ByteOS Network

CVE-2014-8162

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-7.5||HIGH

EPSS-0.61% / 68.66%

||

7 Day CHG~0.00%

Published-14 May, 2015 | 14:00

Updated-12 Apr, 2025 | 10:46

XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors.

Vendor-n/a Red Hat, Inc.SUSE

Product-network_satellite manager n/a

CVE-2014-7811

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-3.5||LOW

EPSS-0.18% / 40.40%

||

7 Day CHG~0.00%

Published-15 Jan, 2015 | 15:00

Updated-12 Apr, 2025 | 10:46

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.

Vendor-n/a Red Hat, Inc.SUSE

Product-network_satellite spacewalk manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-2143

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-6.5||MEDIUM

EPSS-61.63% / 98.27%

||

7 Day CHG~0.00%

Published-17 Apr, 2014 | 14:00

Updated-12 Apr, 2025 | 10:46

The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

Vendor-n/a Red Hat, Inc.The Foreman

Product-network_satellite katello n/a

CWE ID-CWE-20

Improper Input Validation

CVE-2011-2920

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.39% / 59.21%

||

7 Day CHG~0.00%

Published-05 Feb, 2014 | 18:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms.

Vendor-n/a Red Hat, Inc.

Product-network_satellite spacewalk n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-2927

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.34% / 56.29%

||

7 Day CHG~0.00%

Published-05 Feb, 2014 | 18:00

Updated-11 Apr, 2025 | 00:51

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms.

Vendor-n/a Red Hat, Inc.

Product-network_satellite spacewalk n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-3344

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.39% / 59.21%

||

7 Day CHG~0.00%

Published-05 Feb, 2014 | 18:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI.

Vendor-n/a Red Hat, Inc.

Product-network_satellite spacewalk n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2011-1594

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-5.8||MEDIUM

EPSS-0.27% / 50.50%

||

7 Day CHG~0.00%

Published-05 Feb, 2014 | 18:00

Updated-11 Apr, 2025 | 00:51

Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter.

Vendor-n/a Red Hat, Inc.

Product-network_satellite spacewalk n/a

CWE ID-CWE-20

Improper Input Validation

CVE-2011-2919

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 54.61%

||

7 Day CHG~0.00%

Published-05 Feb, 2014 | 18:00

Updated-11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.

Vendor-n/a Red Hat, Inc.

Product-network_satellite spacewalk n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-4480

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-7.5||HIGH

EPSS-0.70% / 71.17%

||

7 Day CHG~0.00%

Published-15 Nov, 2013 | 18:16

Updated-11 Apr, 2025 | 00:51

Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.

Vendor-n/a Red Hat, Inc.SUSE

Product-network_satellite satellite_with_embedded_oracle satellite manager linux_enterprise n/a

CWE ID-CWE-668

Exposure of Resource to Wrong Sphere

CVE-2007-5961

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.33% / 55.24%

||

7 Day CHG~0.00%

Published-23 May, 2008 | 14:00

Updated-07 Aug, 2024 | 15:47

Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a Red Hat, Inc.

Product-network_satellite n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

network_satellite

Source -

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -