Red Hat Network Satellite

CVEs (12)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2011-1594	Red Hat Network Satellite	Med	0.42	6.5	0.00	Feb 5, 2014	A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks,…
CVE-2011-2920	Red Hat Network Satellite	Med	0.36	5.5	0.01	Feb 5, 2014	A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the…
CVE-2011-2927	Red Hat Network Satellite	Med	0.35	5.4	0.00	Feb 5, 2014	A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search…
CVE-2014-3654	Red Hat Satellite		0.00	—	0.00	Nov 3, 2014	Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2)…
CVE-2014-3595	Red Hat Satellite		0.00	—	0.00	Sep 22, 2014	Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
CVE-2010-2236	Red Hat Satellite		0.00	—	0.02	Apr 15, 2014	The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via…
CVE-2013-4415	Red Hat Satellite		0.00	—	0.00	Feb 14, 2014	Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm,…
CVE-2013-1871	Red Hat Satellite		0.00	—	0.00	Feb 14, 2014	Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2011-2919	Red Hat Network Satellite		0.00	—	0.00	Feb 5, 2014	Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
CVE-2013-2056	Red Hat Satellite		0.00	—	0.00	Jul 31, 2013	The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2012-1145	Red Hat Satellite		0.00	—	0.02	Jun 16, 2012	spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and…
CVE-2010-1171	Red Hat Satellite		0.00	—	0.01	Apr 18, 2011	Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files…

CVE-2011-1594MedFeb 5, 2014
Red Hat
Network Satellite
risk 0.42cvss 6.5epss 0.00
A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks,…
CVE-2011-2920MedFeb 5, 2014
Red Hat
Network Satellite
risk 0.36cvss 5.5epss 0.01
A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the…
CVE-2011-2927MedFeb 5, 2014
Red Hat
Network Satellite
risk 0.35cvss 5.4epss 0.00
A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search…
CVE-2014-3654Nov 3, 2014
Red Hat
Satellite
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2)…
CVE-2014-3595Sep 22, 2014
Red Hat
Satellite
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
CVE-2010-2236Apr 15, 2014
Red Hat
Satellite
risk 0.00cvss —epss 0.02
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via…
CVE-2013-4415Feb 14, 2014
Red Hat
Satellite
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm,…
CVE-2013-1871Feb 14, 2014
Red Hat
Satellite
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2011-2919Feb 5, 2014
Red Hat
Network Satellite
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
CVE-2013-2056Jul 31, 2013
Red Hat
Satellite
risk 0.00cvss —epss 0.00
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2012-1145Jun 16, 2012
Red Hat
Satellite
risk 0.00cvss —epss 0.02
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and…
CVE-2010-1171Apr 18, 2011
Red Hat
Satellite
risk 0.00cvss —epss 0.01
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files…