Subscription Asset Manager@* Security Vulnerabilities and Issues — Subscription Asset Manager@* CVE List

Lucene search

RedhatSubscription Asset Manager*

3 matches found

CVE•added 2014/05/07 10:55 a.m.•1027 views

CVE-2014-0130

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files v...

7.5CVSS6.3AI score0.43668EPSS

CVE•added 2013/04/02 10:55 p.m.•47 views

CVE-2013-1823

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

4.3CVSS5.8AI score0.00277EPSS

CVE•added 2013/04/02 10:55 p.m.•45 views

CVE-2012-6119

Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.

2.1CVSS6.3AI score0.00054EPSS