11 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. Las versiones de Katello que se incluyen con Red Hat Subscription Asset Manager versión 1.4, son vulnerables a un ataque de tipo XSS por medio de HTML en el nombre systems durante el registro. • https://access.redhat.com/security/cve/cve-2014-0183 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

katello-headpin is vulnerable to CSRF in REST API katello-headpin es vulnerable a un ataque de tipo CSRF en la API REST. • https://access.redhat.com/security/cve/cve-2014-0026 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el análisis de entidades XML al fallar para aplicar límites. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6461 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 https://security-tracker.debian.org/tracker/CVE-2013-6461 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents La gema Nokogiri versiones 1.5.x, tiene una Denegación de Servicio por medio de un bucle infinito cuando se analizan documentos XML. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6460 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 https://security-tracker.debian.org/tracker/CVE-2013-6460 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en la aplicación web SAM en Red Hat katello-headpin permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante parámetros sin especificar. • https://bugzilla.redhat.com/show_bug.cgi?id=1059433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •