Lucene search
K
RedhatSpacewalk-java

9 matches found

CVE
CVE
added 2016/04/14 2:0 p.m.90 views

CVE-2015-0284

CVE-2015-0284 describes a cross-site scripting (XSS) vulnerability in spacewalk-java used by Spacewalk and Red Hat Satellite 5.7. The issue allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details, and is noted as a co...

5.4CVSS5.3AI score0.01244EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.82 views

CVE-2013-4415

CVE-2013-4415 affects Red Hat Satellite/Spacewalk (Spacewalk 5.6 and RHN Satellite). The connected sources describe multiple cross-site scripting (XSS) vulnerabilities in the Red Hat Satellite web interface, enabling remote attackers to inject arbitrary web script or HTML via numerous parameters ...

4.3CVSS5.7AI score0.01732EPSS
CVE
CVE
added 2014/09/22 3:0 p.m.75 views

CVE-2014-3595

CVE-2014-3595 affects spacewalk-java components (versions 1.2.39, 1.7.54, 2.0.2) used by Spacewalk/RHN Satellite 5.4–5.6. Root cause: a stored XSS flaw where a crafted request, not properly sanitized during logging, allows injection of arbitrary HTML/JS into the log view page. Impact: remote atta...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2014/11/03 4:0 p.m.71 views

CVE-2014-3654

CVE-2014-3654 affects spacewalk-java 2.0.2 used in Spacewalk and RHN Satellite (Spacewalk 2.x). The issue is stored XSS via multiple endpoints: kickstart/cobbler/CustomSnippetList.do, channels/software/Entitlements.do, and admin/multiorg/OrgUsers.do. Affected products report XSS in spacewalk-java...

4.3CVSS5.7AI score0.01759EPSS
CVE
CVE
added 2014/04/01 1:0 a.m.69 views

CVE-2013-1869

CVE-2013-1869 affects spacewalk-java before 2.1.148-1 and Red Hat Network Satellite 5.6, allowing remote header injection via the return_url parameter that can enable HTTP response splitting and XSS. Responsible updates are in RHSA-2014:0148 (spacewalk-java, spacewalk-web, satellite-branding); ap...

4.3CVSS6AI score0.0185EPSS
CVE
CVE
added 2016/04/14 2:0 p.m.66 views

CVE-2016-3079

CVE-2016-3079 covers multiple XSS vulnerabilities in the Web UI of Spacewalk and Red Hat Satellite 5.7, exploitable via several vectors in SystemEntitlements.do, EntitlementDetails.do, and System Set Manager components. The connected records indicate mitigations/patches exist: Red Hat issued RHSA...

6.1CVSS6AI score0.01578EPSS
Web
CVE
CVE
added 2011/07/27 1:29 a.m.63 views

CVE-2009-4139

The CVE-2009-4139 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in Spacewalk’s spacewalk-java (version 1.2.39) used by Red Hat Network Satellite server (5.3.0–5.4.1) and related products. The issue allows an attacker, by deceiving an authenticated user, to hijack that user’s s...

6.8CVSS5.6AI score0.00821EPSS
CVE
CVE
added 2014/02/14 3:0 p.m.60 views

CVE-2012-6149

CVE-2012-6149 describes multiple XSS vulnerabilities in Spacewalk/RHN Satellite 5.6 via notes.jsp (subject/content) that allow an authenticated or remote attacker to inject scripts in the notes system.addNote XML-RPC flow. Connected sources identify Spacewalk 5.6 as affected and describe the root...

3.5CVSS5.7AI score0.01573EPSS
Web
CVE
CVE
added 2014/04/15 6:0 p.m.50 views

CVE-2010-2236

The CVE-2010-2236 issue concerns the monitoring probe display in spacewalk-java (before 2.1.148-1) and RHN Satellite (4.0.0–4.2.0, 5.1.0–5.3.0) and Proxy 5.3.0. It allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors,...

6CVSS7.6AI score0.0306EPSS