Lucene search
K
RedhatSubscription Asset Manager

11 matches found

CVE
CVE
added 2014/05/07 10:0 a.m.1092 views

CVE-2014-0130

CVE-2014-0130 describes a directory traversal in Ruby on Rails’ Action Pack (implicit_render path) affecting Rails 3.2.x before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1. A crafted request using wildcard route globbing can cause the application to read arbitrary local files via actionpac...

7.5CVSS6.3AI score0.53703EPSS
In wildWeb
CVE
CVE
added 2017/11/09 12:0 a.m.357 views

CVE-2015-7501

CVE-2015-7501 involves a deserialization flaw in Apache Commons Collections that affects Red Hat JBoss Middleware stack (A-MQ 6.x; BPMS 6.x; BRMS 5.x/6.x; JDG 6.x/5.x; JDV 6.x/5.x; AEP 6.x; Fuse 6.x; FSW 6.x; JBoss ON 3.x; Portal 6.x; SOA-P 5.x; JWS 3.x; OpenShift/xPaaS 3.x; Subscription Asset Ma...

10CVSS9.7AI score0.83274EPSS
CVE
CVE
added 2020/02/19 2:41 p.m.214 views

CVE-2012-6685

Nokogiri prior to 1.5.4 is vulnerable to XML External Entity (XXE) attacks. The issue arises in the XML parsing path (XXE) and is documented under CVE-2012-6685. Exploitation details are not provided beyond the XXE description. Affected software: Nokogiri (Ruby library). Root cause: XXE in XML pr...

7.5CVSS7.3AI score0.02168EPSS
CVE
CVE
added 2020/01/02 7:20 p.m.85 views

CVE-2014-0183

CVE-2014-0183 affects Katello as shipped with Red Hat Subscription Asset Manager 1.4, vulnerable to cross-site scripting via HTML in the system name during registration. Root cause: HTML in system name not properly sanitized. Impact: potential XSS through the registration flow. Exploitation detai...

6.1CVSS5.9AI score0.00662EPSS
CVE
CVE
added 2019/11/05 2:2 p.m.71 views

CVE-2013-6460

CVE-2013-6460 affects the Nokogiri gem (version 1.5.x) and is described in connected documents as a Denial of Service via an infinite loop when parsing XML documents. The available sources consistently state a DoS impact but do not provide concrete exploitation details or patch/version remediatio...

6.5CVSS6.4AI score0.02083EPSS
CVE
CVE
added 2013/04/02 10:0 p.m.66 views

CVE-2012-6119

CVE-2012-6119 concerns Candlepin before 0.7.24 used in Red Hat Subscription Asset Manager before 1.2.1, where manifest signatures were not properly checked, allowing local users to modify manifests. The related VERACODE entries confirm this and tie remediation to the Red Hat 1.2.1 update (RHSA-20...

2.1CVSS6.3AI score0.00423EPSS
CVE
CVE
added 2013/04/02 10:0 p.m.64 views

CVE-2013-1823

Affected software: Red Hat Subscription Asset Manager prior to version 1.2.1. Vulnerability: Cross-site scripting (XSS) in the Notifications form, where HTML in the username field could be injected. The root cause is improper escaping of HTML markup in the username input. Impact: Remote attackers...

4.3CVSS5.8AI score0.01903EPSS
CVE
CVE
added 2013/12/23 10:0 p.m.64 views

CVE-2013-6439

CVE-2013-6439 affects Red Hat Subscription Asset Manager Candlepin 1.0–1.3, which uses a weak authentication scheme when the configuration file does not specify a scheme. Public sources reiterate an authentication-bypass risk. Remediation involves applying the updated candlepin packages from RHSA...

9.3CVSS6.9AI score0.01571EPSS
CVE
CVE
added 2019/11/05 2:7 p.m.62 views

CVE-2013-6461

Nokogiri gem versions 1.5.x and 1.6.x are affected by a DoS vulnerability when parsing XML entities due to failing to apply limits. The issue is described across multiple connected sources (SUSE, Ubuntu, Debian security trackers, RubyGems advisories, and NVD). The CVE entry itself lists DoS as th...

6.5CVSS6.4AI score0.02194EPSS
CVE
CVE
added 2019/12/11 2:7 p.m.52 views

CVE-2014-0026

CVE-2014-0026 applies to katello-headpin and is due to a CSRF vulnerability in the REST API. The issue is listed with CVSS vectors (2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N; 3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) indicating network access, no confidentiality impact, partial integrity impact, a...

6.5CVSS6.4AI score0.00432EPSS
CVE
CVE
added 2017/10/16 1:0 p.m.47 views

CVE-2014-0029

CVE-2014-0029 affects the SAM web application in Red Hat katello-headpin (the systems management engine). The connected documents describe multiple cross-site scripting (XSS) vulnerabilities in the SAM web app, allowing remote attackers to inject arbitrary web script or HTML via unspecified param...

6.1CVSS6AI score0.00754EPSS