Redhat

Satellite

221 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2013-4415

  • EPSS 0.33%
  • Published 14.02.2014 15:55:05
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3)...

3.5

CVE-2012-6149

Exploit
  • EPSS 0.25%
  • Published 14.02.2014 15:55:04
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a s...

3.5

CVE-2013-1871

  • EPSS 0.29%
  • Published 14.02.2014 15:55:04
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

4.3

CVE-2012-0059

  • EPSS 0.23%
  • Published 05.02.2014 18:55:06
  • Last modified 11.04.2025 00:51:21

Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the serve...

7.5

CVE-2013-4480

  • EPSS 0.7%
  • Published 18.11.2013 02:55:07
  • Last modified 11.04.2025 00:51:21

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

5

CVE-2013-2056

  • EPSS 0.33%
  • Published 31.07.2013 13:20:24
  • Last modified 11.04.2025 00:51:21

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5

CVE-2012-1145

  • EPSS 1.79%
  • Published 16.06.2012 00:55:06
  • Last modified 11.04.2025 00:51:21

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var part...

3.5

CVE-2011-4346

  • EPSS 0.28%
  • Published 10.12.2011 17:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

5.5

CVE-2010-1171

  • EPSS 0.89%
  • Published 18.04.2011 17:55:00
  • Last modified 11.04.2025 00:51:21

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and pa...

9.1

CVE-2008-2369

  • EPSS 0.62%
  • Published 14.08.2008 20:41:00
  • Last modified 09.04.2025 00:30:58

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.