CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0718 – Spacewalk: Prone to brute force password guessing attacks
https://notcve.org/view.php?id=CVE-2011-0718
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks. Red Hat Network (RHN) Satellite Server v5.4 no utiliza un intervalo de tiempo después de un intento de login fallido, lo que facilita a los atacantes remotos realizar ataques de contraseña por fuerza bruta. • http://secunia.com/advisories/43487 http://www.redhat.com/support/errata/RHSA-2011-0300.html http://www.securityfocus.com/bid/46528 http://www.securitytracker.com/id?1025116 http://www.vupen.com/english/advisories/2011/0491 https://bugzilla.redhat.com/show_bug.cgi?id=672159 https://exchange.xforce.ibmcloud.com/vulnerabilities/65657 https://access.redhat.com/security/cve/CVE-2011-0718 https://bugzilla.redhat.com/show_bug.cgi?id=672163 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5961 – RHN XSS flaw
https://notcve.org/view.php?id=CVE-2007-5961
Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en la característica de búsqueda de canal en Red Hat Network, como las usadas en RHN y Red Hat Network Satelite anteriores a 5.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores desconocidos. • http://osvdb.org/45765 http://www.redhat.com/support/errata/RHSA-2008-0261.html http://www.securitytracker.com/id?1020051 https://bugzilla.redhat.com/show_bug.cgi?id=396641 https://exchange.xforce.ibmcloud.com/vulnerabilities/42559 https://access.redhat.com/security/cve/CVE-2007-5961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •