Lucene search
+L

11 matches found

susecve
susecve
added 2023/02/15 5:48 a.m.10 views

SUSE CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

5CVSS6.9AI score0.03016EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 4:47 a.m.3 views

SUSE CVE-2017-7538

A cross-site scripting XSS flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users...

4.6CVSS5.5AI score0.00746EPSS
Exploits0References5
osv
osv
added 2018/08/22 3:29 p.m.5 views

CVE-2017-7513

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate...

5.4CVSS5.8AI score0.00484EPSS
Exploits0References2
osv
osv
added 2018/07/26 3:29 p.m.6 views

CVE-2017-7538

A cross-site scripting XSS flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users...

5.4CVSS5.7AI score0.00746EPSS
Exploits0References3
redhat
redhat
added 2017/09/06 12:26 p.m.3 views

5: organization name allows XSS

A cross-site scripting XSS flaw was found in how an organization name is displayed in Satellite 5. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users...

5.4CVSS5.6AI score0.00746EPSS
Exploits0References4
redhat
redhat
added 2017/06/20 8:20 p.m.12 views

SAT 5 XSS in the Failed Systems page

A cross-site scripting XSS flaw was found in how the failed action entry is processed in Satellite 5. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users...

5.4CVSS5.6AI score0.00641EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2016/05/19 12:0 a.m.3 views

PT-2017-7998 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...

6.1CVSS6AI score0.01578EPSS
Exploits0References40
ptsecurity
ptsecurity
added 2014/11/03 12:0 a.m.6 views

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

4.3CVSS6.3AI score0.01759EPSS
Exploits0References6
redhat
redhat
added 2014/02/10 5:29 p.m.4 views

Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

4.3CVSS5.8AI score0.01732EPSS
Exploits0References4
redhat
redhat
added 2014/02/10 5:29 p.m.5 views

Satellite/Spacewalk: XSS in EditAddress page

Cross-site scripting XSS vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network RHN Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter...

3.5CVSS5.9AI score0.01593EPSS
Exploits0References4
redhat
redhat
added 2012/03/29 6:31 p.m.7 views

satellite: remote package upload without authorization

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when modwsgi is used, which allows remote attackers to cause a denial of service /var partition disk consumption and failed updates via a...

5CVSS5.9AI score0.03016EPSS
Exploits0References4
Rows per page
Query Builder