CVE-2021-40348

all versions

Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configu

8.8HIGH

CVE-2020-1693

< 2.9

A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint.

8.6HIGH

CVE-2019-10137

<= 2.9

A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens.

8.1HIGH

CVE-2019-10136

<= 2.9

It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, bu

4.3MEDIUM

CVE-2017-7470

all versions

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an in

6.5MEDIUM

CVE-2018-1077

all versions

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the serv

7.5HIGH

CVE-2016-3079

all versions

Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to

6.1MEDIUM

CVE-2015-0284

all versions

Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated user

5.4MEDIUM

CVE-2014-7812

all versions

Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated

CVE-2014-7811

all versions

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote aut

CVE-2014-3654

all versions

Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.5 a

CVE-2014-3595

all versions

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satell

CVE-2010-2236

<= 2.1.147-1

The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0

CVE-2013-1869

<= 2.1.147-1

CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to

CVE-2013-4415

< 2.0.2

Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to

CVE-2012-6149

all versions

Multiple cross-site scripting (XSS) vulnerabilities in systems/sdc/notes.jsp in Spacewalk and Red Hat Network (RHN) Satellite 5.6

CVE-2011-3344

all versions

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Passwo

5.4MEDIUM

CVE-2011-2927

all versions

A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remot

5.4MEDIUM

CVE-2011-2920

all versions

A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacke

5.5MEDIUM

CVE-2011-2919

all versions

Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to

CVE-2011-1594

all versions

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to r

6.5MEDIUM

CVE-2009-4139

all versions

A flaw was found in Spacewalk Java site packages. This cross-site request forgery (CSRF) vulnerability allows a remote attacker to

6.8MEDIUM