Filtered by vendor Redhat
Subscribe
Search
Total
4673 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3561 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-29 | 2.1 LOW | N/A |
| The rhevm-log-collector package in Red Hat Enterprise Virtualization 3.4 uses the PostgreSQL database password on the command line when calling sosreport, which allows local users to obtain sensitive information by listing the processes. | |||||
| CVE-2014-3664 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2017-08-29 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Overall/READ permission to read arbitrary files via unspecified vectors. | |||||
| CVE-2014-0170 | 2 Jboss, Redhat | 2 Teiid, Jboss Data Virtualization | 2017-08-29 | 4.3 MEDIUM | N/A |
| Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-0218 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2017-08-29 | 2.1 LOW | N/A |
| The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by reading this file. | |||||
| CVE-2013-6439 | 1 Redhat | 1 Subscription Asset Manager | 2017-08-29 | 9.3 HIGH | N/A |
| Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vectors. | |||||
| CVE-2013-4213 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||||
| CVE-2013-4128 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | |||||
| CVE-2013-2151 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-29 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
| CVE-2013-2152 | 1 Redhat | 1 Enterprise Virtualization | 2017-08-29 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspecified folder. | |||||
| CVE-2013-2050 | 1 Redhat | 2 Cloudforms Management Engine, Manageiq Enterprise Virtualization Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action. | |||||
| CVE-2013-1962 | 1 Redhat | 1 Libvirt | 2017-08-29 | 5.0 MEDIUM | N/A |
| The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number of requests "to list all volumes for the particular pool." | |||||
| CVE-2013-1885 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/. | |||||
| CVE-2013-1815 | 1 Redhat | 3 Openstack Essex, Openstack Folsom, Packstack | 2017-08-29 | 4.4 MEDIUM | N/A |
| PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create the answer file in insecure directories such as /tmp or the current working directory, which allows local users to modify deployed systems by changing this file. | |||||
| CVE-2013-0336 | 1 Redhat | 1 Freeipa | 2017-08-29 | 5.0 MEDIUM | N/A |
| The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 directory server. | |||||
| CVE-2013-0241 | 3 Canonical, Qxl Graphics Driver Project, Redhat | 5 Ubuntu Linux, Xf86-video-qxl, Enterprise Linux Desktop and 2 more | 2017-08-29 | 2.1 LOW | N/A |
| The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-0199 | 1 Redhat | 1 Freeipa | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. | |||||
| CVE-2013-4373 | 1 Redhat | 1 Jboss Operations Network | 2017-08-29 | 3.2 LOW | N/A |
| The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files. | |||||
| CVE-2012-4574 | 1 Redhat | 1 Cloudforms | 2017-08-29 | 2.1 LOW | N/A |
| Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file. | |||||
| CVE-2012-5478 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2017-08-29 | 4.9 MEDIUM | N/A |
| The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and perform arbitrary JMX operations via unspecified vectors. | |||||
| CVE-2012-5516 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 2.1 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-5603 | 1 Redhat | 1 Cloudforms | 2017-08-29 | 5.5 MEDIUM | N/A |
| proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | |||||
| CVE-2012-5605 | 1 Redhat | 1 Cloudforms | 2017-08-29 | 2.1 LOW | N/A |
| Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | |||||
| CVE-2012-6115 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 2.1 LOW | N/A |
| The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2012-6137 | 1 Redhat | 9 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Eus and 6 more | 2017-08-29 | 4.3 MEDIUM | N/A |
| rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials. | |||||
| CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||
| CVE-2012-0860 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 6.2 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/. | |||||
| CVE-2012-3538 | 1 Redhat | 1 Cloudforms | 2017-08-29 | 3.3 LOW | N/A |
| Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log. | |||||
| CVE-2012-3431 | 1 Redhat | 1 Jboss Enterprise Data Services Platform | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote attackers to obtain login credentials via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-3427 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 2.1 LOW | N/A |
| EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory. | |||||
| CVE-2012-3370 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2017-08-29 | 5.8 MEDIUM | N/A |
| The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users. | |||||
| CVE-2012-3369 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2017-08-29 | 4.0 MEDIUM | N/A |
| The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. | |||||
| CVE-2012-3367 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | 5.5 MEDIUM | N/A |
| Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. | |||||
| CVE-2012-2735 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 4.9 MEDIUM | N/A |
| Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie. | |||||
| CVE-2012-2734 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors. | |||||
| CVE-2012-2696 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 2.7 LOW | N/A |
| The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | |||||
| CVE-2012-2685 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 4.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote authenticated users to cause a denial of service (memory consumption) via a large size in an image request. | |||||
| CVE-2012-2683 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages." | |||||
| CVE-2012-2681 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 5.8 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key. | |||||
| CVE-2012-2680 | 2 Redhat, Trevor Mckay | 2 Enterprise Mrg, Cumin | 2017-08-29 | 5.0 MEDIUM | N/A |
| Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to (1) "web pages," (2) "export functionality," and (3) "image viewing." | |||||
| CVE-2012-2679 | 1 Redhat | 1 Rhncfg | 2017-08-29 | 2.1 LOW | N/A |
| Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive information about the rhncfg-client actions by reading the file. | |||||
| CVE-2012-2664 | 1 Redhat | 1 Sos | 2017-08-29 | 4.3 MEDIUM | N/A |
| The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file (/root/anaconda-ks.cfg) when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes. | |||||
| CVE-2012-2662 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages. | |||||
| CVE-2012-2377 | 1 Redhat | 3 Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform, Jboss Enterprise Soa Platform | 2017-08-29 | 3.3 LOW | N/A |
| JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | |||||
| CVE-2012-1167 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Soa Platform and 1 more | 2017-08-29 | 4.6 MEDIUM | N/A |
| The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. | |||||
| CVE-2012-1149 | 5 Apache, Debian, Fedoraproject and 2 more | 10 Openoffice.org, Debian Linux, Fedora and 7 more | 2017-08-29 | 7.5 HIGH | N/A |
| Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow. | |||||
| CVE-2012-1106 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2017-08-29 | 1.9 LOW | N/A |
| The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information. | |||||
| CVE-2012-0874 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2017-08-29 | 6.8 MEDIUM | N/A |
| The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer. | |||||
| CVE-2012-0818 | 1 Redhat | 1 Resteasy | 2017-08-29 | 5.0 MEDIUM | N/A |
| RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. | |||||
| CVE-2012-0861 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 6.8 MEDIUM | N/A |
| The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. | |||||
| CVE-2011-4608 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 7.5 HIGH | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | |||||