Subscription Asset Manager Red Hat Subscription Asset Manager

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Red Hat Subscription Asset Manager.

By the Year

In 2024 there have been 0 vulnerabilities in Red Hat Subscription Asset Manager . Subscription Asset Manager did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 7.50
2019 2 6.50
2018 0 0.00

It may take a day or so for new Subscription Asset Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Subscription Asset Manager Security Vulnerabilities

Nokogiri before 1.5.4 is vulnerable to XXE attacks

CVE-2012-6685 7.5 - High - February 19, 2020

Nokogiri before 1.5.4 is vulnerable to XXE attacks

XEE

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

CVE-2013-6461 6.5 - Medium - November 05, 2019

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

XEE

Nokogiri gem 1.5.x has Denial of Service

CVE-2013-6460 6.5 - Medium - November 05, 2019

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

XEE

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3

CVE-2015-7501 9.8 - Critical - November 09, 2017

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Marshaling, Unmarshaling

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled

CVE-2014-0130 7.5 - High - May 07, 2014

Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.

Directory traversal

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme

CVE-2013-6439 - December 23, 2013

Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors.

authentification

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1

CVE-2013-1823 - April 02, 2013

Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Subscription Asset Manager or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe