Spacewalk-java Security Vulnerabilities and Issues — Spacewalk-java CVE List

Lucene search

RedhatSpacewalk-java

9 matches found

CVE•added 2016/04/14 2:59 p.m.•68 views

CVE-2015-0284

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for...

5.4CVSS5.3AI score0.00427EPSS

CVE•added 2014/02/14 3:55 p.m.•62 views

CVE-2013-4415

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_...

4.3CVSS5.7AI score0.0033EPSS

CVE•added 2014/09/22 3:55 p.m.•56 views

CVE-2014-3595

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

4.3CVSS5.7AI score0.00302EPSS

CVE•added 2014/11/03 4:55 p.m.•53 views

CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitle...

4.3CVSS5.7AI score0.00302EPSS

CVE•added 2014/04/01 6:35 a.m.•51 views

CVE-2013-1869

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

4.3CVSS6AI score0.00417EPSS

CVE•added 2016/04/14 2:59 p.m.•48 views

CVE-2016-3079

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name...

6.1CVSS6AI score0.00523EPSS

CVE•added 2011/07/27 2:55 a.m.•45 views

CVE-2009-4139

Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java site packages (aka spacewalk-java) 1.2.39 in Spacewalk, as used in the server in Red Hat Network Satellite 5.3.0 through 5.4.1 and other products, allows remote attackers to hijack the authentication of arbitrary users for reques...

6.8CVSS7.3AI score0.00173EPSS

CVE•added 2014/02/14 3:55 p.m.•42 views

CVE-2012-6149

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

3.5CVSS5.7AI score0.00252EPSS

CVE•added 2014/04/15 11:55 p.m.•39 views

CVE-2010-2236

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rel...

6CVSS7.6AI score0.02056EPSS