclipse Vert.x 4.1.5 security update
2021-11-10 16:37:03
(RHSA-2021:4851) Low: Red Hat AMQ Broker 7.9.1 release and security update
2021-11-30 08:40:21
(RHSA-2022:2253) Important: pcs security update
2022-05-16 07:03:34
ibm
ibm
Security Bulletin: Operations Dashboard is vulnerable to Netty vulnerabilities CVE-2021-37136 and CVE-2021-37137
2022-01-13 15:47:30
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)
2023-02-01 15:51:44
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty
2021-12-17 04:21:56
gentoo
gentoo
Nokogiri: Multiple Vulnerabilities
2022-08-14 00:00:00
cve
cve
CVE-2022-29181
2022-05-20 19:15:08
CVE-2022-32209
2022-06-24 15:15:11
CVE-2022-24836
2022-04-11 22:15:07
fedora
fedora
[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-3.fc35
2022-05-19 01:23:21
[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-3.fc34
2022-05-19 01:01:13
[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-2.fc35
2022-04-21 21:22:32
ubuntucve
ubuntucve
CVE-2022-29181
2022-05-20 00:00:00
CVE-2022-24836
2022-04-11 00:00:00
CVE-2021-37137
2021-10-19 00:00:00
cnvd
cnvd
Nokogiri Denial of Service Vulnerability
2022-05-23 00:00:00
Rails Cross-Site Scripting Vulnerability (CNVD-2022-58235)
2022-06-28 00:00:00
github
github
Rails::Html::Sanitizer vulnerable to Cross-site Scripting
2022-06-25 00:00:54
Nokogiri Inefficient Regular Expression Complexity
2022-04-11 21:18:06
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
2021-09-09 17:11:31
nvd
nvd
CVE-2022-32209
2022-06-24 15:15:11
CVE-2022-24836
2022-04-11 22:15:07
CVE-2021-37137
2021-10-19 15:15:07
githubexploit
githubexploit
Exploit for SQL Injection in Djangoproject Django
2022-07-13 13:02:41
Exploit for SQL Injection in Djangoproject Django
2022-08-24 07:29:30
Exploit for SQL Injection in Djangoproject Django
2022-09-08 21:22:28
alpinelinux
alpinelinux
CVE-2022-34265
2022-07-04 16:15:09
CVE-2022-29181
2022-05-20 19:15:08
CVE-2022-24836
2022-04-11 22:15:07
debiancve
debiancve
CVE-2022-24836
2022-04-11 22:15:07
CVE-2022-29181
2022-05-20 19:15:08
CVE-2022-22818
2022-02-03 02:15:07
debian
debian
[SECURITY] [DLA 3003-1] ruby-nokogiri security update
2022-05-13 17:29:34
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DLA 3227-1] ruby-rails-html-sanitizer security update
2022-12-06 19:02:47
prion
prion
Design/Logic Flaw
2022-04-11 22:15:00
Input validation
2022-05-20 19:15:00
Design/Logic Flaw
2022-02-03 02:15:00
veracode
veracode
Denial Of Service(DoS)
2021-09-10 06:32:27
Denial Of Service(DoS)
2021-09-10 06:15:09
Denial Of Service (DoS)
2022-05-19 17:32:43
mageia
mageia
Updated ruby-nokogiri packages fix security vulnerability
2022-05-22 14:26:36
Updated ruby-nokogiri packages fix security vulnerability
2022-05-08 10:58:48
Updated ruby-sinatra packages fix security vulnerability
2022-08-13 05:32:35
amazon
amazon
Important: rubygem-nokogiri
2022-12-01 17:33:00
Important: rubygem-nokogiri, rubygem18-nokogiri
2022-05-31 23:47:00
cvelist
cvelist
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
2022-05-20 00:00:00
CVE-2021-37136
2021-10-19 00:00:00
CVE-2022-32209
2022-06-24 00:00:00
redhatcve
redhatcve
CVE-2021-37136
2021-09-14 15:09:07
CVE-2022-22818
2022-02-02 00:14:54
CVE-2022-29181
2022-05-23 05:49:44
suse
suse
Security update for netty (important)
2022-04-20 00:00:00
Security update for rubygem-rails-html-sanitizer (moderate)
2022-08-23 00:00:00
hackerone
hackerone
Ruby on Rails: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
2022-04-05 07:34:03
Internet Bug Bounty: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
2022-06-14 04:11:59
jvn
jvn
JVN#12610194: Django Extract and Trunc functions vulnerable to SQL injection
2022-07-12 00:00:00
almalinux
almalinux
Important: pcs security update
2022-05-18 13:52:10
oraclelinux
oraclelinux
pcs security update
2022-05-20 00:00:00

0.183 Low

EPSS

Percentile

96.2%

JSON
Related for RHSA-2022:8506
rocky2nessus25osv28openvas24redhat5ibm7gentoo1cve8fedora11ubuntucve8cnvd2github7nvd9githubexploit3alpinelinux4debiancve9debian4prion8veracode7mageia4amazon2cvelist7redhatcve7suse2hackerone2jvn1almalinux1oraclelinux1