Every CVE whose affected-product data names Redhat Spacewalk, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2020-1693 — CVSS 8.6 (high): A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An…
CVE-2019-10137 — CVSS 8.1 (high): A path traversal flaw was found in spacewalk-proxy, all versions through 2.9, in the way the proxy processes cached client tokens. A…
CVE-2018-1077 — CVSS 7.5 (high): Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server.
CVE-2011-1594 — CVSS 6.5 (medium): A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect…
CVE-2017-7470 — CVSS 6.5 (medium): It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect…
CVE-2011-2920 — CVSS 5.5 (medium): A flaw was found in Spacewalk and Red Hat Network Satellite. This cross-site scripting (XSS) vulnerability allows a remote attacker to…
CVE-2011-2927 — CVSS 5.4 (medium): A flaw was found in Spacewalk and Red Hat Network Satellite. This vulnerability, known as cross-site scripting (XSS), allows remote…
CVE-2011-3344 — CVSS 5.4 (medium): A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting (XSS) vulnerability in the Lookup Login/Password form…
CVE-2019-10136 — CVSS 4.3 (medium): It was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but…
CVE-2011-2919 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to inject…
CVE-2014-7811 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote…
CVE-2014-7812 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to…