104 matches found
Privilege Escalation
spacewalk-java is vulnerable to privilege escalation. The vulnerability exists as it was found that RHN Satellite did not protect against Cross-Site Request Forgery CSRF attacks. If an authenticated RHN Satellite user visited a specially-crafted web page, it could lead to unauthorized command...
SUSE-SU-2019:1703-1 Security update for SUSE Manager Server 3.2
This update fixes the following issues: cobbler: - Removes string replace for textmode fix bsc1134195 py26-compat-salt: - Avoid syntax error on yumpkg module running on Python 2.6 bsc1136250 - Use ThreadPool from multiprocessing.pool to avoid leakins when calculating FQDNs - Fix usermod options f...
Cross-Site Scripting (XSS)
Red Hat Satellite is vulnerable to cross-site scripting XSS. The vulnerability exists in the way spacewalk-java displays group names. This allows an attacker to inject arbitrary web script or HTML into the web page that is then displayed when viewing the snapshot data...
Arbitrary Code Execution
spacewalk-java is vulnerable to arbitrary code execution. The vulnerability is exploitable through Java Web Start applications, and sandboxed Java applets...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting. A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed monitoring probes. An attacker can embed HTML and Javascript in the values for RHNMD User or Filesystem parameters in Satellite, allowing them to inject...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this...
XML External Entity (XXE)
spacewalk-java is vulnerable to XML External Entity XXE attacks. The vulnerability exists as the RPC interface in Spacewalk and Red Hat Network RHN Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists through multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists through multiple cross-site scripting XSS vulnerabilities in spacewalk-java in Spacewalk and Red Hat Network RHN Satellite allow remote attackers to inject arbitrary web script or HTML via unspecified vecto...
Privilege Escalation
spacewalk-java is vulnerable to privilege escalation attacks. The vulnerability exists as Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts...
Cross-site Scripting (XSS)
spacewalk-java is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not...
CVE-2016-3097
Cross-site scripting XSS vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data...
CVE-2016-3097
Cross-site scripting XSS vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data...
CVE-2016-3097
CVE-2016-3097 is a stored cross-site scripting (XSS) vulnerability in spacewalk-java used by Red Hat Satellite 5.7. The flaw allows an attacker to inject HTML/Script via group names, affecting snapshot view data. Public advisories (RHSA-2016:1484) document this as a fix in spacewalk-java, with re...
Moderate: Red Hat Security Advisory: spacewalk-java security and bug fix update
An update for spacewalk-java is now available for Red Hat Satellite 5.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
spacewalk-java: Multiple XSS flaws
A stored cross-site scripting XSS flaw was found in the way spacewalk-java displayed group names. An attacker can embed HTML and Javascript in the values for group names in Satellite, allowing them to inject malicious content into the web page that is then displayed when viewing the snapshot data...
Red Hat RHN Satellite Spacewalk-Java Cross-Site Scripting Vulnerability
Red Hat Network Satellite RHN Satellite, Red Hat Network Satellite is the United States Red Hat Red Hat a set of system management platform. spacewalk-Java is a set of Java language written and based on the Red Hat Network Satellite development of open-source Linux system management solution. A...
CVE-2015-0284
CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...
SUSE-SU-2015:0945-1 Security update for spacewalk-java, spacewalk-setup
The spacewalk-java and spacewalk-setup packages were updated to fix one security issue: CVE-2014-8162: RPC API XML External Entities file disclosure. bsc922525 Security Issues: CVE-2014-8162...
RHEL 5 / 6 : spacewalk-java, spacewalk-web and satellite-branding (RHSA-2014:0148)
Updated spacewalk-java, spacewalk-web, and satellite-branding packages that fix multiple security issues are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores,...