Lucene search
K

259 matches found

ATTACKERKB
ATTACKERKB
added 2022/06/15 8:15 p.m.2 views

CVE-2021-41415

Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...

6.1CVSS6.2AI score0.00581EPSS
Exploits1References2
OSV
OSV
added 2022/06/15 8:15 p.m.12 views

CVE-2021-41415

Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...

6.1CVSS5.7AI score
Exploits0References1
Prion
Prion
added 2022/06/15 8:15 p.m.11 views

Cross site scripting

Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...

4.3CVSS6AI score0.00581EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/15 8:0 p.m.18 views

CVE-2021-41415

Subscription-Manager v1.0 /main.js has a cross-site scripting XSS vulnerability in the machineDetail parameter...

6.1AI score0.00581EPSS
Exploits1References1
CVE
CVE
added 2022/06/15 8:0 p.m.65 views

CVE-2021-41415

CVE-2021-41415 affects Subscription-Manager v1.0, involving a cross-site scripting (XSS) flaw in the machineDetail parameter of /main.js. Multiple sources indicate the root cause is insufficient filtering/escaping in the parameter, enabling injected scripts. The CVE details in NVD/NVD-derived rec...

6.1CVSS5.9AI score0.00581EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/06/15 12:0 a.m.3 views

Subscription-Manager 跨站脚本漏洞

Subscription-Manager is a subscription management system by the individual developer of China's JiYouRan youranreus. A cross-site scripting vulnerability exists in Subscription-Manager v1.0, which stems from a lack of filtering and escaping of the machineDetail parameter in /main.js...

6.1CVSS5.9AI score0.00581EPSS
Exploits1References2
Veracode
Veracode
added 2022/06/02 12:42 a.m.18 views

Information Disclosure

convert2rhel is vulnerable to information disclosure. The vulnerability exists when the library passes the red hat account password to the subscription manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via...

5.5CVSS5.4AI score0.00355EPSS
Exploits1References11Affected Software1
RedhatCVE
RedhatCVE
added 2022/05/10 8:0 p.m.66 views

CVE-2022-1662

A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running...

5.9CVSS2.9AI score0.0021EPSS
Exploits0References3
OSV
OSV
added 2022/05/10 6:48 a.m.12 views

ALBA-2022:2047 subscription-manager bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

6.8AI score
Exploits0References1
Rockylinux
Rockylinux
added 2022/05/10 6:48 a.m.11 views

subscription-manager bug fix and enhancement update

An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Roc...

2AI score
Exploits0
AlmaLinux
AlmaLinux
added 2022/05/10 6:48 a.m.15 views

subscription-manager bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

1.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/04/27 7:24 a.m.5 views

convert2rhel: Red Hat account password passed via command line by code

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

5.5CVSS5.8AI score0.00355EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/04/27 6:30 a.m.4 views

convert2rhel: Red Hat account password passed via command line by code

There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the...

5.5CVSS5.8AI score0.00355EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2022/04/26 4:34 p.m.43 views

CVE-2022-0851

There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line v...

5.5CVSS1.7AI score0.00303EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.4 views

Convert2RHEL 信息泄露漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. Convert2RHEL suffers from a security vulnerability that stems from the application of the --activationkey option when used with convert2rhel, where the activation key is subsequent...

5.5CVSS5.7AI score0.00303EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/04/26 12:0 a.m.6 views

Red Hat Convert2RHEL 安全漏洞

Convert2RHEL is a tool. Automatically convert Oracle/CentOS/Scientific/Rocky/Alma Linux to Red Hat Enterprise Linux. A security vulnerability exists in Red Hat Convert2RHEL that originates from passing a Red Hat account password to a subscription manager over the command line. A local, unauthoriz...

5.5CVSS5.7AI score0.00355EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2022/04/16 12:0 a.m.5 views

PT-2022-2389 · Red Hat · Convert2Rhel

Name of the Vulnerable Software and Affected Versions: convert2rhel affected versions not specified Description: The issue is related to a flaw in convert2rhel, where it passes the Red Hat account password to subscription-manager via the command line. This could allow unauthorized users locally o...

5.5CVSS5.3AI score0.00355EPSS
Exploits1References15
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/21 11:7 p.m.57 views

Security Bulletin: IBM InfoSphere Information Server may be vulnerable to various cross-site injection attacks CVE-2019-4727

Summary Potential cross-site injection vulnerabilities were addressed in IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2019-4727 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

0.8AI score
Exploits0Affected Software1
OSV
OSV
added 2022/03/15 9:12 a.m.13 views

ALBA-2022:0897 subscription-manager bug fix and enhancement update

The subscription-manager packages provide programs and libraries to allow users to manage subscriptions and yum repositories from the AlmaLinux entitlement platform. Bug Fixes and Enhancements: Subscription manager sends redundant requests to the server in SCA mode BZ2044349...

7.1AI score
Exploits0
Rockylinux
Rockylinux
added 2022/03/15 9:12 a.m.16 views

subscription-manager bug fix and enhancement update

An update is available for subscription-manager. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The subscription-manager packages provide programs and libraries...

1AI score
Exploits0
Rows per page
Query Builder