CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 1CVE-2012-6149 – (spacewalk-java): XSS in system.addNote XML-RPC call due improper sanitization of note's subject and content
https://notcve.org/view.php?id=CVE-2012-6149
Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) content values of a note in a system.addNote XML-RPC call. Múltiples vulnerabilidades de XSS en systems/sdc/notes.jsp en Spacewalk y Red Hat Network (RHN) Satellite 5.6 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de los valores de (1) asunto o (2) contenido de una nota en una llamada XML-RPC a system.addNote. • http://rhn.redhat.com/errata/RHSA-2014-0148.html http://secunia.com/advisories/56952 https://bugzilla.redhat.com/show_bug.cgi?id=882000 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=1d0f4b4a78ea03d9f2d05fbd52236b1f2ab68e85 https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html https://access.redhat.com/security/cve/CVE-2012-6149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2013-4415 – Spacewalk: PAGE_SIZE_LABEL_SELECTED cross-site scripting (XSS)
https://notcve.org/view.php?id=CVE-2013-4415
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variable in a software channels search; (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_hour, (17) start_minute, (18) start_month, (19) start_year, or (20) whereToSearch variable in an scap audit results search; (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_hour, (33) start_minute, (34) start_month, (35) start_year, or (36) view_mode variable in an errata search; or (37) fineGrained variable in a systems search, related to PAGE_SIZE_LABEL_SELECTED. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en Spacewalk y Red Hat Network (RHN) Satellite versión 5.6, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio de la (1) variable whereCriteria en un software búsqueda de canales; la variable (2) end_year, (3) start_hour, (4) end_am_pm, (5) end_day, (6) end_hour, (7) end_minute, (8) end_month, (9) end_year, (10) optionScanDateSearch, (11) result_filter, (12) search_string, (13) show_as, (14) start_am_pm, (15) start_day, (16) start_day, (17) start_minute, (18) start_month, (19) start_year o (20) whereToSearch en una búsqueda de resultados de auditoría scap; la variable (21) end_minute, (22) end_month, (23) end_year, (24) errata_type_bug, (25) errata_type_enhancement, (26) errata_type_security, (27) fineGrained, (28) list_1892635924_sortdir, (29) optionIssueDateSearch, (30) start_am_pm, (31) start_day, (32) start_ hour, (33) start_minute, (34) start_month, (35) start_year o (36) view_mode en una búsqueda de erratas; o (37) variable fineGrained en una búsqueda de sistemas, relacionada con PAGE_SIZE_LABEL_SELECTED. • http://rhn.redhat.com/errata/RHSA-2014-0148.html http://secunia.com/advisories/56952 https://bugzilla.redhat.com/show_bug.cgi?id=979452 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html https://access.redhat.com/security/cve/CVE-2013-4415 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2013-1871 – Satellite/Spacewalk: XSS in EditAddress page
https://notcve.org/view.php?id=CVE-2013-1871
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de XSS en account/EditAddress.do en Spacewalk y Red Hat Network (RHN) Satellite 5.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a través del parámetro type. • http://osvdb.org/103211 http://rhn.redhat.com/errata/RHSA-2014-0148.html http://secunia.com/advisories/56952 https://bugzilla.redhat.com/show_bug.cgi?id=923467 https://git.fedorahosted.org/cgit/spacewalk.git/commit/?id=18c70164285cae0660fa3ac55c6656bb19b3b13f https://www.suse.com/support/update/announcement/2014/suse-su-20140222-1.html https://access.redhat.com/security/cve/CVE-2013-1871 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4480 – Satellite: Interface to create the initial administrator user remains open after installation
https://notcve.org/view.php?id=CVE-2013-4480
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html http://rhn.redhat.com/errata/RHSA-2013-1513.html http://rhn.redhat.com/errata/RHSA-2013-1514.html https://access.redhat.com/site/articles/539283 https://bugzilla.redhat.com/show_bug.cgi?id=1024614 https://access.redhat.com/security/cve/CVE-2013-4480 • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2056 – Satellite: Inter-Satellite Sync (ISS) does not require authentication/authorization
https://notcve.org/view.php?id=CVE-2013-2056
The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by skipping the initial authentication call. La operación Inter-Satellite Sync (ISS) en Red Hat Network (RHN) Satellite 5.3, 5.4, y 5.5 no valida adecuadamente la "autenticidad" del cliente, lo que permite a atacantes remotos obtener el contenido de un canal evitando la llamada inicial para la autenticación. • http://rhn.redhat.com/errata/RHSA-2013-0848.html http://secunia.com/advisories/53487 http://www.osvdb.org/93566 https://access.redhat.com/security/cve/CVE-2013-2056 https://bugzilla.redhat.com/show_bug.cgi?id=959524 • CWE-287: Improper Authentication •