Redhat

Spacewalk

12 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2020-1693

Exploit
  • EPSS 7.13%
  • Published 17.02.2020 20:15:11
  • Last modified 21.11.2024 05:11:10

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of ...

4.3

CVE-2019-10136

  • EPSS 0.1%
  • Published 02.07.2019 20:15:11
  • Last modified 21.11.2024 04:18:29

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity witho...

9.8

CVE-2019-10137

  • EPSS 8.94%
  • Published 02.07.2019 20:15:11
  • Last modified 21.11.2024 04:18:29

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to...

9.8

CVE-2017-7470

  • EPSS 0.91%
  • Published 27.07.2018 13:29:00
  • Last modified 21.11.2024 03:31:58

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.

7.5

CVE-2018-1077

  • EPSS 0.22%
  • Published 14.03.2018 18:29:00
  • Last modified 21.11.2024 03:59:07

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.

3.5

CVE-2014-7812

  • EPSS 0.21%
  • Published 15.01.2015 15:59:02
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

3.5

CVE-2014-7811

  • EPSS 0.18%
  • Published 15.01.2015 15:59:01
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

4.3

CVE-2011-3344

  • EPSS 0.39%
  • Published 05.02.2014 18:55:06
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3

CVE-2011-2919

  • EPSS 0.32%
  • Published 05.02.2014 18:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.

4.3

CVE-2011-2920

  • EPSS 0.39%
  • Published 05.02.2014 18:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.