Input Validation Bypass

🗓️ 02 May 2019 04:44:16Reported by Veracode Vulnerability DatabaseType

veracode

veracode🔗 sca.analysiscenter.veracode.com👁 43 Views

Red Hat Subscription Asset Manager Security Fixe

Reporter	Title	Published	Views	Family All 282
Amazon	Medium: ruby20	12 Aug 202000:00	–	amazon
Amazon	Important: ruby24	31 Aug 202000:00	–	amazon
Amazon	Medium: rubygem-json	31 Aug 202000:00	–	amazon
Amazon	Medium: ruby19, ruby21	31 Aug 202000:00	–	amazon
Amazon	Medium: ruby	24 May 202100:00	–	amazon
Amazon	Important: ruby	25 Sep 202300:00	–	amazon
FreeBSD	Ruby Activemodel Gem -- Circumvention of attr_protected	11 Feb 201300:00	–	freebsd
FreeBSD	Ruby -- Denial of Service and Unsafe Object Creation Vulnerability in JSON	11 Feb 201300:00	–	freebsd
FreeBSD	Ruby -- XSS exploit of RDoc documentation generated by rdoc	6 Feb 201300:00	–	freebsd
FreeBSD	Ruby Rack Gem -- Multiple Issues	8 Feb 201300:00	–	freebsd

Vulners

Node

rubygem-rack rubygem-rackMatch1.3.0_3.el6op

OR

rubygem-rack rubygem-rackMatch1.1.0_2.el6

OR

rubygem-rack rubygem-rackMatch1.3.0_3.el6cf

OR

rubygem-rack rubygem-rackMatch1.3.0_1.el6

OR

rubygem-rack rubygem-rackMatch1.3.0_2.el6

OR

rubygem-activemodel rubygem-activemodelMatch3.0.10_1.el6

OR

rubygem-rdoc rubygem-rdocMatch3.8_3.el6

OR

rubygem-rdoc rubygem-rdocMatch3.8_4.el6

OR

rubygem-actionpack rubygem-actionpackMatch3.0.10_11.el6cf

OR

rubygem-actionpack rubygem-actionpackMatch3.0.10_1.el6

OR

rubygem-actionpack rubygem-actionpackMatch3.0.10_10.el6cf

OR

rubygem-actionpack rubygem-actionpackMatch3.0.10_3.1.el6

OR

rubygem-rails_warden rubygem-rails_wardenMatch0.5.5_1.el6

OR

rubygem-delayed_job rubygem-delayed_jobMatch2.1.4_2.el6cf

OR

rubygem-delayed_job rubygem-delayed_jobMatch2.1.4_1.el6

OR

rubygem-json rubygem-jsonMatch1.4.6_10.el6

OR

rubygem-json rubygem-jsonMatch1.4.6_13.el6op

OR

rubygem-json rubygem-jsonMatch1.4.6_1.el6

OR

rubygem-json rubygem-jsonMatch1.4.6_4.el6

OR

candlepinproject candlepinMatch0.6.5_1.el6_2

OR

candlepinproject candlepinMatch0.5.26_1.el6

OR

candlepinproject candlepinMatch0.7.8.1_1.el6cf

OR

candlepinproject candlepinMatch0.7.19_3.el6cf

OR

candlepinproject candlepinMatch0.5.21_1.el6

OR

candlepinproject candlepinMatch0.7.23_1.el6_3

OR

thumbslug thumbslugMatch0.0.24_1.el6_2

OR

thumbslug thumbslugMatch0.0.28_1.el6_3

OR

thumbslug thumbslugMatch0.0.21_1.el6

OR

katello katello-configureMatch1.1.9_12.el6cf

OR

katello katello-configureMatch1.1.9_13.el6cf

OR

katello katello-configureMatch0.1.111_1.el6cf

OR

katello katello-configureMatch0.1.107_1.el6

OR

katello katello-configureMatch0.1.64_7.el6

OR

katello katello-configureMatch0.3.7_1.el6_2

OR

katello katelloMatch0.3.4_1.el6_2

OR

katello katelloMatch1.1.12_22.el6cf

OR

katello katelloMatch0.3.3_1.el6_2

OR

katello katelloMatch0.1.318_1.el6cf

OR

katello katelloMatch0.1.311_1.el6_2

OR

katello katelloMatch0.1.320_1.el6cf

OR

katello katelloMatch1.1.12.2_5.el6cf

OR

katello katelloMatch0.1.307_1.el6

OR

katello katelloMatch0.1.238_3.el6

Source	Link
secunia	www.secunia.com/advisories/52774
osvdb	www.osvdb.org/91719
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/security/updates/classification/
rhn	www.rhn.redhat.com/errata/RHSA-2013-0686.html
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
github	www.github.com/candlepin/candlepin/blob/master/candlepin.spec
github	www.github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c

19 Apr 2022 18:31Current

8High risk

Vulners AI Score8

CVSS 27.5

EPSS0.13911

red hat subscription asset manager security fixes software updates ca certificate rpm manifest signature html documentation timing attack json ruby on rails subscription asset manager ui selinux policies certificate validation