VYPR

Satellite

by Red Hat

Source repositories

CVEs (130)

  • CVE-2013-4480Nov 18, 2013
    risk 0.00cvss epss 0.02

    Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

  • CVE-2013-2056Jul 31, 2013
    risk 0.00cvss epss 0.02

    The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

  • CVE-2012-1145Jun 16, 2012
    risk 0.00cvss epss 0.03

    spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and…

  • CVE-2011-4346Dec 10, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

  • CVE-2010-1171Apr 18, 2011
    risk 0.00cvss epss 0.03

    Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files…

  • CVE-2009-0788Apr 18, 2011
    risk 0.00cvss epss 0.02

    Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via…

  • CVE-2011-0718Feb 25, 2011
    risk 0.00cvss epss 0.01

    Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.

  • CVE-2011-0717Feb 25, 2011
    risk 0.00cvss epss 0.02

    Session fixation vulnerability in Red Hat Network (RHN) Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk.

  • CVE-2007-5961May 23, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

  • CVE-2007-4132Aug 30, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."

Page 7 of 7