CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8162 – Satellite5: RPC API XML External Entities file disclosure
https://notcve.org/view.php?id=CVE-2014-8162
11 May 2015 — XML external entity (XXE) in the RPC interface in Spacewalk and Red Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to read arbitrary files and possibly have other unspecified impact via unknown vectors. Vulnerabilidad de entidad externa XML (XXE) en la interfaz RPC en Spacewalk y Red Hat Network (RHN) Satellite 5.7 y anteriores permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a través de vectores desconocidos. It was found that the ... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2014-7811 – Spacewalk: multiple XSS
https://notcve.org/view.php?id=CVE-2014-7811
12 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. Múltiples vulnerabilidades de XSS en Spacewalk y Red Hat Network (RHN) Satellite anterior a 5.7.0 permiten a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de datos XML manipulados en la API REST. Red Hat Satellite provides a solution to org... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2013-4480 – Satellite: Interface to create the initial administrator user remains open after installation
https://notcve.org/view.php?id=CVE-2013-4480
12 Nov 2013 — Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. Red Hat Satellite 5.6 y anteriores versiones no deshabilita la interfaz web que es usada para crear el primer usuario para un satellite, lo que permite a atacantes remotos crear cuentas de administrador. Red Hat Network Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, moni... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00009.html • CWE-668: Exposure of Resource to Wrong Sphere CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5961 – RHN XSS flaw
https://notcve.org/view.php?id=CVE-2007-5961
23 May 2008 — Cross-site scripting (XSS) vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en la característica de búsqueda de canal en Red Hat Network, como las usadas en RHN y Red Hat Network Satelite anteriores a 5.0.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbit... • http://osvdb.org/45765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •