Filtered by vendor Rhel Sam
Subscriptions
Filtered by product 1.2
Subscriptions
Total
13 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1823 | 2 Redhat, Rhel Sam | 2 Subscription Asset Manager, 1.2 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
CVE-2013-0276 | 3 Redhat, Rhel Sam, Rubyonrails | 3 Openshift, 1.2, Rails | 2024-11-21 | N/A |
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request. | ||||
CVE-2013-0269 | 3 Redhat, Rhel Sam, Rubygems | 6 Fuse Esb Enterprise, Jboss Enterprise Soa Platform, Jboss Fuse and 3 more | 2024-11-21 | N/A |
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service (resource consumption) or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL injection attack against Ruby on Rails, aka "Unsafe Object Creation Vulnerability." | ||||
CVE-2013-0263 | 3 Rack Project, Redhat, Rhel Sam | 3 Rack, Openshift, 1.2 | 2024-11-21 | N/A |
Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that does not run in constant time. | ||||
CVE-2013-0256 | 5 Canonical, Cloudforms Cloudengine, Redhat and 2 more | 6 Ubuntu Linux, 1, Openshift and 3 more | 2024-11-21 | N/A |
darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | ||||
CVE-2013-0184 | 3 Cloudforms Cloudengine, Rack Project, Rhel Sam | 3 1, Rack, 1.2 | 2024-11-21 | N/A |
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." | ||||
CVE-2013-0183 | 3 Cloudforms Cloudengine, Rack Project, Rhel Sam | 3 1, Rack, 1.2 | 2024-11-21 | N/A |
multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. | ||||
CVE-2013-0162 | 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more | 4 1, Openshift, 1.2 and 1 more | 2024-11-21 | N/A |
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
CVE-2012-6119 | 3 Candlepinproject, Redhat, Rhel Sam | 3 Candlepin, Subscription Asset Manager, 1.2 | 2024-11-21 | N/A |
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | ||||
CVE-2012-6116 | 3 Cloudforms Systemengine, Katello, Rhel Sam | 4 1, Katello, Katello-configure and 1 more | 2024-11-21 | N/A |
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file. | ||||
CVE-2012-6109 | 3 Cloudforms Cloudengine, Rack Project, Rhel Sam | 3 1, Rack, 1.2 | 2024-11-21 | N/A |
lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. | ||||
CVE-2012-5603 | 3 Cloudforms Tools, Redhat, Rhel Sam | 3 1, Cloudforms, 1.2 | 2024-11-21 | N/A |
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | ||||
CVE-2012-5561 | 3 Cloudforms Systemengine, Katello, Rhel Sam | 3 1, Katello, 1.2 | 2024-11-21 | N/A |
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file. |
Page 1 of 1.