Jan Rusnacko

**Name of the Vulnerable Software and Affected Versions** CFME (affected versions not specified) **Description** The issue concerns a CSRF protection vulnerability due to a permissive check of the referrer header. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Katello (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, through two vulnerable parameters: - the `mode` parameter in the `setup utils` function in `content search controller.rb`, - the `action` parameter in the `respond` function in `api/api controller.rb` in `app/controllers/katello/`. These parameters are passed to the `to sym` method. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.