VIR Vulnerability Intelligence Relay

Search

Found 673 results in 109ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2013-6447 medium 5.0 redhat 13y ago Multiple XML External Entity (XXE) vulnerabilities in the (1) ExecutionHandler, (2) PollHandler, and (3) SubscriptionHandler classes in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier…
CVE-2013-2152 high 7.2 redhat 13y ago Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspeci…
CVE-2013-2151 high 7.2 redhat 13y ago Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.
CVE-2013-2185 high 7.5 apacheredhat 13y ago Deserialization of Untrusted Data in Apache Tomcat
CVE-2013-2050 high 8.5 EXP redhat 13y ago SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authentica…
CVE-2010-0430 high 7.4 FIX debian debian redhat 13y ago libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write t…
CVE-2013-4424 medium 4.3 redhat 13y ago Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6391 medium 5.8 FIX debian debianubuntu ubuntu openstackredhat 13y ago The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to …
CVE-2013-4400 high 7.2 FIX debian debian redhat 13y ago virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
CVE-2013-2133 medium 5.5 rhel redhat 13y ago The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS S…
CVE-2013-4214 medium 6.3 nagiosredhat 13y ago rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when MAGPIE_CACHE_ON is set to 1, allows local users to overwrite arbitrary files via a symlink attack on /tmp/magpie_cache.
CVE-2013-2029 medium 6.3 redhat 13y ago nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary n…
CVE-2013-4485 medium 4.0 FIX debian debian rhel fedoraprojectredhat 13y ago 389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to cause a denial of service (crash) via multiple @ characters in a GER attribute list…
CVE-2013-4386 high 7.5 redhattheforeman 13y ago Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup paramet…
CVE-2013-4480 high 7.5 redhatsuse 13y ago Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
CVE-2013-4282 medium 5.0 FIX sles rheldebian debian spice_projectredhat 13y ago Stack-based buffer overflow in the reds_handle_ticket function in server/reds.c in SPICE 0.12.0 allows remote attackers to cause a denial of service (crash) via a long password in a SPICE ticket.
CVE-2013-4401 high 8.5 FIX debian debian redhat 13y ago The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write…
CVE-2013-4185 medium 4.0 FIX debian debian openstackredhat 13y ago Algorithmic complexity vulnerability in OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote …
CVE-2013-2186 high 7.5 FIX debian debian redhat 13y ago Arbitrary file write in Apache Commons Fileupload
CVE-2012-4529 medium 4.3 redhat 13y ago The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a…
CVE-2013-4344 high 7.2 FIX slesubuntu ubuntu rhel qemuredhat 13y ago Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when a SCSI controller has more than 256 attached devices, allows local users to gain privileges via a small transfer buffer in a R…
CVE-2013-4311 medium 4.6 FIX debian debianubuntu ubuntu rhel redhat 13y ago libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c…
CVE-2013-4210 medium 5.0 redhat 13y ago The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other prod…
CVE-2013-4222 medium 6.5 FIX debian debianubuntu ubuntufedora fedora openstackredhat 13y ago OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users …
CVE-2013-5651 medium 5.0 FIX debian debian redhat 13y ago The virBitmapParse function in util/virbitmap.c in libvirt before 1.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a crafted bitmap, as demonst…
CVE-2013-4297 medium 4.0 FIX debian debian redhat 13y ago The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via …
CVE-2013-4296 medium 4.0 FIX ubuntu ubuntu rheldebian debian redhat 13y ago The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated u…
CVE-2013-4291 medium 6.9 FIX debian debian redhat 13y ago The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to…
CVE-2013-4239 medium 4.0 FIX debian debian redhat 13y ago The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the…
CVE-2013-4154 medium 4.3 FIX debian debian redhat 13y ago The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors rela…
CVE-2013-4153 medium 5.0 FIX debian debian redhat 13y ago Double free vulnerability in the qemuAgentGetVCPUs function in qemu/qemu_agent.c in libvirt 1.0.6 through 1.1.0 allows remote attackers to cause a denial of service (daemon crash) via a cpu count req…
CVE-2013-2230 medium 4.0 FIX debian debian redhat 13y ago The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows remote authenticated users to cause a denial of service (daemon crash) via unspecified vectors involving "multiple events registrat…
CVE-2013-2218 medium 6.0 EXPFIX slesdebian debian redhat 13y ago Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a…
CVE-2013-4372 medium 4.3 redhat 13y ago Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrar…
CVE-2013-4112 medium 5.4 FIX debian debian jgroupsredhat 13y ago Exposure of Sensitive Information to an Unauthorized Actor in JGroup
CVE-2013-4182 high 7.5 redhattheforeman 13y ago app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
CVE-2013-4181 medium 4.3 redhat 13y ago Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise …
CVE-2013-4180 medium 5.0 redhattheforeman 13y ago The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted …
CVE-2013-2035 medium 4.4 FIX debian debian redhat 13y ago Improper Control of Generation of Code in HawtJNI
CVE-2013-2176 high 7.2 redhat 13y ago Unquoted Windows search path vulnerability in the Red Hat Enterprise Virtualization Application Provisioning Tool (RHEV-APT) in the rhev-guest-tools-iso package 3.2 allows local users to gain privile…
CVE-2013-4172 high 8.5 redhat 13y ago The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
CVE-2012-5575 medium 6.4 apacheredhat 13y ago Inadequate Encryption Strength in Apache CXF
CVE-2013-2175 medium 5.0 FIX ubuntu ubuntudebian debian redhathaproxy 13y ago HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (ne…
CVE-2013-4213 medium 6.4 redhat 13y ago Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
CVE-2013-4128 medium 6.4 redhat 13y ago Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
CVE-2013-2219 medium 4.0 FIX debian debian fedoraprojectredhat 13y ago The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information vi…
CVE-2013-2121 medium 7.0 EXP redhattheforeman 13y ago Eval injection vulnerability in the create method in the Bookmarks controller in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create bookmarks to execute arbitrary c…
CVE-2013-2113 medium 7.0 EXP redhattheforeman 13y ago The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changin…
CVE-2013-2056 medium 5.0 redhat 13y ago The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) Satellite 5.3, 5.4, and 5.5 does not properly check client "authenticity," which allows remote attackers to obtain channel content by…
CVE-2013-2882 high 7.5 debian debian googleredhatnodejs 13y ago Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2011-1483 medium 5.0 redhathp 13y ago JBossWS vulnerable to uncontrolled recursion
CVE-2013-2165 high 7.5 redhat 13y ago Remote code execution due to insecure deserialization
CVE-2013-1896 medium 4.3 FIX debian debian rhelubuntu ubuntu apacheredhat 13y ago mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a M…
CVE-2013-1976 medium 6.9 rhel redhat 13y ago The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in the RPM distribution of Tomcat for JBoss Enterprise Web Server 1.0.2 and 2.0.0, and Red Hat Enterprise Linux 5 and 6, allow loca…
CVE-2013-2144 medium 5.0 redhat 13y ago Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consump…
CVE-2013-1862 medium 5.1 FIX debian debiansuse suse rhel apacheredhatoracle 13y ago mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to exec…
CVE-2013-2069 high 7.2 redhat 13y ago Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which all…
CVE-2013-1962 medium 5.0 FIX debian debian redhat 13y ago The remoteDispatchStoragePoolListAllVolumes function in the storage pool manager in libvirt 1.0.5 allows remote attackers to cause a denial of service (file descriptor consumption) via a large number…
CVE-2013-2119 medium 4.6 phusionruby-langredhat 13y ago Phusion Passenger Denial of Service
CVE-2013-1927 medium 6.8 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, aka "GIFAR."
CVE-2013-1926 medium 5.8 FIX debian debiansuse suseubuntu ubuntu redhat 13y ago The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the same class loader for applets with the same codebase path but from different domains, which allows remote attackers to obtain sensi…
CVE-2013-0315 medium 5.0 redhat 13y ago The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entit…
CVE-2013-0314 high 7.5 redhat 13y ago The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents…
CVE-2012-3532 medium 6.8 redhat 13y ago Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie…
CVE-2013-1815 medium 6.1 6.1 redhat 13y ago A flaw was found in PackStack. This vulnerability allows a local user to modify deployed systems by changing the answer file, which is created in insecure directories such as /tmp or the current work…
CVE-2013-1823 medium 4.3 redhat 13y ago Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username f…
CVE-2013-0168 medium 4.0 redhat 13y ago The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to …
CVE-2012-5660 medium 6.9 redhat 13y ago abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml…
CVE-2012-5629 high 7.5 redhat 13y ago The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) …
CVE-2012-6118 medium 5.5 redhat 13y ago The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
CVE-2012-5647 medium 5.8 redhat 14y ago Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
CVE-2012-5646 high 7.5 redhat 14y ago node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATH_INFO.
CVE-2013-0170 medium 6.8 FIX debian debianubuntu ubuntu rhel redhat 14y ago Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allo…
CVE-2013-0166 medium 5.0 FIX debian debian opensslredhat 14y ago OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d does not properly perform signature verification for OCSP responses, which allows remote OCSP servers to cause a denial of service …
CVE-2012-5478 medium 4.9 redhat 14y ago The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly …
CVE-2012-3370 medium 5.8 redhat 14y ago The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 re…
CVE-2012-3369 medium 4.0 redhat 14y ago The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote att…
CVE-2012-0874 medium 7.8 EXP redhat 14y ago The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and …
CVE-2011-4575 medium 4.3 redhat 14y ago Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform …
CVE-2012-5484 high 7.9 redhat 14y ago The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedur…
CVE-2012-5531 medium 4.3 redhat 14y ago Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vector…
CVE-2012-4550 medium 5.3 5.3 redhat 14y ago A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans (EJB) access, the system does not correctly call the necessary authorization…
CVE-2012-4549 medium 6.5 6.5 redhat 14y ago A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all reque…
CVE-2012-5603 medium 5.5 redhat 14y ago proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users'…
CVE-2012-4556 medium 4.0 redhat 14y ago The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certai…
CVE-2012-4555 medium 4.0 redhat 14y ago The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…
CVE-2012-4543 medium 4.3 redhat 14y ago Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi…
CVE-2012-0861 medium 6.8 redhat 14y ago The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents …
CVE-2012-5622 medium 6.8 redhat 14y ago Cross-site request forgery (CSRF) vulnerability in the management console (openshift-console/app/controllers/application_controller.rb) in OpenShift 0.0.5 allows remote attackers to hijack the authen…
CVE-2012-5604 medium 4.3 redhat 14y ago ldap_fluff authentication bypass
CVE-2012-3515 high 7.2 FIX suse suse rheldebian debian qemuredhat 14y ago Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
CVE-2012-3431 medium 4.3 redhat 14y ago The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform before 5.3.0, does not encrypt login messages by default contrary to documentation and specifica…
CVE-2012-1167 medium 4.6 redhat 14y ago The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the ser…
CVE-2012-0818 medium 5.0 redhat 14y ago Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
CVE-2011-5245 medium 5.0 redhat 14y ago Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
CVE-2011-4605 high 7.5 redhat 14y ago The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.C…
CVE-2011-4085 medium 6.8 redhat 14y ago The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access…
CVE-2011-2908 medium 6.0 redhat 14y ago Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 al…
CVE-2011-1096 medium 5.0 redhat 14y ago The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block ch…
CVE-2012-4423 medium 5.0 FIX debian debian redhat 14y ago The virNetServerProgramDispatchCall function in libvirt before 0.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and segmentation fault) via an RPC call with (1) a…