Vulnerabilities > Redhat
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-03 | CVE-2016-5398 | Cross-site Scripting vulnerability in Redhat Jboss BPM Suite Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | 5.4 |
| 2016-09-27 | CVE-2016-6330 | Deserialization of Untrusted Data vulnerability in Redhat Jboss Operations Network The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | 9.8 |
| 2016-09-27 | CVE-2016-4978 | Deserialization of Untrusted Data vulnerability in multiple products The getObject method of the javax.jms.ObjectMessage class in the (1) JMS Core client, (2) Artemis broker, and (3) Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget classes being present on the Artemis classpath. | 7.2 |
| 2016-09-26 | CVE-2016-5406 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | 8.8 |
| 2016-09-26 | CVE-2016-4993 | HTTP Response Splitting vulnerability in Redhat Jboss Enterprise Application Platform CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |
| 2016-09-26 | CVE-2016-3110 | Improper Input Validation vulnerability in multiple products mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | 7.5 |
| 2016-09-22 | CVE-2016-6340 | 7PK - Security Features vulnerability in Redhat Quickstart Cloud Installer The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces use of MD5 passwords on deployed systems, which makes it easier for attackers to determine cleartext passwords via a brute-force attack. | 8.4 |
| 2016-09-22 | CVE-2016-6322 | Permissions, Privileges, and Access Controls vulnerability in Redhat Quickstart Cloud Installer Red Hat QuickStart Cloud Installer (QCI) uses world-readable permissions for /etc/qci/answers, which allows local users to obtain the root password for the deployed system by reading the file. | 8.4 |
| 2016-09-21 | CVE-2016-7166 | Resource Management Errors vulnerability in multiple products libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file. | 5.5 |
| 2016-09-21 | CVE-2016-7163 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write. | 7.8 |