Vulnerabilities > Redhat > Richfaces
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-06 | CVE-2018-14667 | Code Injection vulnerability in Redhat Enterprise Linux and Richfaces The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. | 7.5 |
| 2018-06-18 | CVE-2018-12533 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310. | 7.5 |
| 2018-06-18 | CVE-2018-12532 | Expression Language Injection vulnerability in Redhat Richfaces JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309. | 7.5 |
| 2015-03-26 | CVE-2015-0279 | Code Injection vulnerability in Redhat Richfaces JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter. | 6.8 |
| 2014-03-31 | CVE-2014-0086 | Improper Input Validation vulnerability in Redhat Jboss web Framework KIT and Richfaces The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests. | 4.3 |