Filtered by vendor Redhat
Subscribe
Total
5151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5247 | 2 Canonical, Redhat | 2 Ubuntu Linux, Libvirt | 2016-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unlink after creating a volume on a root_squash NFS pool. | |||||
| CVE-2014-3925 | 2 Canonical, Redhat | 3 Ubuntu Linux, Enterprise Linux, Sos | 2016-04-06 | 5.0 MEDIUM | N/A |
| sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux (RHEL) 5 produces an archive with an fstab file potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | |||||
| CVE-2015-5304 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2015-12-17 | 3.5 LOW | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-5242 | 1 Redhat | 1 Gluster Storage | 2015-11-27 | 6.0 MEDIUM | N/A |
| OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs). | |||||
| CVE-2000-0219 | 1 Redhat | 1 Linux | 2015-11-04 | 7.2 HIGH | N/A |
| Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. | |||||
| CVE-2014-3586 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2015-10-13 | 2.1 LOW | N/A |
| The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0297 | 1 Redhat | 1 Jboss Operations Network | 2015-10-05 | 9.0 HIGH | N/A |
| Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. | |||||
| CVE-2015-1841 | 1 Redhat | 1 Enterprise Virtualization | 2015-09-09 | 3.7 LOW | N/A |
| The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | |||||
| CVE-2013-1886 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2015-08-26 | 7.5 HIGH | N/A |
| Format string vulnerability in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to viewing certificates. | |||||
| CVE-2015-0298 | 1 Redhat | 1 Mod Cluster | 2015-08-25 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||||
| CVE-2015-5176 | 1 Redhat | 1 Jboss Portal | 2015-08-11 | 5.8 MEDIUM | N/A |
| The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource. | |||||
| CVE-2014-8175 | 1 Redhat | 1 Jboss Fuse | 2015-07-09 | 6.0 MEDIUM | N/A |
| Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | |||||
| CVE-2014-8125 | 1 Redhat | 2 Drools, Jbpm | 2015-05-26 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file. | |||||
| CVE-2014-7839 | 1 Redhat | 1 Resteasy | 2015-04-22 | 6.4 MEDIUM | N/A |
| DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. | |||||
| CVE-2014-0005 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform | 2015-03-27 | 3.6 LOW | N/A |
| PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. | |||||
| CVE-2014-3682 | 1 Redhat | 1 Jbpm-designer | 2015-03-24 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file. | |||||
| CVE-2014-8115 | 1 Redhat | 1 Kie Workbench | 2015-03-23 | 6.5 MEDIUM | N/A |
| The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2015-03-04 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | |||||
| CVE-2015-1565 | 4 Hitachi, Microsoft, Novell and 1 more | 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more | 2015-02-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-5066 | 1 Redhat | 2 Jboss Community Application Server, Jboss Enterprise Application Platform | 2015-01-17 | 2.1 LOW | N/A |
| twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments. | |||||