Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Bpms Subscriptions
Total 101 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0005 1 Redhat 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more 2025-04-12 N/A
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.
CVE-2014-0035 2 Apache, Redhat 7 Cxf, Jboss Amq, Jboss Bpms and 4 more 2025-04-12 N/A
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2015-0264 2 Apache, Redhat 6 Camel, Jboss Amq, Jboss Bpms and 3 more 2025-04-12 N/A
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
CVE-2014-3530 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more 2025-04-12 N/A
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue.
CVE-2014-0193 2 Netty, Redhat 10 Netty, Jboss Amq, Jboss Bpms and 7 more 2025-04-12 N/A
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames.
CVE-2016-6346 1 Redhat 6 Jboss Bpms, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more 2025-04-12 N/A
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-7033 1 Redhat 2 Jboss Bpm Suite, Jboss Bpms 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6153 2 Apache, Redhat 13 Commons-httpclient, Developer Toolset, Jboss Bpms and 10 more 2025-04-12 N/A
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
CVE-2014-0093 1 Redhat 5 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
CVE-2016-2175 3 Apache, Debian, Redhat 7 Pdfbox, Debian Linux, Jboss Amq and 4 more 2025-04-12 N/A
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
CVE-2013-4517 2 Apache, Redhat 10 Santuario Xml Security For Java, Jboss Bpms, Jboss Brms and 7 more 2025-04-11 N/A
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), related to signatures.
CVE-2013-2133 1 Redhat 5 Enterprise Linux, Jboss Bpms, Jboss Brms and 2 more 2025-04-11 N/A
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
CVE-2013-4286 2 Apache, Redhat 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more 2025-04-11 N/A
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CVE-2014-0018 1 Redhat 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.
CVE-2013-2035 1 Redhat 12 Fuse Mq Enterprise, Hawtjni, Jboss Amq and 9 more 2025-04-11 N/A
Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.
CVE-2013-4330 2 Apache, Redhat 10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2012-0818 1 Redhat 10 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 7 more 2025-04-11 N/A
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
CVE-2011-5245 1 Redhat 9 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 6 more 2025-04-11 N/A
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
CVE-2013-6440 3 Internet2, Redhat, Shibboleth 10 Opensaml, Fuse Esb Enterprise, Fuse Management Console and 7 more 2025-04-11 N/A
The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, and (4) SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote attackers to conduct XML external entity (XXE) attacks via a crafted XML DOCTYPE declaration.
CVE-2013-4002 10 Apache, Canonical, Hp and 7 more 31 Xerces2 Java, Ubuntu Linux, Hp-ux and 28 more 2025-04-11 N/A
XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names.