Vulnerabilities > Redhat > Subscription Asset Manager > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-19 | CVE-2012-6685 | XML Entity Expansion vulnerability in multiple products Nokogiri before 1.5.4 is vulnerable to XXE attacks | 7.5 |
| 2014-05-07 | CVE-2014-0130 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | 7.5 |