Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Application Platform
Subscriptions
Total
562 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3558 | 1 Redhat | 6 Hibernate Validator, Jboss Bpms, Jboss Brms and 3 more | 2025-04-12 | N/A |
| ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager (JSM) restrictions and execute restricted reflection calls via a crafted application. | ||||
| CVE-2014-3570 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-12 | N/A |
| The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. | ||||
| CVE-2014-0109 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | ||||
| CVE-2014-0099 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2025-04-12 | N/A |
| Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | ||||
| CVE-2016-6346 | 1 Redhat | 6 Jboss Bpms, Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform and 3 more | 2025-04-12 | N/A |
| RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2014-7827 | 1 Redhat | 3 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform | 2025-04-12 | N/A |
| The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | ||||
| CVE-2014-7849 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2025-04-12 | N/A |
| The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | ||||
| CVE-2014-7853 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2025-04-12 | N/A |
| The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute. | ||||
| CVE-2014-8122 | 1 Redhat | 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more | 2025-04-12 | N/A |
| Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. | ||||
| CVE-2014-0093 | 1 Redhat | 5 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 2 more | 2025-04-12 | N/A |
| Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2014-0059 | 1 Redhat | 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more | 2025-04-12 | N/A |
| JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2016-3110 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-12 | N/A |
| mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element. | ||||
| CVE-2014-0098 | 4 Apache, Canonical, Oracle and 1 more | 7 Http Server, Ubuntu Linux, Http Server and 4 more | 2025-04-12 | N/A |
| The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | ||||
| CVE-2015-0293 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 5 more | 2025-04-12 | N/A |
| The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure and daemon exit) via a crafted CLIENT-MASTER-KEY message. | ||||
| CVE-2014-0058 | 1 Redhat | 8 Jboss Bpms, Jboss Brms, Jboss Data Grid and 5 more | 2025-04-12 | N/A |
| The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | ||||
| CVE-2014-0050 | 3 Apache, Oracle, Redhat | 16 Commons Fileupload, Tomcat, Retail Applications and 13 more | 2025-04-12 | N/A |
| MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. | ||||
| CVE-2016-0800 | 3 Openssl, Pulsesecure, Redhat | 11 Openssl, Client, Steel Belted Radius and 8 more | 2025-04-12 | N/A |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | ||||
| CVE-2014-0034 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. | ||||
| CVE-2015-3197 | 3 Openssl, Oracle, Redhat | 13 Openssl, Exalogic Infrastructure, Oss Support Tools and 10 more | 2025-04-12 | N/A |
| ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. | ||||
| CVE-2016-3092 | 5 Apache, Canonical, Debian and 2 more | 9 Commons Fileupload, Tomcat, Ubuntu Linux and 6 more | 2025-04-12 | N/A |
| The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (CPU consumption) via a long boundary string. | ||||