This page lists publicly disclosed CVE vulnerabilities affecting redhat subscription_asset_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-6685 | Nokogiri before 1.5.4 is vulnerable to XXE attacks | [email protected] | 7.5 | 2.11% | 2020-02-19 | 2026-06-16 |
| CVE-2014-0183 | Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | [email protected] | 6.1 | 0.66% | 2020-01-02 | 2026-06-16 |
| CVE-2014-0026 | katello-headpin is vulnerable to CSRF in REST API | [email protected] | 6.5 | 0.43% | 2019-12-11 | 2026-06-16 |
| CVE-2013-6461 | Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | [email protected] | 6.5 | 2.19% | 2019-11-05 | 2026-06-16 |
| CVE-2013-6460 | Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | [email protected] | 6.5 | 2.08% | 2019-11-05 | 2026-06-16 |
| CVE-2015-7501 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Com | [email protected] | 9.8 | 83.27% | 2017-11-09 | 2026-06-16 |
| CVE-2014-0029 | Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | [email protected] | 6.1 | 0.75% | 2017-10-16 | 2026-06-16 |
| CVE-2014-0130 KEV | Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request. | [email protected] | 7.5 | 53.70% | 2014-05-07 | 2026-06-16 |
| CVE-2013-6439 | Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | [email protected] | 9.3 | 1.57% | 2013-12-23 | 2026-06-16 |
| CVE-2013-1823 | Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. | [email protected] | 4.3 | 1.90% | 2013-04-02 | 2026-06-16 |
| CVE-2012-6119 | Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | [email protected] | 2.1 | 0.42% | 2013-04-02 | 2026-06-16 |