394 matches found
CVE-2018-1077
Spacewalk 2.6 contains an XML External Entity (XXE) flaw in its API that can disclose server‑side sensitive information. Public descriptions confirm the CVE‑2018‑1077 issue; remediation in linked SUSE advisories includes disabling external entity parsing and preventing external entity downloads (...
CVE-2018-1077
Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server...
CVE-2018-1077
Spacewalk includes an API endpoint that can be abused by attackers to execute an XXE XML External Entity Reference allowing for the disclosure of potentially sensitive information...
SUSE-SU-2018:0552-1 Security update for SUSE Manager Server 3.1
This update fixes the following issues: nutch: - Fix hadoop log dir. bsc1061574 osad, rhnlib: - Fix update mechanism when updating the updateservice bsc1073619 pxe-default-image: - Spectre and Meltdown mitigation. CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, bsc1068032 spacecmd: - Support multipl...
Red Hat spacewalk-backend security bypass vulnerability
spacewalk is an open source free linux system management solution. It can be used to manage system information , install and update the software in the system , collect and distribute customized packages in the system to manageable groups , provide and manage configuration files in the system and...
SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2017:1347-1)
The following security issue in spacewalk-backend has been fixed : - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 The update package also includes non-security fixes. See advisory for details. Note that Tenable Network...
RHEL 5 / 6 : spacewalk-backend (RHSA-2017:1259)
An update for spacewalk-backend is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
SUSE-SU-2017:1349-1 Security update for SUSE Manager Server 3.0
The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib...
SUSE-SU-2017:1346-1 Security update for SUSE Manager Proxy 3.0
The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib...
SUSE-SU-2017:1347-1 Security update for SUSE Manager Client Tools
The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 Additionally, the following non-security issues have been fixed: rhnlib: - Support all TLS versions in rpclib...
SUSE-SU-2017:1352-1 Security update for SUSE Manager Client Tools
The following security issue in spacewalk-backend has been fixed: - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 Additionally, the following non-security issues have been fixed: cobbler: - Support UEFI boot with cobbler...
spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...
Moderate: Red Hat Security Advisory: spacewalk-backend security update
An update for spacewalk-backend is now available for Red Hat Satellite 5.6 and Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
CVE-2017-7470
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...
PT-2018-8388 · Red Hat +1 · Spacewalk-Channel +1
Name of the Vulnerable Software and Affected Versions: spacewalk-channel affected versions not specified Description: An issue was found in spacewalk-channel where a non-admin user or disabled users can perform administrative tasks due to an incorrect authorization check in the...
SUSE-RU-2017:0174-1 Recommended update for SUSE Manager Client Tools
This update fixes the following issues: osad: - Fix logfile option for osa-dispatcher. bsc980752 salt: - Update to 2015.8.12 - Add pre-require to salt for minions. - Do not restart salt-minion in salt package. - Add try-restart to sys-v init scripts. - Add 'Restart=on-failure' for salt-minion...
CVE-2016-3097
Cross-site scripting XSS vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data...
CVE-2016-3097
Cross-site scripting XSS vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data...
CVE-2016-3080
Cross-site scripting XSS vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the 1 RHNMD User or 2 Filesystem parameters, related to display of monitoring probes...
CVE-2016-3097
CVE-2016-3097 is a stored cross-site scripting (XSS) vulnerability in spacewalk-java used by Red Hat Satellite 5.7. The flaw allows an attacker to inject HTML/Script via group names, affecting snapshot view data. Public advisories (RHSA-2016:1484) document this as a fix in spacewalk-java, with re...