Vulnerabilities > Redhat > Subscription Asset Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
| 2020-01-02 | CVE-2014-0183 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.4.0 Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | 6.1 |
| 2019-12-11 | CVE-2014-0026 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 6.5 |
| 2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 6.5 |
| 2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 6.5 |
| 2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2014-05-07 | CVE-2014-0130 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | 7.5 |