259 matches found
CVE-2021-41415
Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...
CVE-2021-41415
Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...
Cross site scripting
Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...
CVE-2021-41415
Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...
CVE-2021-41415
CVE-2021-41415 affects Subscription-Manager v1.0, involving a cross-site scripting (XSS) flaw in the machineDetail parameter of /main.js. Multiple sources indicate the root cause is insufficient filtering/escaping in the parameter, enabling injected scripts. The CVE details in NVD/NVD-derived rec...
Subscription-Manager 跨站脚本漏洞
Subscription-Manager is a subscription management system by the individual developer of China's JiYouRan youranreus. A cross-site scripting vulnerability exists in Subscription-Manager v1.0, which stems from a lack of filtering and escaping of the machineDetail parameter in /main.js...
Information Disclosure
convert2rhel is vulnerable to information disclosure. The vulnerability exists when the library passes the red hat account password to the subscription manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via...
CVE-2022-1662
A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running...
ALBA-2022:2047 subscription-manager bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
subscription-manager bug fix and enhancement update
An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...
subscription-manager bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...
convert2rhel: Red Hat account password passed via command line by code
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
convert2rhel: Red Hat account password passed via command line by code
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...
CVE-2022-0851
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...
Convert2RHEL 信息泄露漏洞
Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from the application of the --activationkey option when used with convert2rhel, where the activation key is subsequent...
Red Hat Convert2RHEL 安全漏洞
Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. A security vulnerability exists in Red Hat Convert2RHEL that originates from passing a Red Hat account password to a subscription manager over the command line. A local, unauthoriz...
PT-2022-2389 · Red Hat · Convert2Rhel
Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to a flaw in convert2rhel, where it passes the Red Hat account password to subscription-manager via the command line. This could allow unauthorized users locally o...
Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727
Summary Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...
ALBA-2022:0897 subscription-manager bug fix and enhancement update
The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Bug Fixes and Enhancements: Subscription manager sends redundant requests to the server in SCA mode BZ2044349...
subscription-manager bug fix and enhancement update
An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...