Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/candlepin@0.7.23-1?arch=el6_3
purl pkg:rpm/redhat/candlepin@0.7.23-1?arch=el6_3
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-64vt-66fw-53dk
Aliases:
CVE-2013-0184
GHSA-v882-ccj6-jc48
OSV-89327
Rack vulnerable to Denial of Service Unspecified vulnerability in `Rack::Auth::AbstractRequest` in Rack 1.1.x before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before 1.4.4 allows remote attackers to cause a denial of service via unknown vectors related to "symbolized arbitrary strings." There are no reported fixed by versions.
VCID-g23a-fndf-aucp
Aliases:
CVE-2012-5561
Katello: /etc/katello/secure/passphrase is world readable There are no reported fixed by versions.
VCID-h6mf-a3pd-d3hb
Aliases:
CVE-2013-0183
GHSA-3pxh-h8hw-mj8w
OSV-89320
Rack rubygems receiving excessively long lines triggers out-of-memory error multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a long string in a Multipart HTTP packet. There are no reported fixed by versions.
VCID-ngv1-73vp-mbac
Aliases:
CVE-2013-0162
GHSA-8mvw-22r7-w6fq
OSV-90561
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name The `diff_pp` function in `lib/gauntlet_rubyparser.rb` in the ruby_parser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in `/tmp`. There are no reported fixed by versions.
VCID-ts7r-dady-tua3
Aliases:
CVE-2012-6109
GHSA-h77x-m5q8-c29h
OSV-89317
Rack vulnerable to REDoS `lib/rack/multipart.rb` in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x before 1.3.7, and 1.4.x before 1.4.2 uses an incorrect regular expression, which allows remote attackers to cause a denial of service (infinite loop) via a crafted Content-Disposion header. There are no reported fixed by versions.
VCID-wcj5-srv6-rbbg
Aliases:
CVE-2012-5603
Katello: lack of authorization in proxies_controller.rb There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-29T10:12:56.752726+00:00 RedHat Importer Affected by VCID-64vt-66fw-53dk https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0184.json 38.6.0
2026-05-29T10:12:56.393766+00:00 RedHat Importer Affected by VCID-ts7r-dady-tua3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6109.json 38.6.0
2026-05-29T10:10:54.121338+00:00 RedHat Importer Affected by VCID-wcj5-srv6-rbbg https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5603.json 38.6.0
2026-05-29T10:10:45.493455+00:00 RedHat Importer Affected by VCID-g23a-fndf-aucp https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5561.json 38.6.0
2026-05-29T10:10:29.444136+00:00 RedHat Importer Affected by VCID-h6mf-a3pd-d3hb https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0183.json 38.6.0
2026-05-29T10:10:24.908980+00:00 RedHat Importer Affected by VCID-ngv1-73vp-mbac https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0162.json 38.6.0