Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown
CVE-2021-41415
Disclosure Date: June 15, 2022 (last updated October 07, 2023)
Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.
0
Attacker Value
Unknown
CVE-2014-0026
Disclosure Date: December 11, 2019 (last updated November 27, 2024)
katello-headpin is vulnerable to CSRF in REST API
0
Attacker Value
Unknown
CVE-2014-0029
Disclosure Date: October 16, 2017 (last updated November 26, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
0
Attacker Value
Unknown
CVE-2013-6439
Disclosure Date: December 23, 2013 (last updated October 05, 2023)
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.
0
Attacker Value
Unknown
CVE-2012-6119
Disclosure Date: April 02, 2013 (last updated October 05, 2023)
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
0
Attacker Value
Unknown
CVE-2013-1823
Disclosure Date: April 02, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.
0
Attacker Value
Unknown
CVE-2011-5136
Disclosure Date: August 30, 2012 (last updated October 05, 2023)
showImg.php in EPractize Labs Subscription Manager, possibly 1.0, allows remote attackers to overwrite arbitrary files via the db parameter.
0
