Lucene search

K
RedhatSatellite

220 matches found

CVE
CVE
added 2016/04/14 2:59 p.m.48 views

CVE-2016-3079

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name...

6.1CVSS6AI score0.00523EPSS
CVE
CVE
added 2022/08/26 4:15 p.m.48 views

CVE-2021-3414

A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.

8.1CVSS7.8AI score0.00094EPSS
CVE
CVE
added 2019/11/05 3:15 p.m.47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS
CVE
CVE
added 2017/08/28 3:29 p.m.47 views

CVE-2014-8168

Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.

6.1CVSS6.1AI score0.00034EPSS
CVE
CVE
added 2016/08/05 2:59 p.m.47 views

CVE-2016-3097

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.

6.1CVSS6AI score0.00249EPSS
CVE
CVE
added 2019/12/13 1:15 p.m.46 views

CVE-2014-0241

rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable

5.5CVSS5.5AI score0.00104EPSS
CVE
CVE
added 2016/08/05 2:59 p.m.46 views

CVE-2016-3080

Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.

6.1CVSS6AI score0.00235EPSS
CVE
CVE
added 2016/04/14 2:59 p.m.45 views

CVE-2016-2103

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do.

6.1CVSS6AI score0.00286EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.45 views

CVE-2020-14371

A credential leak vulnerability was found in Red Hat Satellite. This flaw exposes the compute resources credentials through VMs that are running on these resources in Satellite.

6.5CVSS6.4AI score0.00274EPSS
CVE
CVE
added 2013/07/31 1:20 p.m.44 views

CVE-2013-2056

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5CVSS6.9AI score0.00377EPSS
CVE
CVE
added 2017/08/28 7:29 p.m.44 views

CVE-2014-8163

Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.

6.5CVSS6.5AI score0.00684EPSS
CVE
CVE
added 2019/01/22 3:29 p.m.44 views

CVE-2018-14666

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organization the host belongs to. This flaw affects all Red Hat Satellite 6 versions.

7.2CVSS6.8AI score0.00353EPSS
CVE
CVE
added 2024/06/05 3:15 p.m.44 views

CVE-2024-3716

A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password.

6.2CVSS6.3AI score0.00043EPSS
CVE
CVE
added 2017/04/13 2:59 p.m.43 views

CVE-2016-2104

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/Na...

6.1CVSS6AI score0.00301EPSS
CVE
CVE
added 2014/02/14 3:55 p.m.42 views

CVE-2012-6149

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

3.5CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2019/12/03 2:15 p.m.41 views

CVE-2013-2101

Katello has multiple XSS issues in various entities

5.4CVSS5.2AI score0.00261EPSS
CVE
CVE
added 2018/03/14 6:29 p.m.41 views

CVE-2018-1077

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

7.5CVSS7.3AI score0.00234EPSS
CVE
CVE
added 2014/04/15 11:55 p.m.39 views

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rel...

6CVSS7.6AI score0.02056EPSS
CVE
CVE
added 2023/10/04 2:15 p.m.38 views

CVE-2023-1832

An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

8.1CVSS7.3AI score0.00116EPSS
CVE
CVE
added 2017/08/28 3:29 p.m.35 views

CVE-2014-0141

Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.

6.1CVSS6.1AI score0.0028EPSS
Total number of security vulnerabilities220