Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Redhat Subscribe
Total 5151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5247 2 Canonical, Redhat 2 Ubuntu Linux, Libvirt 2016-04-18 4.0 MEDIUM 6.5 MEDIUM
The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool.
CVE-2014-3925 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Sos 2016-04-06 5.0 MEDIUM N/A
sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVE-2015-5304 1 Redhat 1 Jboss Enterprise Application Platform 2015-12-17 3.5 LOW N/A
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
CVE-2015-5242 1 Redhat 1 Gluster Storage 2015-11-27 6.0 MEDIUM N/A
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
CVE-2000-0219 1 Redhat 1 Linux 2015-11-04 7.2 HIGH N/A
Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt.
CVE-2014-3586 1 Redhat 1 Jboss Enterprise Application Platform 2015-10-13 2.1 LOW N/A
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-0297 1 Redhat 1 Jboss Operations Network 2015-10-05 9.0 HIGH N/A
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
CVE-2015-1841 1 Redhat 1 Enterprise Virtualization 2015-09-09 3.7 LOW N/A
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.
CVE-2013-1886 1 Redhat 2 Certificate System, Dogtag Certificate System 2015-08-26 7.5 HIGH N/A
Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates.
CVE-2015-0298 1 Redhat 1 Mod Cluster 2015-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.
CVE-2015-5176 1 Redhat 1 Jboss Portal 2015-08-11 5.8 MEDIUM N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2014-8175 1 Redhat 1 Jboss Fuse 2015-07-09 6.0 MEDIUM N/A
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
CVE-2014-8125 1 Redhat 2 Drools, Jbpm 2015-05-26 7.5 HIGH N/A
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.
CVE-2014-7839 1 Redhat 1 Resteasy 2015-04-22 6.4 MEDIUM N/A
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.
CVE-2014-0005 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform 2015-03-27 3.6 LOW N/A
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.
CVE-2014-3682 1 Redhat 1 Jbpm-designer 2015-03-24 7.5 HIGH N/A
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
CVE-2014-8115 1 Redhat 1 Kie Workbench 2015-03-23 6.5 MEDIUM N/A
The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors.
CVE-2014-7816 2 Microsoft, Redhat 2 Windows, Undertow 2015-03-04 5.0 MEDIUM N/A
Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI.
CVE-2015-1565 4 Hitachi, Microsoft, Novell and 1 more 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more 2015-02-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-5066 1 Redhat 2 Jboss Community Application Server, Jboss Enterprise Application Platform 2015-01-17 2.1 LOW N/A
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.