Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Subscription_asset_manager
(Redhat)| Repositories | https://github.com/candlepin/candlepin |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2014-05-07 | CVE-2014-0130 | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | Enterprise_linux_server, Subscription_asset_manager, Rails | 7.5 | ||
| 2017-11-09 | CVE-2015-7501 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache... | Data_grid, Jboss_a\-Mq, Jboss_bpm_suite, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_server, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_portal, Openshift, Subscription_asset_manager, Xpaas | 9.8 | ||
| 2013-04-02 | CVE-2013-1823 | Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. | Subscription_asset_manager | N/A | ||
| 2013-12-23 | CVE-2013-6439 | Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | Subscription_asset_manager | N/A | ||
| 2019-11-05 | CVE-2013-6460 | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | 6.5 | ||
| 2019-11-05 | CVE-2013-6461 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | Debian_linux, Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openstack, Satellite, Subscription_asset_manager | N/A | ||
| 2020-02-19 | CVE-2012-6685 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | Nokogiri, Cloudforms_management_engine, Enterprise_mrg, Openshift, Openstack, Openstack_foreman, Satellite, Subscription_asset_manager | N/A | ||
| 2020-01-02 | CVE-2014-0183 | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | Subscription_asset_manager | N/A | ||
| 2019-12-11 | CVE-2014-0026 | katello-headpin is vulnerable to CSRF in REST API | Subscription_asset_manager | N/A | ||
| 2017-10-16 | CVE-2014-0029 | Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | Subscription_asset_manager | 6.1 |