Vulnerabilities > Redhat > Jboss Enterprise WEB Server > High

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-25710 A flaw was found in OpenLDAP in versions before 2.4.56.
network
low complexity
openldap redhat debian fedoraproject
7.5
2020-01-23 CVE-2012-5626 Unspecified vulnerability in Redhat products
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
network
low complexity
redhat
7.5
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5
2019-12-15 CVE-2014-3701 Race Condition vulnerability in Redhat Edeploy and Jboss Enterprise web Server
eDeploy has tmp file race condition flaws
network
high complexity
redhat CWE-362
8.1
2018-08-02 CVE-2018-1336 Infinite Loop vulnerability in multiple products
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.
network
low complexity
apache redhat debian canonical CWE-835
7.5
2017-10-24 CVE-2017-12613 Out-of-bounds Read vulnerability in multiple products
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
local
low complexity
apache debian redhat CWE-125
7.1
2017-10-04 CVE-2017-12617 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache canonical oracle debian netapp redhat CWE-434
8.1
2017-09-25 CVE-2015-5184 Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server
Console: CORS headers set to allow all in Red Hat AMQ.
network
low complexity
redhat
7.5
2017-09-25 CVE-2015-5183 Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
network
low complexity
redhat
7.5
2017-09-19 CVE-2017-12615 Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs enabled (e.g.
network
high complexity
apache netapp redhat CWE-434
8.1