Filtered by vendor Redhat
Subscribe
Total
5151 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0071 | 1 Redhat | 1 Openstack | 2014-04-17 | 6.4 MEDIUM | N/A |
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections. | |||||
CVE-2013-6468 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Drools, Jboss Enterprise Brms Platform | 2014-04-11 | 6.5 MEDIUM | N/A |
JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression. | |||||
CVE-2012-0032 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | 3.7 LOW | N/A |
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. | |||||
CVE-2011-4573 | 1 Redhat | 1 Jboss Operations Network | 2014-04-01 | 3.5 LOW | N/A |
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | |||||
CVE-2013-7347 | 1 Redhat | 2 Conga, Enterprise Linux | 2014-03-31 | 3.7 LOW | N/A |
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie. | |||||
CVE-2013-6493 | 1 Redhat | 1 Icedtea-web | 2014-03-15 | 2.1 LOW | N/A |
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp. | |||||
CVE-2011-2941 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2014-03-10 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter. | |||||
CVE-2011-4580 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2014-03-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2013-4112 | 2 Jgroups, Redhat | 2 Jgroup, Jboss Enterprise Application Platform | 2014-03-07 | 5.4 MEDIUM | N/A |
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code by reusing valid credentials. | |||||
CVE-2013-1921 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2014-03-07 | 1.9 LOW | N/A |
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | |||||
CVE-2011-4610 | 1 Redhat | 4 Jboss Communications Platform, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 1 more | 2014-03-05 | 5.0 MEDIUM | N/A |
JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer." | |||||
CVE-2011-3589 | 1 Redhat | 1 Kexec-tools | 2014-03-05 | 5.7 MEDIUM | N/A |
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. | |||||
CVE-2011-3590 | 1 Redhat | 1 Kexec-tools | 2014-03-05 | 5.7 MEDIUM | N/A |
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. | |||||
CVE-2011-3588 | 1 Redhat | 1 Kexec-tools | 2014-03-05 | 5.7 MEDIUM | N/A |
The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. | |||||
CVE-2011-1594 | 1 Redhat | 2 Network Satellite, Spacewalk | 2014-02-24 | 5.8 MEDIUM | N/A |
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url_bounce parameter. | |||||
CVE-2011-3206 | 2 Redhat, Rhq-project | 2 Jboss Operations Network, Rhq | 2014-02-20 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-4083 | 1 Redhat | 1 Sos | 2014-02-18 | 4.3 MEDIUM | N/A |
The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes (1) Certificate-based Red Hat Network private entitlement keys and the (2) private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive information by reading the archive. | |||||
CVE-2012-1100 | 1 Redhat | 1 Jboss Operations Network | 2014-02-14 | 5.8 MEDIUM | N/A |
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request. | |||||
CVE-2012-0062 | 1 Redhat | 1 Jboss Operations Network | 2014-02-14 | 5.8 MEDIUM | N/A |
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. | |||||
CVE-2012-0052 | 1 Redhat | 1 Jboss Operations Network | 2014-02-14 | 5.8 MEDIUM | N/A |
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name. |