Search Results (Refine Search)
- CPE Product Version: cpe:/a:redhat:satellite:5.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4320 |
An arithmetic overflow flaw was found in Satellite when creating a new personal access token. This flaw allows an attacker who uses this arithmetic overflow to create personal access tokens that are valid indefinitely, resulting in damage to the system's integrity. Published: December 18, 2023; 9:15:09 AM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2012-5562 |
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite Published: December 02, 2019; 2:15:11 PM -0500 |
V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2019-3845 |
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host registered to Satellite (or Capsule) can use this flaw to access QMF methods to any host also registered to Satellite (or Capsule) and execute privileged commands. Published: April 11, 2019; 11:29:00 AM -0400 |
V3.1: 8.0 HIGH V2.0: 5.2 MEDIUM |
CVE-2017-7513 |
It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate. Published: August 22, 2018; 11:29:00 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2017-7514 |
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users. Published: July 30, 2018; 11:29:00 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-12175 |
Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality. Published: July 26, 2018; 1:29:00 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2017-7538 |
A cross-site scripting (XSS) flaw was found in how an organization name is displayed in Satellite 5, before 5.8. A user able to change an organization's name could exploit this flaw to perform XSS attacks against other Satellite users. Published: July 26, 2018; 11:29:00 AM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2014-3595 |
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. Published: September 22, 2014; 11:55:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-0059 |
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. Published: February 05, 2014; 1:55:06 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-4480 |
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Published: November 17, 2013; 9:55:07 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2013-2056 |
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. Published: July 31, 2013; 9:20:24 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-1145 |
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. Published: June 15, 2012; 8:55:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-1171 |
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels. Published: April 18, 2011; 1:55:00 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |