Redhat

Network Satellite

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2014-8162

  • EPSS 0.61%
  • Published 14.05.2015 14:59:05
  • Last modified 12.04.2025 10:46:40

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

3.5

CVE-2014-7811

  • EPSS 0.18%
  • Published 15.01.2015 15:59:01
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

6.5

CVE-2013-2143

Exploit
  • EPSS 63.43%
  • Published 17.04.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

4.3

CVE-2011-3344

  • EPSS 0.39%
  • Published 05.02.2014 18:55:06
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.

4.3

CVE-2011-2919

  • EPSS 0.32%
  • Published 05.02.2014 18:55:05
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.

4.3

CVE-2011-2920

  • EPSS 0.39%
  • Published 05.02.2014 18:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.

4.3

CVE-2011-2927

  • EPSS 0.34%
  • Published 05.02.2014 18:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.

5.8

CVE-2011-1594

  • EPSS 0.27%
  • Published 05.02.2014 18:55:04
  • Last modified 11.04.2025 00:51:21

Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.

7.5

CVE-2013-4480

  • EPSS 0.7%
  • Published 18.11.2013 02:55:07
  • Last modified 11.04.2025 00:51:21

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

4.3

CVE-2007-5961

  • EPSS 0.33%
  • Published 23.05.2008 15:32:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.