Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subscription asset manager vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2012-6685
Nokogiri prior to 1.5.4 is vulnerable to XXE attacks
Nokogiri Nokogiri
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Satellite 6.0
Redhat Openstack 6.0
Redhat Subscription Asset Manager -
Redhat Openshift 2.0
Redhat Openstack Foreman -
Redhat Enterprise Mrg 2.0
1 Article
383
VMScore
CVE-2014-0183
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.
Redhat Subscription Asset Manager 1.4.0
383
VMScore
CVE-2014-0026
katello-headpin is vulnerable to CSRF in REST API
Redhat Subscription Asset Manager 1.0.0
383
VMScore
CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
383
VMScore
CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
383
VMScore
CVE-2014-0029
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Redhat Subscription Asset Manager 1.0.0
187
VMScore
CVE-2012-6119
Candlepin prior to 0.7.24, as used in Red Hat Subscription Asset Manager prior to 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Redhat Subscription Asset Manager 1.1.0
Redhat Subscription Asset Manager 1.0.0
Candlepinproject Candlepin 0.4.11
Redhat Subscription Asset Manager
Candlepinproject Candlepin 0.6.3
Candlepinproject Candlepin
Candlepinproject Candlepin 0.4.27
Candlepinproject Candlepin 0.5.5
Candlepinproject Candlepin 0.4.5
445
VMScore
CVE-2013-0183
multipart/parser.rb in Rack 1.3.x prior to 1.3.8 and 1.4.x prior to 1.4.3 allows remote malicious users to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet.
Rack Project Rack 1.3.1
Rack Project Rack 1.3.7
Rack Project Rack 1.3.2
Rack Project Rack 1.3.5
Rack Project Rack 1.3.6
Rack Project Rack 1.3.0
Rack Project Rack 1.3.4
Rack Project Rack 1.3.3
Rack Project Rack 1.4.2
Rack Project Rack 1.4.0
Rack Project Rack 1.4.1
383
VMScore
CVE-2013-0184
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x prior to 1.1.5, 1.2.x prior to 1.2.7, 1.3.x prior to 1.3.9, and 1.4.x prior to 1.4.4 allows remote malicious users to cause a denial of service via unknown vectors related to "symbolized arbitrary strings...
Rack Project Rack 1.1.2
Rack Project Rack 1.1.0
Rack Project Rack 1.1.4
Rack Project Rack 1.1.3
Rack Project Rack 1.2.6
Rack Project Rack 1.2.3
Rack Project Rack 1.2.0
Rack Project Rack 1.2.1
Rack Project Rack 1.2.4
Rack Project Rack 1.2.2
Rack Project Rack 1.3.1
Rack Project Rack 1.3.7
Rack Project Rack 1.3.8
Rack Project Rack 1.3.2
Rack Project Rack 1.3.5
Rack Project Rack 1.3.6
Rack Project Rack 1.3.0
Rack Project Rack 1.3.4
Rack Project Rack 1.3.3
Rack Project Rack 1.4.2
Rack Project Rack 1.4.3
Rack Project Rack 1.4.0
187
VMScore
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello-configure
Katello Katello -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28995
CVE-2024-36680
CVE-2024-35537
unauthorized
CVE-2024-21518
CVE-2024-37673
cross-site scripting
SSRF
CVE-2024-6241
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »