Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Satellite
Total 223 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0284 1 Redhat 2 Satellite, Spacewalk-java 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811.
CVE-2014-8183 2 Redhat, Theforeman 2 Satellite, Foreman 2024-11-21 6.5 MEDIUM 7.4 HIGH
It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations.
CVE-2014-8180 2 Mongodb, Redhat 2 Mongodb, Satellite 2024-11-21 2.1 LOW 5.5 MEDIUM
MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.
CVE-2014-8168 1 Redhat 1 Satellite 2024-11-21 4.6 MEDIUM 6.1 MEDIUM
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2014-8163 1 Redhat 1 Satellite 2024-11-21 5.5 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5.
CVE-2014-7812 2 Redhat, Suse 3 Satellite, Spacewalk, Manager 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2014-3654 2 Redhat, Suse 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 and 5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) kickstart/cobbler/CustomSnippetList.do, (2) channels/software/Entitlements.do, or (3) admin/multiorg/OrgUsers.do.
CVE-2014-3595 2 Redhat, Suse 6 Satellite, Satellite With Embedded Oracle, Spacewalk-java and 3 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.
CVE-2014-3590 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content.
CVE-2014-0241 2 Redhat, Theforeman 2 Satellite, Hammer Cli 2024-11-21 2.1 LOW 5.5 MEDIUM
rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable
CVE-2014-0141 1 Redhat 1 Satellite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3.
CVE-2013-6461 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
CVE-2013-6460 3 Debian, Nokogiri, Redhat 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
CVE-2013-4480 2 Redhat, Suse 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more 2024-11-21 7.5 HIGH N/A
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2013-4415 2 Redhat, Suse 5 Satellite, Satellite 5 Managed Db, Spacewalk-java and 2 more 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED.
CVE-2013-2101 2 Redhat, Theforeman 2 Satellite, Katello 2024-11-21 3.5 LOW 5.4 MEDIUM
Katello has multiple XSS issues in various entities
CVE-2013-2056 1 Redhat 1 Satellite 2024-11-21 5.0 MEDIUM N/A
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2013-1871 1 Redhat 1 Satellite 2024-11-21 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2013-1869 1 Redhat 2 Satellite, Spacewalk-java 2024-11-21 4.3 MEDIUM N/A
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
CVE-2012-6685 2 Nokogiri, Redhat 8 Nokogiri, Cloudforms Management Engine, Enterprise Mrg and 5 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Nokogiri before 1.5.4 is vulnerable to XXE attacks