Vulnerabilities > Redhat

DATE CVE VULNERABILITY TITLE RISK
2016-09-27 CVE-2016-6330 Deserialization of Untrusted Data vulnerability in Redhat Jboss Operations Network
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
network
low complexity
redhat CWE-502
critical
9.8
2016-09-27 CVE-2016-4978 Deserialization of Untrusted Data vulnerability in multiple products
The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath.
network
low complexity
apache redhat CWE-502
7.2
2016-09-26 CVE-2016-5406 Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
network
low complexity
redhat CWE-264
8.8
2016-09-26 CVE-2016-4993 HTTP Response Splitting vulnerability in Redhat Jboss Enterprise Application Platform
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
network
low complexity
redhat CWE-113
6.1
2016-09-26 CVE-2016-3110 Improper Input Validation vulnerability in multiple products
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
network
low complexity
redhat fedoraproject CWE-20
7.5
2016-09-22 CVE-2016-6340 7PK - Security Features vulnerability in Redhat Quickstart Cloud Installer
The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack.
local
low complexity
redhat CWE-254
8.4
2016-09-22 CVE-2016-6322 Permissions, Privileges, and Access Controls vulnerability in Redhat Quickstart Cloud Installer
Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file.
local
low complexity
redhat CWE-264
8.4
2016-09-21 CVE-2016-7166 Resource Management Errors vulnerability in multiple products
libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.
local
low complexity
redhat libarchive oracle CWE-399
5.5
2016-09-21 CVE-2016-7163 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
7.8
2016-09-21 CVE-2016-5844 Integer Overflow or Wraparound vulnerability in multiple products
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
network
low complexity
libarchive redhat oracle CWE-190
6.5