Satellite
by Red Hat
Source repositories
CVEs (130)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4480 | 0.00 | — | 0.02 | Nov 18, 2013 | Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||
| CVE-2013-2056 | 0.00 | — | 0.02 | Jul 31, 2013 | The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | |||
| CVE-2012-1145 | 0.00 | — | 0.03 | Jun 16, 2012 | spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and… | |||
| CVE-2011-4346 | 0.00 | — | 0.02 | Dec 10, 2011 | Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. | |||
| CVE-2010-1171 | 0.00 | — | 0.03 | Apr 18, 2011 | Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files… | |||
| CVE-2009-0788 | 0.00 | — | 0.02 | Apr 18, 2011 | Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via… | |||
| CVE-2011-0718 | 0.00 | — | 0.01 | Feb 25, 2011 | Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks. | |||
| CVE-2011-0717 | 0.00 | — | 0.02 | Feb 25, 2011 | Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk. | |||
| CVE-2007-5961 | 0.00 | — | 0.01 | May 23, 2008 | Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2007-4132 | 0.00 | — | 0.02 | Aug 30, 2007 | Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler." |
- CVE-2013-4480Nov 18, 2013risk 0.00cvss —epss 0.02
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
- CVE-2013-2056Jul 31, 2013risk 0.00cvss —epss 0.02
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
- CVE-2012-1145Jun 16, 2012risk 0.00cvss —epss 0.03
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and…
- CVE-2011-4346Dec 10, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
- CVE-2010-1171Apr 18, 2011risk 0.00cvss —epss 0.03
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files…
- CVE-2009-0788Apr 18, 2011risk 0.00cvss —epss 0.02
Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via…
- CVE-2011-0718Feb 25, 2011risk 0.00cvss —epss 0.01
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.
- CVE-2011-0717Feb 25, 2011risk 0.00cvss —epss 0.02
Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.
- CVE-2007-5961May 23, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2007-4132Aug 30, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."
Page 7 of 7