Filtered by vendor Redhat
Subscriptions
Total
22099 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4658 | 1 Redhat | 1 Ansible | 2024-11-21 | 5.5 Medium |
| The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file. | ||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2024-11-21 | 9.8 Critical |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | ||||
| CVE-2014-4651 | 2 Apache, Redhat | 2 Jclouds, Jboss Fuse | 2024-11-21 | 9.8 Critical |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | ||||
| CVE-2014-4650 | 2 Python, Redhat | 4 Python, Enterprise Linux, Rhel Software Collections and 1 more | 2024-11-21 | 9.8 Critical |
| The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator. | ||||
| CVE-2014-4607 | 2 Oberhumer, Redhat | 3 Liblzo2, Lzo2, Enterprise Linux | 2024-11-21 | 8.8 High |
| Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run. | ||||
| CVE-2014-4172 | 4 Apereo, Debian, Fedoraproject and 1 more | 6 .net Cas Client, Java Cas Client, Phpcas and 3 more | 2024-11-21 | 9.8 Critical |
| A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java. | ||||
| CVE-2014-3701 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 8.1 High |
| eDeploy has tmp file race condition flaws | ||||
| CVE-2014-3700 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | ||||
| CVE-2014-3699 | 1 Redhat | 2 Edeploy, Jboss Enterprise Web Server | 2024-11-21 | 9.8 Critical |
| eDeploy has RCE via cPickle deserialization of untrusted data | ||||
| CVE-2014-3656 | 1 Redhat | 1 Jboss Keycloak | 2024-11-21 | 6.1 Medium |
| JBoss KeyCloak: XSS in login-status-iframe.html | ||||
| CVE-2014-3655 | 1 Redhat | 2 Jboss Enterprise Web Server, Keycloak | 2024-11-21 | 4.3 Medium |
| JBoss KeyCloak is vulnerable to soft token deletion via CSRF | ||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2024-11-21 | 6.1 Medium |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | ||||
| CVE-2014-3650 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 5.4 Medium |
| Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. | ||||
| CVE-2014-3649 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 6.1 Medium |
| JBoss AeroGear has reflected XSS via the password field | ||||
| CVE-2014-3648 | 1 Redhat | 1 Jboss Aerogear | 2024-11-21 | 7.5 High |
| The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. | ||||
| CVE-2014-3599 | 1 Redhat | 1 Hornetq | 2024-11-21 | 6.5 Medium |
| HornetQ REST is vulnerable to XML External Entity due to insecure configuration of RestEasy | ||||
| CVE-2014-3592 | 1 Redhat | 1 Openshift Origin | 2024-11-21 | 6.1 Medium |
| OpenShift Origin: Improperly validated team names could allow stored XSS attacks | ||||
| CVE-2014-3590 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 6.5 Medium |
| Versions of Foreman as shipped with Red Hat Satellite 6 does not check for a correct CSRF token in the logout action. Therefore, an attacker can log out a user by having them view specially crafted content. | ||||
| CVE-2014-3585 | 1 Redhat | 3 Enterprise Linux, Redhat-upgrade-tool, Rhel Extras Other | 2024-11-21 | 9.8 Critical |
| redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | ||||
| CVE-2014-3536 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 5.5 Medium |
| CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration | ||||