Filtered by vendor Redhat
Subscriptions
Total
5537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1841 | 1 Redhat | 1 Enterprise Virtualization | 2015-09-09 | N/A |
| The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | ||||
| CVE-2013-1886 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2015-08-26 | N/A |
| Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | ||||
| CVE-2015-0298 | 1 Redhat | 1 Mod Cluster | 2015-08-25 | N/A |
| Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | ||||
| CVE-2015-5176 | 1 Redhat | 1 Jboss Portal | 2015-08-11 | N/A |
| The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource. | ||||
| CVE-2014-8175 | 1 Redhat | 1 Jboss Fuse | 2015-07-09 | N/A |
| Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | ||||
| CVE-2014-8125 | 1 Redhat | 2 Drools, Jbpm | 2015-05-26 | N/A |
| XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. | ||||
| CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2015-04-23 | N/A |
| DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | ||||
| CVE-2014-0005 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform | 2015-03-28 | N/A |
| PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. | ||||
| CVE-2014-3682 | 1 Redhat | 1 Jbpm-designer | 2015-03-24 | N/A |
| XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file. | ||||
| CVE-2014-8115 | 1 Redhat | 1 Kie Workbench | 2015-03-23 | N/A |
| The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2015-03-04 | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | ||||
| CVE-2013-2035 | 1 Redhat | 1 Hawtjni | 2015-01-18 | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | ||||
| CVE-2012-0034 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2015-01-18 | N/A |
| The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | ||||
| CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2015-01-06 | N/A |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | ||||
| CVE-2013-6457 | 1 Redhat | 1 Libvirt | 2015-01-03 | N/A |
| The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. | ||||
| CVE-2013-6458 | 1 Redhat | 1 Libvirt | 2015-01-03 | N/A |
| Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. | ||||
| CVE-2014-0028 | 1 Redhat | 1 Libvirt | 2015-01-03 | N/A |
| libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. | ||||
| CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2015-01-03 | N/A |
| Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | ||||
| CVE-2014-3703 | 1 Redhat | 1 Packstack | 2014-12-05 | N/A |
| OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2014-7968 | 1 Redhat | 1 Virtual Desktop Service Manager | 2014-10-23 | N/A |
| VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | ||||