Lucene search

K
RedhatSatellite5.4

6 matches found

CVE
CVE
added 2014/02/05 6:55 p.m.63 views

CVE-2012-0059

Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.

4.3CVSS6.7AI score0.00229EPSS
CVE
CVE
added 2014/09/22 3:55 p.m.56 views

CVE-2014-3595

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

4.3CVSS5.7AI score0.00302EPSS
CVE
CVE
added 2012/06/16 12:55 a.m.55 views

CVE-2012-1145

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a ...

5CVSS6.8AI score0.01791EPSS
CVE
CVE
added 2011/04/18 5:55 p.m.50 views

CVE-2010-1171

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.

5.5CVSS6.7AI score0.00888EPSS
CVE
CVE
added 2018/08/22 3:29 p.m.50 views

CVE-2017-7513

It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate.

5.8CVSS5.2AI score0.0009EPSS
CVE
CVE
added 2013/07/31 1:20 p.m.44 views

CVE-2013-2056

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5CVSS6.9AI score0.00377EPSS