VYPR
Vendor

Candlepinproject

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2015-5187MedJul 25, 2017
    risk 0.42cvss 6.5epss 0.02

    Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.

  • CVE-2023-1832Oct 4, 2023
    risk 0.00cvss epss 0.00

    An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.

  • CVE-2012-6119Apr 2, 2013
    risk 0.00cvss epss 0.00

    Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.