katello

Top products

The 10 most recently published vulnerabilities affecting katello.

• CVE-2014-0183Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering.6.1Jan 2, 2020
• CVE-2013-4120Katello has a Denial of Service vulnerability in API OAuth authentication7.5Dec 10, 2019
• CVE-2013-0283Katello: Username in Notification page has cross site scripting5.4Dec 5, 2019
• CVE-2013-2101Katello has multiple XSS issues in various entities5.4Dec 3, 2019
• CVE-2013-4201Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.4.3May 1, 2018
• CVE-2016-3072Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL command...8.8Jun 7, 2016
• CVE-2014-3712Katello allows remote attackers to cause a denial of service (memory consumption) via the (1) mode parameter in the setup_utils function in content_search_controller.rb or (2) action parameter in t...5.0Nov 3, 2014
• CVE-2013-4455Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by rea...2.1May 14, 2014
• CVE-2012-6116modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin C...2.1Mar 1, 2013
• CVE-2012-5561script/katello-generate-passphrase in Katello 1.1 uses world-readable permissions for /etc/katello/secure/passphrase, which allows local users to obtain the passphrase by reading the file.2.1Mar 1, 2013