Redhat

Satellite

221 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-4415

  • EPSS 0.33%
  • Veröffentlicht 14.02.2014 15:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3)...

3.5

CVE-2012-6149

Exploit
  • EPSS 0.25%
  • Veröffentlicht 14.02.2014 15:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a s...

3.5

CVE-2013-1871

  • EPSS 0.29%
  • Veröffentlicht 14.02.2014 15:55:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

4.3

CVE-2012-0059

  • EPSS 0.23%
  • Veröffentlicht 05.02.2014 18:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the serve...

7.5

CVE-2013-4480

  • EPSS 0.7%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

5

CVE-2013-2056

  • EPSS 0.33%
  • Veröffentlicht 31.07.2013 13:20:24
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5

CVE-2012-1145

  • EPSS 1.79%
  • Veröffentlicht 16.06.2012 00:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var part...

3.5

CVE-2011-4346

  • EPSS 0.28%
  • Veröffentlicht 10.12.2011 17:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

5.5

CVE-2010-1171

  • EPSS 0.89%
  • Veröffentlicht 18.04.2011 17:55:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and pa...

9.1

CVE-2008-2369

  • EPSS 0.62%
  • Veröffentlicht 14.08.2008 20:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.