Filtered by vendor Redhat Subscriptions
Filtered by product Satellite Subscriptions
Total 534 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-4346 2 Redhat, Urbanairship 3 Satellite, Satellite Capsule, Python-oauth2 2024-11-21 N/A
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
CVE-2013-4225 2 Redhat, Restful Web Services Project 2 Satellite, Restful Web Services 2024-11-21 8.8 High
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
CVE-2013-4201 2 Katello, Redhat 2 Katello, Satellite 2024-11-21 N/A
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.
CVE-2013-4182 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2024-11-21 N/A
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4180 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2024-11-21 N/A
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol.
CVE-2013-2882 4 Debian, Google, Nodejs and 1 more 6 Debian Linux, Chrome, Node.js and 3 more 2024-11-21 N/A
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2013-2121 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2024-11-21 N/A
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute.
CVE-2013-2101 2 Redhat, Theforeman 2 Satellite, Katello 2024-11-21 5.4 Medium
Katello has multiple XSS issues in various entities
CVE-2013-2099 3 Canonical, Python, Redhat 8 Ubuntu Linux, Python, Openstack and 5 more 2024-11-21 N/A
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate.
CVE-2013-2056 1 Redhat 2 Network Satellite, Satellite 2024-11-21 N/A
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call.
CVE-2013-1871 1 Redhat 2 Network Satellite, Satellite 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter.
CVE-2013-1869 1 Redhat 3 Network Satellite, Satellite, Spacewalk-java 2024-11-21 N/A
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter.
CVE-2012-6685 2 Nokogiri, Redhat 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more 2024-11-21 7.5 High
Nokogiri before 1.5.4 is vulnerable to XXE attacks
CVE-2012-6619 2 Mongodb, Redhat 5 Mongodb, Enterprise Mrg, Openstack and 2 more 2024-11-21 N/A
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVE-2012-6149 1 Redhat 4 Network Satellite, Satellite, Satellite 5 Managed Db and 1 more 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call.
CVE-2012-5562 1 Redhat 2 Network Proxy, Satellite 2024-11-21 6.5 Medium
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite
CVE-2012-1145 1 Redhat 3 Enterprise Linux, Network Satellite, Satellite 2024-11-21 N/A
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads.
CVE-2012-0059 1 Redhat 3 Network Proxy, Network Satellite, Satellite 2024-11-21 N/A
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email.
CVE-2011-4346 1 Redhat 3 Enterprise Linux, Network Satellite, Satellite 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.
CVE-2010-2236 1 Redhat 3 Network Proxy, Satellite, Spacewalk-java 2024-11-21 N/A
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks.