Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Data Virtualization
Subscriptions
Total
63 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3530 | 1 Redhat | 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more | 2024-08-06 | N/A |
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-3481 | 1 Redhat | 6 Jboss Data Grid, Jboss Data Virtualization, Jboss Enterprise Application Platform and 3 more | 2024-08-06 | N/A |
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary files via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-3490 | 1 Redhat | 11 Enterprise Linux, Jboss Bpms, Jboss Brms and 8 more | 2024-08-06 | N/A |
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818. | ||||
CVE-2014-0227 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2024-08-06 | N/A |
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | ||||
CVE-2014-0193 | 2 Netty, Redhat | 10 Netty, Jboss Amq, Jboss Bpms and 7 more | 2024-08-06 | N/A |
WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7.1, 3.8.x before 3.8.2, 3.9.x before 3.9.1, and 4.0.x before 4.0.19 allows remote attackers to cause a denial of service (memory consumption) via a TextWebSocketFrame followed by a long stream of ContinuationWebSocketFrames. | ||||
CVE-2014-0170 | 2 Jboss, Redhat | 2 Teiid, Jboss Data Virtualization | 2024-08-06 | N/A |
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-0119 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2024-08-06 | N/A |
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. | ||||
CVE-2014-0171 | 2 Odata4j Project, Redhat | 2 Odata4j, Jboss Data Virtualization | 2024-08-06 | N/A |
XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. | ||||
CVE-2014-0096 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2024-08-06 | N/A |
java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
CVE-2014-0075 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2024-08-06 | N/A |
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. | ||||
CVE-2014-0099 | 2 Apache, Redhat | 11 Tomcat, Enterprise Linux, Jboss Bpms and 8 more | 2024-08-06 | N/A |
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. | ||||
CVE-2014-0058 | 1 Redhat | 8 Jboss Bpms, Jboss Brms, Jboss Data Grid and 5 more | 2024-08-06 | N/A |
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | ||||
CVE-2014-0059 | 1 Redhat | 7 Jboss Bpms, Jboss Brms, Jboss Data Grid and 4 more | 2024-08-06 | N/A |
JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise Application Platform (EAP) before 6.2.3, use world-readable permissions on audit.log, which allows local users to obtain sensitive information by reading this file. | ||||
CVE-2015-7501 | 1 Redhat | 22 Data Grid, Enterprise Linux, Jboss A-mq and 19 more | 2024-08-06 | N/A |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
CVE-2015-3253 | 3 Apache, Oracle, Redhat | 14 Groovy, Health Sciences Clinical Development Center, Retail Order Broker Cloud Service and 11 more | 2024-08-06 | N/A |
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object. | ||||
CVE-2015-3254 | 2 Apache, Redhat | 4 Thrift, Jboss Amq, Jboss Data Virtualization and 1 more | 2024-08-06 | N/A |
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | ||||
CVE-2015-1818 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2024-08-06 | N/A |
XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery (SSRF) attacks, and have other unspecified impact via a crafted XML document. | ||||
CVE-2016-7034 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2024-08-06 | N/A |
The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly handle CSRF tokens generated during an active session and includes them in query strings, which makes easier for remote attackers to (1) bypass CSRF protection mechanisms or (2) conduct cross-site request forgery (CSRF) attacks by obtaining an old token. | ||||
CVE-2016-6343 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2024-08-06 | N/A |
JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. | ||||
CVE-2016-4434 | 2 Apache, Redhat | 4 Tika, Jboss Bpms, Jboss Data Virtualization and 1 more | 2024-08-06 | N/A |
Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175. |