Subscription asset manager
This hub aggregates every CVE we track for Subscription asset manager, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
11
CVEs tracked
2
Critical
2
High
1
In CISA KEV
Severity distribution
MEDIUM6HIGH2CRITICAL2LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Subscription asset manager.
- CVE-2012-6685Nokogiri before 1.5.4 is vulnerable to XXE attacks7.5
- CVE-2014-0183Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.6.1
- CVE-2014-0026katello-headpin is vulnerable to CSRF in REST API6.5
- CVE-2013-6461Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits6.5
- CVE-2013-6460Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents6.5
- CVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Servi...9.8
- CVE-2014-0029Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.6.1
- CVE-2014-0130Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, whe...KEV7.5
- CVE-2013-6439Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vect...9.3
- CVE-2013-1823Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username...4.3
- CVE-2012-6119Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.2.1
Product normalization is registry-driven with AI assist and human review. How it works