Vulnerabilities > Redhat > Spacewalk
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-1693 | XXE vulnerability in Redhat Spacewalk 1.6/2.6/2.9 A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. | 9.8 |
| 2019-07-02 | CVE-2019-10137 | Path Traversal vulnerability in Redhat Satellite and Spacewalk A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. | 9.8 |
| 2019-07-02 | CVE-2019-10136 | Improper Verification of Cryptographic Signature vulnerability in Redhat Satellite and Spacewalk It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. | 4.3 |
| 2018-07-27 | CVE-2017-7470 | Incorrect Authorization vulnerability in Redhat Satellite and Spacewalk It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py. | 9.8 |
| 2018-03-14 | CVE-2018-1077 | XXE vulnerability in Redhat Satellite and Spacewalk Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. | 5.0 |
| 2014-02-05 | CVE-2011-1594 | Improper Input Validation vulnerability in Redhat Network Satellite and Spacewalk Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. | 5.8 |