Red Hat Security Advisory: Satellite 6.16.7 Async Update

CVE-2025-6176 — Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS CVE-2025-14550 — Django: Django: Denial of Service via crafted request with duplicate headers CVE-2025-68121 — crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption CVE-2026-0980 — rubyipmi: Red Hat Satellite: Remote Code Execution in rubyipmi via malicious BMC username CVE-2026-1207 — Django: Django: SQL Injection via RasterField band index parameter CVE-2026-1285 — Django: Django: Denial of Service via crafted HTML inputs CVE-2026-1287 — Django: Django: SQL Injection via crafted column aliases CVE-2026-1312 — Django: Django: SQL injection via crafted column aliases in QuerySet.order_by() CVE-2026-1530 — fog-kubevirt: fog-kubevirt: Man-in-the-Middle vulnerability due to disabled certificate validation CVE-2026-1531 — foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification CVE-2026-1961 — forman: Foreman: Remote Code Execution via command injection in WebSocket proxy