CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4480 – Satellite: Interface to create the initial administrator user remains open after installation
https://notcve.org/view.php?id=CVE-2013-4480
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-1513.html http://rhn.redhat.com/errata/RHSA-2013-1514.html https://access.redhat.com/site/articles/539283 https://bugzilla.redhat.com/show_bug.cgi?id=1024614 https://access.redhat.com/security/cve/CVE-2013-4480 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0059 – Spacewalk: RHN user password disclosure upon failed system registration
https://notcve.org/view.php?id=CVE-2012-0059
Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading (1) the server log and (2) an email. El backend de Spacewalk en Red Hat Network (RHN) Satellite y Proxy 5.4 incluye contraseñas de usuario en texto claro en un mensaje de error cuando la llamada XML-RPC del registro del sistema falla, permite a administradores remotos obtener la contraseña mediante la lectura de (1) las trazas del servidor y (2) un correo. • http://rhn.redhat.com/errata/RHSA-2012-0101.html http://rhn.redhat.com/errata/RHSA-2012-0102.html https://access.redhat.com/security/cve/CVE-2012-0059 https://bugzilla.redhat.com/show_bug.cgi?id=782819 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2919 – Spacewalk: XSS on SystemGroupList.do page
https://notcve.org/view.php?id=CVE-2011-2919
Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the QueryString to the SystemGroupList.do page. Vulnerabilidad de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web o HTML a través de QueryString hacia la página SystemGroupList.do. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=713478 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2919 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3344 – Satellite/Spacewalk: XSS on the Lost Password page
https://notcve.org/view.php?id=CVE-2011-3344
Cross-site scripting (XSS) vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI. Vulnerabilidad de XSS en el formulario de recuperación de usuario/contraseña en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permite a atacantes remotos inyectar script Web arbitrario o HTML a través de la URL. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=731647 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=890781d7ec983e32fe83af2f7c033d087292851f https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-3344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2920 – Satellite: XSS flaw(s) in filter handling
https://notcve.org/view.php?id=CVE-2011-2920
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms. Múltiples vulnerabilidades de XSS en Spacewalk 1.6, utilizado en Red Hat Network (RHN) Satellite, permiten a atacantes remotos inyectar script Web o HTML arbitrario a través del campo "Filter by Synopsis" y otros filtros de formularios no especificados. • http://www.redhat.com/support/errata/RHSA-2011-1299.html https://bugzilla.redhat.com/show_bug.cgi?id=681032 https://www.redhat.com/archives/spacewalk-announce-list/2011-December/msg00000.html https://access.redhat.com/security/cve/CVE-2011-2920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •