Manager@1.7 Security Vulnerabilities and Issues — Manager@1.7 CVE List

Lucene search

SuseManager1.7

8 matches found

CVE•added 2015/04/01 2:0 a.m.•846 views

CVE-2015-2808

The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic tha...

5CVSS4.8AI score0.4884EPSS

CVE•added 2014/02/14 3:55 p.m.•62 views

CVE-2013-4415

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_...

4.3CVSS5.7AI score0.0033EPSS

CVE•added 2015/05/14 2:59 p.m.•61 views

CVE-2014-8162

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

7.5CVSS7.1AI score0.00606EPSS

CVE•added 2013/11/18 2:55 a.m.•60 views

CVE-2013-4480

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

7.5CVSS6.7AI score0.00704EPSS

CVE•added 2014/09/22 3:55 p.m.•56 views

CVE-2014-3595

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

4.3CVSS5.7AI score0.00302EPSS

CVE•added 2015/01/15 3:59 p.m.•55 views

CVE-2014-7812

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

3.5CVSS5.3AI score0.00209EPSS

CVE•added 2014/11/03 4:55 p.m.•53 views

CVE-2014-3654

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitle...

4.3CVSS5.7AI score0.00302EPSS

CVE•added 2015/01/15 3:59 p.m.•49 views

CVE-2014-7811

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

3.5CVSS5.2AI score0.00184EPSS