PT-2015-4022 · Red Hat · Red Hat Network Satellite +1

Name of the Vulnerable Software and Affected Versions: Red Hat Network Satellite versions 5.7 and earlier Spacewalk versions 5.7 and earlier Description: The issue is related to an XML external entity XXE in the RPC interface. This allows remote attackers to read arbitrary files and possibly have...

SUSE-SU-2015:0945-1 Security update for spacewalk-java, spacewalk-setup

The spacewalk-java and spacewalk-setup packages were updated to fix one security issue: CVE-2014-8162: RPC API XML External Entities file disclosure. bsc922525 Security Issues: CVE-2014-8162...

RHEL 6 : spacewalk-java (RHSA-2015:0957)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:0957 advisory. Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of...

CVE-2014-7812

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...

CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

Cross site scripting

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...

CVE-2014-7812

CVE-2014-7812 is an XSS vulnerability affecting Spacewalk and Red Hat Network Satellite prior to version 5.7.0. The issue allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. Affected products include Spacewalk and RHN Satellite (before 5.7.0); rem...

CVE-2014-7812

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...

CVE-2014-7811

CVE-2014-7811: Spacewalk and RHN Satellite before 5.7.0 are affected by cross-site scripting via crafted XML data in the REST API. Remote authenticated users can inject arbitrary scripts/HTML. Remediation: upgrade to Spacewalk/RHN Satellite 5.7.0 (per RHSA-2015:0033) or apply related patches. Not...

CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

PT-2015-3929 · Red Hat · Red Hat Network Satellite +1

Name of the Vulnerable Software and Affected Versions: Red Hat Network Satellite versions prior to 5.7.0 Spacewalk versions prior to 5.7.0 Description: A cross-site scripting XSS issue allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. This could...

Spacewalk: multiple XSS

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

Spacewalk: XSS in system-group

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...

RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)

Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...

CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

CVE-2014-3654

CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

Moderate: Red Hat Security Advisory: spacewalk-java security update

Updated spacewalk-java packages that fix one security issue are now available for Red Hat Satellite 5.5 and 5.6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...