Filtered by vendor Redhat
Subscriptions
Filtered by product Satellite
Subscriptions
Total
534 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-4346 | 2 Redhat, Urbanairship | 3 Satellite, Satellite Capsule, Python-oauth2 | 2024-11-21 | N/A |
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | ||||
CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
CVE-2013-4201 | 2 Katello, Redhat | 2 Katello, Satellite | 2024-11-21 | N/A |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||||
CVE-2013-4182 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | ||||
CVE-2013-4180 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted to a symbol. | ||||
CVE-2013-2882 | 4 Debian, Google, Nodejs and 1 more | 6 Debian Linux, Chrome, Node.js and 3 more | 2024-11-21 | N/A |
Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | ||||
CVE-2013-2121 | 2 Redhat, Theforeman | 3 Openstack, Satellite, Foreman | 2024-11-21 | N/A |
Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary code via a controller name attribute. | ||||
CVE-2013-2101 | 2 Redhat, Theforeman | 2 Satellite, Katello | 2024-11-21 | 5.4 Medium |
Katello has multiple XSS issues in various entities | ||||
CVE-2013-2099 | 3 Canonical, Python, Redhat | 8 Ubuntu Linux, Python, Openstack and 5 more | 2024-11-21 | N/A |
Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python versions, allows remote attackers to cause a denial of service (CPU consumption) via multiple wildcard characters in the common name in a certificate. | ||||
CVE-2013-2056 | 1 Redhat | 2 Network Satellite, Satellite | 2024-11-21 | N/A |
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. | ||||
CVE-2013-1871 | 1 Redhat | 2 Network Satellite, Satellite | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | ||||
CVE-2013-1869 | 1 Redhat | 3 Network Satellite, Satellite, Spacewalk-java | 2024-11-21 | N/A |
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via the return_url parameter. | ||||
CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||
CVE-2012-6619 | 2 Mongodb, Redhat | 5 Mongodb, Enterprise Mrg, Openstack and 2 more | 2024-11-21 | N/A |
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read. | ||||
CVE-2012-6149 | 1 Redhat | 4 Network Satellite, Satellite, Satellite 5 Managed Db and 1 more | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call. | ||||
CVE-2012-5562 | 1 Redhat | 2 Network Proxy, Satellite | 2024-11-21 | 6.5 Medium |
rhn-proxy: may transmit credentials over clear-text when accessing RHN Satellite | ||||
CVE-2012-1145 | 1 Redhat | 3 Enterprise Linux, Network Satellite, Satellite | 2024-11-21 | N/A |
spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat Enterprise Linux 6 does not properly authorize or authenticate uploads to the NULL organization when mod_wsgi is used, which allows remote attackers to cause a denial of service (/var partition disk consumption and failed updates) via a large number of package uploads. | ||||
CVE-2012-0059 | 1 Redhat | 3 Network Proxy, Network Satellite, Satellite | 2024-11-21 | N/A |
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. | ||||
CVE-2011-4346 | 1 Redhat | 3 Enterprise Linux, Network Satellite, Satellite | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. | ||||
CVE-2010-2236 | 1 Redhat | 3 Network Proxy, Satellite, Spacewalk-java | 2024-11-21 | N/A |
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, related to backticks. |