CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0183
https://notcve.org/view.php?id=CVE-2014-0183
Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. Las versiones de Katello que se incluyen con Red Hat Subscription Asset Manager versión 1.4, son vulnerables a un ataque de tipo XSS por medio de HTML en el nombre systems durante el registro. • https://access.redhat.com/security/cve/cve-2014-0183 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0183 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0026
https://notcve.org/view.php?id=CVE-2014-0026
katello-headpin is vulnerable to CSRF in REST API katello-headpin es vulnerable a un ataque de tipo CSRF en la API REST. • https://access.redhat.com/security/cve/cve-2014-0026 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0026 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2013-6461
https://notcve.org/view.php?id=CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits La gema Nokogiri versiones 1.5.x y 1.6.x, tienebn una DoS durante el análisis de entidades XML al fallar para aplicar límites. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6461 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6461 https://exchange.xforce.ibmcloud.com/vulnerabilities/90059 https://security-tracker.debian.org/tracker/CVE-2013-6461 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2013-6460
https://notcve.org/view.php?id=CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents La gema Nokogiri versiones 1.5.x, tiene una Denegación de Servicio por medio de un bucle infinito cuando se analizan documentos XML. • http://www.openwall.com/lists/oss-security/2013/12/27/2 http://www.securityfocus.com/bid/64513 https://access.redhat.com/security/cve/cve-2013-6460 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6460 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-6460 https://exchange.xforce.ibmcloud.com/vulnerabilities/90058 https://security-tracker.debian.org/tracker/CVE-2013-6460 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0029
https://notcve.org/view.php?id=CVE-2014-0029
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) en la aplicación web SAM en Red Hat katello-headpin permiten que atacantes remotos inyecten scripts web o HTML arbitrarios mediante parámetros sin especificar. • https://bugzilla.redhat.com/show_bug.cgi?id=1059433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •