Filtered by vendor Redhat
Subscriptions
Filtered by product Subscription Asset Manager
Subscriptions
Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-0130 | 3 Redhat, Rhel Sam, Rubyonrails | 6 Cloudforms Managementengine, Enterprise Linux Server, Rhel Software Collections and 3 more | 2024-12-19 | 7.5 High |
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | ||||
CVE-2015-7501 | 1 Redhat | 22 Data Grid, Enterprise Linux, Jboss A-mq and 19 more | 2024-11-21 | N/A |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2014-0183 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 6.1 Medium |
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | ||||
CVE-2014-0029 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
CVE-2014-0026 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 6.5 Medium |
katello-headpin is vulnerable to CSRF in REST API | ||||
CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | ||||
CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 6.5 Medium |
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | ||||
CVE-2013-6439 | 2 Redhat, Rhel Sam | 2 Subscription Asset Manager, 1.3 | 2024-11-21 | N/A |
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | ||||
CVE-2013-1823 | 2 Redhat, Rhel Sam | 2 Subscription Asset Manager, 1.2 | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
CVE-2012-6685 | 2 Nokogiri, Redhat | 9 Nokogiri, Cloudforms Management Engine, Cloudforms Managementengine and 6 more | 2024-11-21 | 7.5 High |
Nokogiri before 1.5.4 is vulnerable to XXE attacks | ||||
CVE-2012-6119 | 3 Candlepinproject, Redhat, Rhel Sam | 3 Candlepin, Subscription Asset Manager, 1.2 | 2024-11-21 | N/A |
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. |
Page 1 of 1.