CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0183
https://notcve.org/view.php?id=CVE-2014-0183
02 Jan 2020 — Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. Las versiones de Katello que se incluyen con Red Hat Subscription Asset Manager versión 1.4, son vulnerables a un ataque de tipo XSS por medio de HTML en el nombre systems durante el registro. • https://access.redhat.com/security/cve/cve-2014-0183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0026
https://notcve.org/view.php?id=CVE-2014-0026
11 Dec 2019 — katello-headpin is vulnerable to CSRF in REST API katello-headpin es vulnerable a un ataque de tipo CSRF en la API REST. • https://access.redhat.com/security/cve/cve-2014-0026 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 1CVE-2013-6461
https://notcve.org/view.php?id=CVE-2013-6461
05 Nov 2019 — Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el análisis de entidades XML al fallar para aplicar límites. • http://www.openwall.com/lists/oss-security/2013/12/27/2 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 2%CPEs: 11EXPL: 1CVE-2013-6460
https://notcve.org/view.php?id=CVE-2013-6460
05 Nov 2019 — Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents La gema Nokogiri versiones 1.5.x, tiene una Denegación de Servicio por medio de un bucle infinito cuando se analizan documentos XML. • http://www.openwall.com/lists/oss-security/2013/12/27/2 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0029
https://notcve.org/view.php?id=CVE-2014-0029
16 Oct 2017 — Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en la aplicación web SAM en Red Hat katello-headpin permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante parámetros sin especificar. • https://bugzilla.redhat.com/show_bug.cgi?id=1059433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 72%CPEs: 19EXPL: 1CVE-2015-7501 – apache-commons-collections: InvokerTransformer code execution during deserialisation
https://notcve.org/view.php?id=CVE-2015-7501
20 Nov 2015 — Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collect... • https://github.com/ianxtianxt/CVE-2015-7501 • CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2012-6685 – rubygem-nokogiri: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2012-6685
13 Aug 2015 — Nokogiri before 1.5.4 is vulnerable to XXE attacks Nokogiri versiones anteriores a 1.5.4, es vulnerable a ataques de tipo XXE. OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more. • https://bugzilla.redhat.com/show_bug.cgi?id=1178970 • CWE-611: Improper Restriction of XML External Entity Reference CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 7.5EPSS: 20%CPEs: 39EXPL: 1CVE-2014-0130 – Ruby on Rails Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2014-0130
07 May 2014 — Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. Vulnerabilidad de salto de directorio en actionpack/lib/abstract_controller/base.rb en la implementación implicit-render en Ruby on Rails anterior a 3.2.18, 4.0.x anterior a 4.0.5 y 4.1.x ant... • https://github.com/omarkurt/cve-2014-0130 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-6439 – candlepin: insecure authentication enabled by default
https://notcve.org/view.php?id=CVE-2013-6439
22 Dec 2013 — Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. Candlepin en Red Hat Subscription Asset Manager v1.0 hasta v1.3 utiliza un esquema de autenticación débil cuando el archivo de configuración no especifica un esquema, lo cual tiene un impacto no especificado y vectores de ataque. Candlepin is an open source entitlement management system. It tracks the product... • http://rhn.redhat.com/errata/RHSA-2013-1863.html • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-6119 – Candlepin: Re-enable manifest signature checking
https://notcve.org/view.php?id=CVE-2012-6119
02 Apr 2013 — Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. Candlepin antes de v0.7.24, tal como se utiliza en el Administrador de Activos de Red Hat Suscripción antes de v1.2.1, no comprueba correctamente firmas de los manifest, que permite a usuarios locales modificarlos. • http://rhn.redhat.com/errata/RHSA-2013-0686.html • CWE-264: Permissions, Privileges, and Access Controls •