Redhat

Satellite

229 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2013-1871

  • EPSS 0.29%
  • Veröffentlicht 14.02.2014 15:55:04
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

4.9

CVE-2012-0059

  • EPSS 0.36%
  • Veröffentlicht 05.02.2014 18:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by readin...

7.5

CVE-2013-4480

  • EPSS 0.7%
  • Veröffentlicht 18.11.2013 02:55:07
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

5

CVE-2013-2056

  • EPSS 0.33%
  • Veröffentlicht 31.07.2013 13:20:24
  • Zuletzt bearbeitet 29.04.2026 01:13:23

The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

5

CVE-2012-1145

  • EPSS 1.79%
  • Veröffentlicht 16.06.2012 00:55:06
  • Zuletzt bearbeitet 29.04.2026 01:13:23

spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var part...

3.5

CVE-2011-4346

  • EPSS 0.28%
  • Veröffentlicht 10.12.2011 17:55:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

5.5

CVE-2010-1171

  • EPSS 0.96%
  • Veröffentlicht 18.04.2011 17:55:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and pa...

9.1

CVE-2008-2369

  • EPSS 0.62%
  • Veröffentlicht 14.08.2008 20:41:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a hard-coded authentication key, which allows remote attackers to connect to the server and obtain sensitive information about user accounts and entitlements.

5

CVE-2007-1349

  • EPSS 18.23%
  • Veröffentlicht 30.03.2007 00:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted U...