EUVD-2013-1841

Malware in sbrugna...

EUVD-2014-0235

Malware in sbrugna...

EUVD-2022-24948

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-3585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. CVE-2021-35...

RHSA-2016:2592 Red Hat Security Advisory: subscription-manager security, bug fix, and enhancement update

Bulletin has no description...

subscription-manager: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)

Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

Default credentials

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

CVE-2022-1662

In CVE-2022-1662, the issue is that an Ansible playbook (ansible/run-convert2rhel.yml) for convert2rhel passes the Red Hat Subscription Manager password via the CLI, enabling unauthorized local users to view the password in the process list during execution. This affects convert2rhel when the ups...

CVE-2022-1662

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this...

Moderate: Red Hat Security Advisory: Satellite 6.11 Release

An update is now available for Red Hat Satellite 6.11 Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fixes: libsolv: Heap-based buff...

CVE-2022-1662

A flaw was found in convert2rhel, where an Ansible playbook named ansible/run-convert2rhel.yml passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This flaw allows unauthorized local users to view the password via the process list while convert2rhel is running...

CVE-2021-3585

A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager...

Design/Logic Flaw

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering...

subscription-manager: sensitive world readable files in /var/lib/rhsm/

It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosure. A local, unprivileged user could use this flaw to access sensitive data that could potentially be used in a social engineering attack...

Fedora 24 : 2:docker (2016-6ef52e1fc3)

Resolves: 1340519 - add TasksMax=infinity ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker...

Fedora 23 : 2:docker (2016-6a0d540088)

built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit f476348 ---- built docker @projectatomic/fedora-1.10.3 commit 4158ccc ---- Resolves: 1335649 - enable Red Hat subscription use in Docker containers on Fedora ---- built docker...

RHEL 6 : Subscription Asset Manager 1.4 (RHSA-2014:1863)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2014:1863 advisory. Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. Red Hat...