Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-13 | CVE-2016-7796 | Improper Input Validation vulnerability in multiple products The manager_dispatch_notify_fd function in systemd allows local users to cause a denial of service (system hang) via a zero-length message received over a notify socket, which causes an error to be returned and the notification handler to be disabled. | 5.5 |
| 2016-10-13 | CVE-2016-7065 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Enterprise Application Platform 4.0.0/5.0.0 The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object. | 8.8 |
| 2016-10-07 | CVE-2016-1000007 | Cross-site Scripting vulnerability in Redhat Pagure 2.2.1 Pagure 2.2.1 XSS in raw file endpoint | 6.1 |
| 2016-10-07 | CVE-2016-7040 | Improper Access Control vulnerability in Redhat Cloudforms Management Engine 4.1 Red Hat CloudForms Management Engine 4.1 does not properly handle regular expressions passed to the expression engine via the JSON API and the web-based UI, which allows remote authenticated users to execute arbitrary shell commands by leveraging the ability to view and filter collections. | 8.8 |
| 2016-10-07 | CVE-2016-3699 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | 7.4 |
| 2016-10-03 | CVE-2016-7046 | Resource Management Errors vulnerability in Redhat Jboss Enterprise Application Platform 7.0 Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service (CPU and disk consumption) via a long URL. | 5.9 |
| 2016-10-03 | CVE-2016-7031 | 7PK - Security Features vulnerability in multiple products The RGW code in Ceph before 10.0.1, when authenticated-read ACL is applied to a bucket, allows remote attackers to list the bucket contents via a URL. | 7.5 |
| 2016-10-03 | CVE-2016-5432 | Information Exposure Through Log Files vulnerability in Redhat Enterprise Virtualization 4.0 The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows local users to obtain sensitive database provisioning information by reading log files. | 3.3 |
| 2016-10-03 | CVE-2016-5398 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | 5.4 |
| 2016-09-27 | CVE-2016-6330 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Operations Network The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | 9.8 |