Filtered by vendor Redhat
Subscriptions
Total
5537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7827 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-09-08 | N/A |
| The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | ||||
| CVE-2015-5293 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-09-07 | N/A |
| Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable. | ||||
| CVE-2014-8163 | 1 Redhat | 1 Satellite | 2017-09-05 | N/A |
| Directory traversal vulnerability in the XMLRPC interface in Red Hat Satellite 5. | ||||
| CVE-2014-8168 | 1 Redhat | 1 Satellite | 2017-09-04 | N/A |
| Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | ||||
| CVE-2014-0141 | 1 Redhat | 1 Satellite | 2017-08-31 | N/A |
| Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. | ||||
| CVE-2016-6310 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-30 | N/A |
| oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in /var/log/ovirt-engine/engine.log file in RHEV before 4.0. | ||||
| CVE-2014-5009 | 3 Nagios, Redhat, Snoopy | 3 Nagios, Openstack, Snoopy | 2017-08-29 | N/A |
| Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008. | ||||
| CVE-2014-4975 | 4 Canonical, Debian, Redhat and 1 more | 7 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 4 more | 2017-08-29 | N/A |
| Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial of service (segmentation fault) via vectors that trigger a stack-based buffer overflow. | ||||
| CVE-2014-3481 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | N/A |
| org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3472 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | N/A |
| The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. | ||||
| CVE-2014-3464 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133. | ||||
| CVE-2014-1869 | 2 Redhat, Zeroclipboard Project | 2 Openshift, Zeroclipboard | 2017-08-29 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters (aka loaderInfo.parameters). | ||||
| CVE-2014-0170 | 2 Jboss, Redhat | 2 Teiid, Jboss Data Virtualization | 2017-08-29 | N/A |
| Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-4373 | 1 Redhat | 1 Jboss Operations Network | 2017-08-29 | N/A |
| The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | ||||
| CVE-2013-4213 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | ||||
| CVE-2013-4128 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | ||||
| CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-29 | N/A |
| Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | ||||
| CVE-2013-1885 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/. | ||||
| CVE-2013-1815 | 1 Redhat | 3 Openstack Essex, Openstack Folsom, Packstack | 2017-08-29 | N/A |
| PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | ||||
| CVE-2013-0336 | 1 Redhat | 1 Freeipa | 2017-08-29 | N/A |
| The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | ||||