Spacewalk

spacewalk

Vendor: Redhat • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1693 1Redhat 1Spacewalk Nov 21, 2024 Feb 17, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain...Show more A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbitrary code on the Spacewalk server.Show less
CVE-2019-10137 1Redhat 2Satellite Spacewalk Nov 21, 2024 Jul 2, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary...Show more A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A remote, unauthenticated attacker could use this flaw to test the existence of arbitrary files, if they have access to the proxy's filesystem, or can execute arbitrary code in the context of the httpd process.Show less
CVE-2019-10136 1Redhat 2Satellite Spacewalk Nov 21, 2024 Jul 2, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extend...Show more It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum.Show less
CVE-2017-7470 1Redhat 2Satellite Spacewalk Nov 21, 2024 Jul 27, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py.
CVE-2018-1077 1Redhat 2Satellite Spacewalk Nov 21, 2024 Mar 14, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
CVE-2014-7812 2Redhat Suse 3Manager SatelliteSpacewalk May 6, 2026 Jan 15, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2014-7811 2Redhat Suse 3Manager Network SatelliteSpacewalk May 6, 2026 Jan 15, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST A...Show more Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.Show less
CVE-2011-3344 1Redhat 2Network Satellite Spacewalk Apr 29, 2026 Feb 5, 2014 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to informatio...Show more A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session.Show less
CVE-2011-2927 1Redhat 2Network Satellite Spacewalk Apr 29, 2026 Feb 5, 2014 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users....Show more A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote attackers to inject malicious web scripts or HTML into web pages viewed by other users. The flaw is triggered through vectors related to Search forms, enabling attackers to potentially steal sensitive information or perform actions on behalf of the victim.Show less
CVE-2011-2920 1Redhat 2Network Satellite Spacewalk Apr 29, 2026 Feb 5, 2014 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such...Show more A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to inject arbitrary web script or HTML into web pages through various input fields, such as the "Filter by Synopsis" field. This could lead to the execution of malicious code in a user's web browser, potentially compromising user sessions or disclosing sensitive information.Show less
CVE-2011-2919 1Redhat 2Network Satellite Spacewalk Apr 29, 2026 Feb 5, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page.
CVE-2011-1594 1Redhat 2Network Satellite Spacewalk Apr 29, 2026 Feb 5, 2014 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. Th...Show more A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft.Show less