Filtered by vendor Redhat
Subscribe
Total
5664 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3656 | 1 Redhat | 1 Jboss Keycloak | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: XSS in login-status-iframe.html | |||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | |||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | |||||
| CVE-2014-3650 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. | |||||
| CVE-2014-3649 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBoss AeroGear has reflected XSS via the password field | |||||
| CVE-2014-3648 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | |||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | |||||
| CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenShift Origin: Improperly validated team names could allow stored XSS attacks | |||||
| CVE-2014-3590 | 1 Redhat | 1 Satellite | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | |||||
| CVE-2014-3585 | 1 Redhat | 2 Enterprise Linux, Redhat-upgrade-tool | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | |||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | |||||
| CVE-2014-2686 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ansible prior to 1.5.4 mishandles the evaluation of some strings. | |||||
| CVE-2014-1859 | 3 Fedoraproject, Numpy, Redhat | 3 Fedora, Numpy, Enterprise Linux | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| (1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2014-0245 | 1 Redhat | 1 Jboss Portal | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0. | |||||
| CVE-2014-0241 | 2 Redhat, Theforeman | 2 Satellite, Hammer Cli | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable | |||||
| CVE-2014-0234 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. | |||||
| CVE-2014-0197 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CFME: CSRF protection vulnerability via permissive check of the referrer header | |||||
| CVE-2014-0183 | 1 Redhat | 1 Subscription Asset Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. | |||||
| CVE-2014-0175 | 3 Debian, Puppet, Redhat | 3 Debian Linux, Marionette Collective, Openshift | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| mcollective has a default password set at install | |||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | |||||