Skip to content

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Learn

All guides
What is a CVE?
What is CVSS?
The CISA KEV catalog
What is EPSS?

Company

About us
Blog
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

Home
Vendors
Red Hat
Red Hat Satellite 6

Red Hat Satellite 6 Vulnerabilities: CVEs, CISA KEV & Security Advisories

29 CVEs

Red Hat Satellite 6 Vulnerabilities

CVE security advisories and vulnerability history for Red Hat Satellite 6 by Red Hat.

29

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

4

Public exploits

With known exploit

6.9

Avg CVSS

2019–2026

Last updated May 28, 2026

Overview

Red Hat Satellite 6 has 29 published CVE records since 2019, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 4 have a known public exploit. The average CVSS base score across scored CVEs is 6.9.

This page aggregates every publicly disclosed vulnerability (CVE) affecting Red Hat Satellite 6, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Severity and exploitation

How the CVSS severity of Red Hat Satellite 6's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High15

Medium13

Low1

In CISA’s Known Exploited Vulnerabilities catalog

0

None of Red Hat Satellite 6's CVEs are currently listed in CISA's KEV catalog.

Public exploits

4

4 of Red Hat Satellite 6's CVEs have a known public exploit available.

Affected versions and CVEs

Browse every Red Hat Satellite 6 version named in a CVE, then pick one to see only the CVEs that affect it.

Default status

All versions19 CVEs

Find a version

29 CVEs

Sort

Rpm: command injection in rpmuncompress dountar() via unescaped archive top-level directory name in popen() shell command
CVE-2026-44604CWE-78
High · CVSS 7.0
EPSS 0.0% (7th pct)2026-05-28
Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data
CVE-2026-48864
Public exploit
Patch
CWE-787
High · CVSS 7.8
EPSS 0.0% (3th pct)2026-05-26
Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file
CVE-2026-9149
Public exploit
Workaround
CWE-122
Medium · CVSS 6.5
EPSS 0.1% (17th pct)2026-05-20
Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums
CVE-2026-9150
Workaround
CWE-121
Medium · CVSS 6.5
EPSS 0.0% (3th pct)2026-05-20
Forman: foreman: remote code execution via command injection in websocket proxy
CVE-2026-1961
Public exploit
Patch
CWE-78
High · CVSS 8.0
EPSS 0.0% (12th pct)2026-03-26
Rubygem-katello: katello: denial of service and potential information disclosure via sql injection
CVE-2026-4324
Patch
CWE-89
Medium · CVSS 5.4
EPSS 0.1% (30th pct)2026-03-17
Rubyipmi: red hat satellite: remote code execution in rubyipmi via malicious bmc username
CVE-2026-0980
Patch
CWE-78
High · CVSS 8.3
EPSS 0.1% (28th pct)2026-02-27
Fog-kubevirt: fog-kubevirt: man-in-the-middle vulnerability due to disabled certificate validation
CVE-2026-1530
Patch
CWE-295
High · CVSS 8.1
EPSS 0.0% (2th pct)2026-02-02
Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
CVE-2026-1531
Patch
Workaround
CWE-295
High · CVSS 8.1
EPSS 0.0% (2th pct)2026-02-02
Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection
CVE-2026-0603
Patch
CWE-89
High · CVSS 8.3
EPSS 0.1% (23th pct)2026-01-23
Rubygem-mqtt: rubygem-mqtt hostname validation
CVE-2025-12790
Patch
CWE-29
High · CVSS 7.4
EPSS 0.0% (15th pct)2025-11-06
Foreman: os command injection via ct_location and fcct_location parameters
CVE-2025-10622
Patch
CWE-78
High · CVSS 8.0
EPSS 0.1% (26th pct)2025-11-05
Yggdrasil: local privilege escalation in yggdrasil
CVE-2025-3931
Patch
Workaround
CWE-280
High · CVSS 7.8
EPSS 0.1% (23th pct)2025-05-14
Crossbeam-channel: crossbeam-channel vulnerable to double free on drop
CVE-2025-4574
Patch
CWE-415
Medium · CVSS 6.5
EPSS 0.1% (34th pct)2025-05-13
Ring: some aes functions may panic when overflow checking is enabled in ring
CVE-2025-4432
Patch
CWE-770
Medium · CVSS 5.3
EPSS 0.3% (50th pct)2025-05-09
Foreman: disclosure of executed commands and outputs in foreman / red hat satellite
CVE-2025-2157CWE-922
Low · CVSS 3.3
EPSS 0.0% (9th pct)2025-03-15
Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript
CVE-2024-11831
Patch
CWE-79
Medium · CVSS 5.4
EPSS 1.1% (79th pct)2025-02-10
Medium vulnerability · 2024-11-07
CVE-2023-1932
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.8% (74th pct)2024-11-07
Foreman: foreman: oauth secret exposure via unauthenticated access to the graphql api
CVE-2024-6861
Patch
Workaround
CWE-200
High · CVSS 7.5
EPSS 0.4% (62th pct)2024-11-06
Golang-fips: golang fips zeroed buffer
CVE-2024-9355
Patch
CWE-457
Medium · CVSS 6.5
EPSS 0.1% (22th pct)2024-10-01
Foreman: command injection in "host init config" template via "install packages" field on foreman
CVE-2024-7700CWE-77
Medium · CVSS 6.5
EPSS 0.2% (37th pct)2024-08-12
Pulpcore: rbac permissions incorrectly assigned in tasks that create objects
CVE-2024-7143
Patch
CWE-277
Medium · CVSS 6.7
EPSS 0.0% (14th pct)2024-08-07
Katello: potential cross-site scripting exploit in ui
CVE-2024-4812CWE-79
Medium · CVSS 4.8
EPSS 0.1% (25th pct)2024-06-05
Foreman-installer: candlepin database password being leaked to local users via the process list
CVE-2024-3716CWE-200
Medium · CVSS 6.2
EPSS 0.0% (15th pct)2024-06-05
Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659
CVE-2023-50782
Public exploit
Patch
CWE-203
High · CVSS 7.5
EPSS 0.9% (76th pct)2024-02-05
Improper authorization check in the server component
CVE-2023-1832
Patch
CWE-284
Medium · CVSS 6.8
EPSS 0.1% (30th pct)2023-10-04
High vulnerability · 2023-09-22
CVE-2022-3874CWE-78
High · CVSS 8.0
EPSS 0.2% (40th pct)2023-09-22
High vulnerability · 2023-09-20
CVE-2023-0462
Patch
CWE-94
High · CVSS 8.0
EPSS 0.1% (25th pct)2023-09-20
Rhn-proxy: rhn-satellite: rhn-proxy: information disclosure via clear-text credential transmission when accessing rhn satellite
CVE-2012-5562
Patch
CWE-319
High · CVSS 8.6
EPSS 0.6% (70th pct)2019-12-02

