Vulnerabilities > Redhat > Subscription Asset Manager
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 5.0 |
2020-01-02 | CVE-2014-0183 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.4.0 Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | 4.3 |
2019-12-11 | CVE-2014-0026 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Subscription Asset Manager 1.0.0 katello-headpin is vulnerable to CSRF in REST API | 4.3 |
2019-11-05 | CVE-2013-6461 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | 4.3 |
2019-11-05 | CVE-2013-6460 | XML Entity Expansion vulnerability in multiple products Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | 4.3 |
2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 4.3 |
2013-04-02 | CVE-2012-6119 | Permissions, Privileges, and Access Controls vulnerability in multiple products Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | 2.1 |