Filtered by vendor Redhat
Subscriptions
Total
5537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3423 | 1 Redhat | 1 Icedtea-web | 2014-10-04 | N/A |
| The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | ||||
| CVE-2012-3422 | 1 Redhat | 1 Icedtea-web | 2014-10-04 | N/A |
| The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. | ||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2014-10-04 | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | ||||
| CVE-2014-3518 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more | 2014-07-23 | N/A |
| jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2011-2514 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | ||||
| CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | ||||
| CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2014-06-21 | N/A |
| The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2013-6470 | 1 Redhat | 1 Openstack | 2014-06-03 | N/A |
| The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | ||||
| CVE-2014-0149 | 1 Redhat | 1 Jboss Web Framework Kit | 2014-05-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | ||||
| CVE-2014-0071 | 1 Redhat | 1 Openstack | 2014-04-17 | N/A |
| PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | ||||
| CVE-2013-6468 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Drools, Jboss Enterprise Brms Platform | 2014-04-11 | N/A |
| JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression. | ||||
| CVE-2012-0032 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | N/A |
| Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. | ||||
| CVE-2011-4573 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | ||||
| CVE-2013-7347 | 1 Redhat | 2 Conga, Enterprise Linux | 2014-03-31 | N/A |
| Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie. | ||||
| CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2014-03-16 | N/A |
| The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | ||||
| CVE-2011-2941 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2014-03-10 | N/A |
| Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. | ||||
| CVE-2011-4580 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2014-03-10 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2014-03-08 | N/A |
| The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | ||||
| CVE-2013-1921 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2014-03-08 | N/A |
| PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | ||||
| CVE-2011-4610 | 1 Redhat | 4 Jboss Communications Platform, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 1 more | 2014-03-06 | N/A |
| JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer." | ||||