Redhat Satellite vulnerabilities

222 known vulnerabilities affecting redhat/satellite.

Total CVEs

222

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL30HIGH56MEDIUM109LOW27

Vulnerabilities

Page 11 of 12

CVE-2015-5233MEDIUMCVSS 4.2v6.12016-04-11

CVE-2015-5233 [MEDIUM] CWE-264 CVE-2015-5233: Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allo Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual

nvd

CVE-2015-5006LOWCVSS 2.1v5.6v5.72015-12-07

CVE-2015-5006 [LOW] CWE-200 CVE-2015-5006: IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attackers to obtain sensitive information by reading the Kerberos Credential Cache.

nvd

CVE-2015-8126HIGHCVSS 7.5v5.7v5.62015-11-13

CVE-2015-8126 [HIGH] CWE-120 CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1. Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value

nvd

CVE-2015-4902MEDIUMCVSS 5.3KEVv5.6v5.72015-10-22

CVE-2015-4902 [MEDIUM] CWE-284 CVE-2015-4902: Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 allows remote attackers to affect integrity via unknown vectors related to Deployment.

nvd

CVE-2015-2590CRITICALCVSS 9.8KEVv5.6v5.72015-07-16

CVE-2015-2590 [CRITICAL] CVE-2015-2590: Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

nvd

CVE-2015-2808MEDIUMCVSS 5.0v5.7v5.62015-04-01

CVE-2015-2808 [MEDIUM] CWE-327 CVE-2015-2808: The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state dat The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invarian

nvd

CVE-2014-7812LOWCVSS 3.5v5.62015-01-15

CVE-2014-7812 [LOW] CWE-79 CVE-2014-7812: Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7 Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.

nvd

CVE-2014-3654MEDIUMCVSS 4.3v5.5v5.62014-11-03

CVE-2014-3654 [MEDIUM] CWE-79 CVE-2014-3654: Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.

nvd

CVE-2014-3595MEDIUMCVSS 4.3v5.4v5.5+1 more2014-09-22

CVE-2014-3595 [MEDIUM] CWE-79 CVE-2014-3595: Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk an Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

nvd

CVE-2010-2236MEDIUMCVSS 6.0v4.0v4.1+4 more2014-04-15

CVE-2010-2236 [MEDIUM] CWE-20 CVE-2010-2236: The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.

nvd

CVE-2013-1869MEDIUMCVSS 4.3v5.62014-04-01

CVE-2013-1869 [MEDIUM] CWE-20 CVE-2013-1869: CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.

nvd

CVE-2013-4415MEDIUMCVSS 4.3v5.62014-02-14

CVE-2013-4415 [MEDIUM] CWE-79 CVE-2013-4415: Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10)

nvd

CVE-2012-6149LOWCVSS 3.5v5.62014-02-14

CVE-2012-6149 [LOW] CWE-79 CVE-2012-6149: Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Ha Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.

nvd

CVE-2013-1871LOWCVSS 3.5v5.62014-02-14

CVE-2013-1871 [LOW] CWE-79 CVE-2013-1871: Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.

nvd

CVE-2012-0059MEDIUMCVSS 4.9v5.42014-02-05

CVE-2012-0059 [MEDIUM] CWE-209 CVE-2012-0059: A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a syste A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the unauthorized disclosure of user passwords.

nvd

CVE-2013-4480HIGHCVSS 7.5≤ 5.62013-11-18

CVE-2013-4480 [HIGH] CWE-668 CVE-2013-4480: Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the firs Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

nvd

CVE-2013-2056MEDIUMCVSS 5.0v5.3v5.4+1 more2013-07-31

CVE-2013-2056 [MEDIUM] CWE-287 CVE-2013-2056: The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does n The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.

nvd

CVE-2012-1145MEDIUMCVSS 5.0v5.42012-06-16

CVE-2012-1145 [MEDIUM] CWE-287 CVE-2012-1145: spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly a spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.

nvd

CVE-2011-4346LOWCVSS 3.5v5.4.12011-12-10

CVE-2011-4346 [LOW] CWE-79 CVE-2011-4346: Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4 Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

nvd

CVE-2010-1171MEDIUMCVSS 5.5v5.3v5.42011-04-18

CVE-2010-1171 [MEDIUM] CWE-264 CVE-2010-1171: Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.

nvd

← Previous11 / 12Next →