SUSE CVE-2009-4139

A flaw was found in Spacewalk Java site packages. This cross-site request forgery CSRF vulnerability allows a remote attacker to hijack the authentication of arbitrary users. This can lead to unauthorized actions, including disabling user accounts, adding new user accounts, or escalating privileg...

SUSE CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

SUSE CVE-2011-0717

Session fixation vulnerability in Red Hat Network RHN Satellite Server 5.4 allows remote attackers to hijack web sessions via unspecified vectors related to Spacewalk...

SUSE CVE-2011-1594

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the urlbounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to...

SUSE CVE-2011-2919

Cross-site scripting XSS vulnerability in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page...

SUSE CVE-2011-2920

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting XSS vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicio...

SUSE CVE-2011-2927

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting XSS, allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attacke...

SUSE CVE-2011-3344

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting XSS vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session...

SUSE CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

SUSE CVE-2012-0414

Cross-site scripting XSS vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise SLE 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an image name...

SUSE CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

SUSE CVE-2012-6149

Multiple cross-site scripting XSS vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 subject or 2 content values of a note in a system.addNote XML-RPC call...

SUSE CVE-2013-1871

Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

SUSE CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting XSS attacks, via the returnurl parameter...

SUSE CVE-2013-4415

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

SUSE CVE-2014-3595

Cross-site scripting XSS vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging...

SUSE CVE-2014-3654

Multiple cross-site scripting XSS vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 kickstart/cobbler/CustomSnippetList.do, 2...

SUSE CVE-2014-7812

Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...

SUSE CVE-2014-7811

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API...

SUSE CVE-2014-8162

XML external entity XXE in the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...