NotCVE - vendor:"Redhat" product:"Satellite" version:"

Page 37 of 209 results (0.008 seconds)

CVSS: 10.0EPSS: 67%CPEs: 81EXPL: 0

CVE-2016-3427 – Oracle Java SE and JRockit Unspecified Vulnerability

https://notcve.org/view.php?id=CVE-2016-3427

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX. Vulnerabilidad no especificada en Oracle Java SE 6u113, 7u99 y 8u77; Java SE Embedded 8u77; y JRockit R28.3.9 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con JMX. It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). • http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2016-05 • CWE-284: Improper Access Control •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-0284 – Satellite: stored XSS in user details fields (incomplete fix for CVE-2014-7811)

https://notcve.org/view.php?id=CVE-2015-0284

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the XMLRPC API, involving user details. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7811. Vulnerabilidad de XSS en spacewalk-java en Spacewalk y Red Hat Satellite 5.7 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de datos XML manipulados en la API XMLRPC, involucrando detalles de usuario. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-7811. A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. • http://rhn.redhat.com/errata/RHSA-2016-0590.html https://bugzilla.redhat.com/show_bug.cgi?id=1181152 https://bugzilla.redhat.com/show_bug.cgi?id=1181472 https://bugzilla.redhat.com/show_bug.cgi?id=1314906 https://bugzilla.redhat.com/show_bug.cgi?id=1315398 https://github.com/spacewalkproject/spacewalk/commit/dd418384171473c3e31386a1b4792f8c555dc744 https://github.com/spacewalkproject/spacewalk/commit/f3792c79c1c251a49cc4e382be8591636326a794 https://access.redhat.com/security/cve/CVE-2015-0284 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2103 – 5: multiple stored XSS vulnerabilities

https://notcve.org/view.php?id=CVE-2016-2103

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/PhysicalList.do or (2) unspecified vectors involving systems/VirtualSystemsList.do. Múltiples vulnerabilidades de XSS en Red Hat Satellite 5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) el parámetro list_1680466951_oldfilterval en systems/PhysicalList.do o (2) vectores no especificados que involucran a systems/VirtualSystemsList.do. Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users. • http://rhn.redhat.com/errata/RHSA-2016-0590.html https://bugzilla.redhat.com/show_bug.cgi?id=1305681 https://access.redhat.com/security/cve/CVE-2016-2103 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-2104 – 5: stored and reflected XSS vulnerabilities

https://notcve.org/view.php?id=CVE-2016-2104

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. Varias vulnerabilidades de XSS en Red Hat Satellite 5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) el parámetro label a admin/BunchDetail.do; (2) el package_name, (3) search_subscribed_channels o (4) el parámetro channel_filter a software/packages/NameOverview.do; O vectores no especificados relacionados con (5) o (6) tags. Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users. • http://rhn.redhat.com/errata/RHSA-2016-0590.html https://bugzilla.redhat.com/show_bug.cgi?id=1305677 https://bugzilla.redhat.com/show_bug.cgi?id=1313515 https://access.redhat.com/security/cve/CVE-2016-2104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-3079 – spacewalk-java: Multiple XSS issues in WebUI

https://notcve.org/view.php?id=CVE-2016-3079

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems/SystemEntitlements.do; (2) the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a (3) snapshot tag or (4) system group in System Set Manager (SSM). Múltiples vulnerabilidades de XSS en la Web UI en Spacewalk y Red Hat Satellite 5.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) PATH_INFO en systems/SystemEntitlements.do; (2) el parámetro label en admin/multiorg/EntitlementDetails.do; o el nombre de (3) una etiqueta snapshot o (4) un grupo de sistema en System Set Manager (SSM). Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users. • http://rhn.redhat.com/errata/RHSA-2016-0590.html https://bugzilla.redhat.com/show_bug.cgi?id=1320444 https://bugzilla.redhat.com/show_bug.cgi?id=1320452 https://bugzilla.redhat.com/show_bug.cgi?id=1320940 https://github.com/spacewalkproject/spacewalk/commit/7920542f https://github.com/spacewalkproject/spacewalk/commit/7b9ff9ad https://github.com/spacewalkproject/spacewalk/commit/982b11c9 https://github.com/spacewalkproject/spacewalk/commit/b6491eba https://access.redhat.com/security/cve/CVE-2016&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...35 36 37 38 39