Lucene search
K
RedhatNetwork Satellite

10 matches found

CVE
CVE
added 2013/11/15 6:16 p.m.92 views

CVE-2013-4480

CVE-2013-4480 affects Red Hat Satellite 5.6 and earlier. The root cause is that the web interface used to create the initial administrator user was not disabled after setup, enabling a remote attacker to create an admin account. Documented impact is the potential for unauthorized administrative a...

7.5CVSS6.7AI score0.02134EPSS
CVE
CVE
added 2015/05/14 2:0 p.m.81 views

CVE-2014-8162

Summary: CVE-2014-8162 describes an XML External Entity (XXE) vulnerability in the RPC interface of Spacewalk and Red Hat Network (RHN) Satellite, affecting version 5.7 and earlier. The issue allows a remote attacker to read arbitrary files and potentially other unspecified impact via unknown vec...

7.5CVSS7.1AI score0.02694EPSS
CVE
CVE
added 2015/01/15 3:0 p.m.70 views

CVE-2014-7811

CVE-2014-7811: Spacewalk and RHN Satellite before 5.7.0 are affected by cross-site scripting via crafted XML data in the REST API. Remote authenticated users can inject arbitrary scripts/HTML. Remediation: upgrade to Spacewalk/RHN Satellite 5.7.0 (per RHSA-2015:0033) or apply related patches. Not...

3.5CVSS5.2AI score0.01463EPSS
CVE
CVE
added 2014/02/05 6:0 p.m.65 views

CVE-2011-2919

CVE-2011-2919 is a cross-site scripting (XSS) vulnerability in Spacewalk 1.6 as used with Red Hat Network Satellite. The issue allows a remote attacker to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. Connected documents corroborate the vulnerability in R...

4.3CVSS5.8AI score0.01188EPSS
CVE
CVE
added 2014/02/05 6:0 p.m.62 views

CVE-2011-3344

CVE-2011-3344 is a cross-site scripting (XSS) flaw in the Spacewalk/RHN Satellite web interface, exposed via the Lookup Login/Password form in Spacewalk 1.6. The root cause is a reflected XSS vulnerability in the URI handling of the RHN Satellite web UI, allowing remote attackers to inject arbitr...

5.4CVSS5.9AI score0.01474EPSS
CVE
CVE
added 2014/02/05 6:0 p.m.60 views

CVE-2011-2920

CVE-2011-2920 corresponds to multiple XSS flaws in Spacewalk 1.6 used by Red Hat Network Satellite. The Spacewalk web interface has vulnerabilities that allow remote attackers to inject arbitrary script/HTML, notably via the Filter by Synopsis field. Public references from SUSE and Red Hat descri...

5.5CVSS6.2AI score0.02048EPSS
CVE
CVE
added 2014/04/17 2:0 p.m.59 views

CVE-2013-2143

Summary: CVE-2013-2143 records a privilege-escalation flaw in Katello 1.5.0-14 and earlier (and Red Hat Satellite) where the users controller’s update_roles action does not enforce authorization. This allows remote authenticated users to elevate a normal account to administrator by manipulating t...

6.5CVSS6.6AI score0.48221EPSS
Web
CVE
CVE
added 2008/05/23 2:0 p.m.57 views

CVE-2007-5961

CVE-2007-5961 is a cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature used by Red Hat Network Satellite Server (and RHN) prior to version 5.0.2. The underlying issue allowed remote attackers to inject arbitrary web script or HTML via unknown vectors. The connec...

4.3CVSS5.7AI score0.01083EPSS
CVE
CVE
added 2014/02/05 6:0 p.m.57 views

CVE-2011-1594

CVE-2011-1594 is an Open Redirect in Spacewalk 1.6 used by Red Hat Network Satellite. The flaw allows remote attackers to redirect users to arbitrary sites via the url_bounce parameter, enabling phishing-like redirects. Multiple references (RHSA-2011:1299, SUSE CVE page) indicate an open‑redirect...

6.5CVSS6AI score0.01468EPSS
CVE
CVE
added 2014/02/05 6:0 p.m.56 views

CVE-2011-2927

CVE-2011-2927 is an XSS vulnerability affecting Spacewalk 1.6 as used by Red Hat Network Satellite. The issue enables a remote attacker to inject scripts via Search form vectors in the RHN Satellite web interface. Connected sources (SUSE, Red Hat advisory RHSA-2011:1299, Veracode listing) confirm...

5.4CVSS5.9AI score0.01474EPSS