Common weakness types

The CWE weakness categories most often found in Red Hat Satellite 6 CVEs. Follow any weakness for its full explanation.

CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')5 CVEs
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')3 CVEs
CWE-200Exposure of Sensitive Information to an Unauthorized Actor2 CVEs
CWE-295Improper Certificate Validation2 CVEs
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2 CVEs
CWE-284Improper Access Control1 CVE
CWE-280Improper Handling of Insufficient Permissions or Privileges1 CVE
CWE-277Insecure Inherited Permissions1 CVE

Disclosure activity by year

How many Red Hat Satellite 6 CVEs were published each year.

2019

1

2023

3

2024

8

2025

7

2026

10

Other Red Hat products

Browse vulnerabilities for other products by Red Hat.

Red Hat Enterprise Linux 9678 CVEs Red Hat Enterprise Linux 8672 CVEs Red Hat Enterprise Linux 7581 CVEs Red Hat Enterprise Linux 6537 CVEs Red Hat Enterprise Linux 10386 CVEs Red Hat OpenShift Container Platform 4188 CVEs Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support129 CVEs Red Hat Enterprise Linux 9.4 Extended Update Support118 CVEs

All Red Hat vulnerabilities

Frequently asked questions

Common questions about Red Hat Satellite 6 vulnerabilities.

How many CVEs does Red Hat Red Hat Satellite 6 have?

Red Hat Red Hat Satellite 6 has 29 published CVE records since 2019.

How many Red Hat Red Hat Satellite 6 CVEs are in CISA KEV?

None of Red Hat Red Hat Satellite 6's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Are there public exploits for Red Hat Red Hat Satellite 6 vulnerabilities?

Yes — 4 of Red Hat Red Hat Satellite 6's CVEs have a known public exploit.

Which versions of Red Hat Red Hat Satellite 6 are affected?

1 distinct Red Hat Red Hat Satellite 6 version is named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.

What are the most common weakness types in Red Hat Red Hat Satellite 6 CVEs?

Red Hat Red Hat Satellite 6's CVEs most often map to these CWE weakness types: CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), CWE-295 (Improper Certificate Validation).

What is the average severity of Red Hat Red Hat Satellite 6 CVEs?

The average CVSS base score across Red Hat Red Hat Satellite 6's scored CVEs is 6.9.

References

All Red Hat vulnerabilities
The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track Red Hat Satellite 6 vulnerabilities

Monitor new Red Hat Satellite 6 vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Affected versions and CVEs
Common weakness types
Disclosure activity
Other products
FAQ
References