Filtered by vendor Redhat
Subscribe
Total
5151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0034 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2015-01-17 | 2.1 LOW | N/A |
| The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | |||||
| CVE-2013-2035 | 1 Redhat | 1 Hawtjni | 2015-01-17 | 4.4 MEDIUM | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | |||||
| CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2015-01-06 | 4.0 MEDIUM | N/A |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | |||||
| CVE-2013-6457 | 1 Redhat | 1 Libvirt | 2015-01-02 | 5.2 MEDIUM | N/A |
| The libxlDomainGetNumaParameters function in the libxl driver (libxl/libxl_driver.c) in libvirt before 1.2.1 does not properly initialize the nodemap, which allows local users to cause a denial of service (invalid free operation and crash) or possibly execute arbitrary code via an inactive domain to the virsh numatune command. | |||||
| CVE-2013-6458 | 1 Redhat | 1 Libvirt | 2015-01-02 | 6.8 MEDIUM | N/A |
| Multiple race conditions in the (1) virDomainBlockStats, (2) virDomainGetBlockInf, (3) qemuDomainBlockJobImpl, and (4) virDomainGetBlockIoTune functions in libvirt before 1.2.1 do not properly verify that the disk is attached, which allows remote read-only attackers to cause a denial of service (libvirtd crash) via the virDomainDetachDeviceFlags command. | |||||
| CVE-2014-0028 | 1 Redhat | 1 Libvirt | 2015-01-02 | 4.3 MEDIUM | N/A |
| libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API. | |||||
| CVE-2014-1447 | 1 Redhat | 1 Libvirt | 2015-01-02 | 3.3 LOW | N/A |
| Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepalive response is sent. | |||||
| CVE-2013-5651 | 1 Redhat | 1 Libvirt | 2015-01-02 | 5.0 MEDIUM | N/A |
| The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonstrated by a large nodeset value to numatune. | |||||
| CVE-2013-4399 | 1 Redhat | 1 Libvirt | 2014-12-15 | 4.3 MEDIUM | N/A |
| The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection. | |||||
| CVE-2014-3703 | 1 Redhat | 1 Packstack | 2014-12-05 | 5.0 MEDIUM | N/A |
| OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2014-7968 | 1 Redhat | 1 Virtual Desktop Service Manager | 2014-10-23 | 5.0 MEDIUM | N/A |
| VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | |||||
| CVE-2012-3422 | 1 Redhat | 1 Icedtea-web | 2014-10-03 | 6.8 MEDIUM | N/A |
| The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read. | |||||
| CVE-2012-3423 | 1 Redhat | 1 Icedtea-web | 2014-10-03 | 7.5 HIGH | N/A |
| The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet. | |||||
| CVE-2010-3860 | 1 Redhat | 1 Icedtea | 2014-10-03 | 5.0 MEDIUM | N/A |
| IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before 1.9.2, as based on OpenJDK 6, declares multiple sensitive variables as public, which allows remote attackers to obtain sensitive information including (1) user.name, (2) user.home, and (3) java.home system properties, and other sensitive information such as installation directories. | |||||
| CVE-2014-3518 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 1 more | 2014-07-23 | 6.8 MEDIUM | N/A |
| jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2514 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 6.8 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | |||||
| CVE-2011-2513 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 5.0 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to obtain the username and full path of the home and cache directories by accessing properties of the ClassLoader. | |||||
| CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2014-06-20 | 4.3 MEDIUM | N/A |
| The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-6470 | 1 Redhat | 1 Openstack | 2014-06-03 | 5.0 MEDIUM | N/A |
| The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid, which allows remote attackers to gain access by connecting to Qpid. | |||||
| CVE-2014-0149 | 1 Redhat | 1 Jboss Web Framework Kit | 2014-05-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name. | |||||