Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
subscription asset manager vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-0029
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Redhat Subscription Asset Manager 1.0.0
383
VMScore
CVE-2013-0184
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x prior to 1.1.5, 1.2.x prior to 1.2.7, 1.3.x prior to 1.3.9, and 1.4.x prior to 1.4.4 allows remote malicious users to cause a denial of service via unknown vectors related to "symbolized arbitrary strings...
Rack Project Rack 1.1.2
Rack Project Rack 1.1.0
Rack Project Rack 1.1.4
Rack Project Rack 1.1.3
Rack Project Rack 1.2.6
Rack Project Rack 1.2.3
Rack Project Rack 1.2.0
Rack Project Rack 1.2.1
Rack Project Rack 1.2.4
Rack Project Rack 1.2.2
Rack Project Rack 1.3.1
Rack Project Rack 1.3.7
Rack Project Rack 1.3.8
Rack Project Rack 1.3.2
Rack Project Rack 1.3.5
Rack Project Rack 1.3.6
Rack Project Rack 1.3.0
Rack Project Rack 1.3.4
Rack Project Rack 1.3.3
Rack Project Rack 1.4.2
Rack Project Rack 1.4.3
Rack Project Rack 1.4.0
383
VMScore
CVE-2013-0256
darkfish.js in RDoc 2.3.0 up to and including 3.12 and 4.x prior to 4.0.0.preview2.1, as used in Ruby, does not properly generate documents, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted URL.
Ruby-lang Ruby 2.0.0
Ruby-lang Ruby 1.9.3
Ruby-lang Ruby 2.0
Ruby-lang Ruby 1.9.2
Ruby-lang Ruby 1.9.1
Ruby-lang Ruby 1.9
Ruby-lang Rdoc
Ruby-lang Rdoc 4.0.0
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
383
VMScore
CVE-2012-6109
lib/rack/multipart.rb in Rack prior to 1.1.4, 1.2.x prior to 1.2.6, 1.3.x prior to 1.3.7, and 1.4.x prior to 1.4.2 uses an incorrect regular expression, which allows remote malicious users to cause a denial of service (infinite loop) via a crafted Content-Disposion header.
Rack Project Rack 0.4
Rack Project Rack 1.1.2
Rack Project Rack 0.2
Rack Project Rack 0.1
Rack Project Rack 1.1.0
Rack Project Rack 0.9
Rack Project Rack 1.0.1
Rack Project Rack
Rack Project Rack 0.3
Rack Project Rack 0.9.1
Rack Project Rack 1.0.0
Rack Project Rack 1.2.3
Rack Project Rack 1.2.0
Rack Project Rack 1.2.1
Rack Project Rack 1.2.4
Rack Project Rack 1.2.2
Rack Project Rack 1.3.1
Rack Project Rack 1.3.2
Rack Project Rack 1.3.5
Rack Project Rack 1.3.6
Rack Project Rack 1.3.0
Rack Project Rack 1.3.4
187
VMScore
CVE-2012-6119
Candlepin prior to 0.7.24, as used in Red Hat Subscription Asset Manager prior to 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
Redhat Subscription Asset Manager 1.1.0
Redhat Subscription Asset Manager 1.0.0
Candlepinproject Candlepin 0.4.11
Redhat Subscription Asset Manager
Candlepinproject Candlepin 0.6.3
Candlepinproject Candlepin
Candlepinproject Candlepin 0.4.27
Candlepinproject Candlepin 0.5.5
Candlepinproject Candlepin 0.4.5
187
VMScore
CVE-2013-0162
The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser gem 3.1.1 and previous versions for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp.
Ryan Davis Ruby Parser 2.2.0
Ryan Davis Ruby Parser 3.0.0.a6
Ryan Davis Ruby Parser 3.0.4
Ryan Davis Ruby Parser 3.0.0.a7
Ryan Davis Ruby Parser 3.0.1
Ryan Davis Ruby Parser 3.0.0
Ryan Davis Ruby Parser 3.0.0.a8
Ryan Davis Ruby Parser 3.0.0.a2
Ryan Davis Ruby Parser 2.0.1
Ryan Davis Ruby Parser 2.3.1
Ryan Davis Ruby Parser 3.0.0.a5
Ryan Davis Ruby Parser 3.0.0.a3
Ryan Davis Ruby Parser 2.0.3
Ryan Davis Ruby Parser 3.0.3
Ryan Davis Ruby Parser 2.0.6
Ryan Davis Ruby Parser 1.0.0
Ryan Davis Ruby Parser 3.0.2
Ryan Davis Ruby Parser 3.0.0.a9
Ryan Davis Ruby Parser 2.3.0
Ryan Davis Ruby Parser 3.0.0.a10
Ryan Davis Ruby Parser
Ryan Davis Ruby Parser 2.0.0
187
VMScore
CVE-2012-6116
modules/certs/manifests/config.pp in katello-configure prior to 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
Katello Katello-configure
Katello Katello -
187
VMScore
CVE-2012-5561
script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.
Katello Katello 1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
client side
CVE-2021-47601
deserialization
CVE-2024-34994
encryption
CVE-2021-47609
CVE-2024-37079
CVE-2024-38608
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2