|
250581
|
6.5 |
MEDIUM
Network
|
redhat
|
jboss_enterprise_application_platform
|
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal.
|
CWE-22
Path Traversal
|
CVE-2017-2595
|
2024-11-21 12:23 |
2018-07-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250582
|
7.5 |
HIGH
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenSh…
|
-
|
CVE-2017-2639
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250583
|
6.5 |
MEDIUM
Network
|
redhat
debian
|
undertow
jboss_enterprise_application_platform
debian_linux
|
It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid charac…
|
CWE-444
HTTP Request Smuggling
|
CVE-2017-2666
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250584
|
5.5 |
MEDIUM
Local
|
redhat
|
openstack
|
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access…
|
-
|
CVE-2017-2622
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250585
|
6.5 |
MEDIUM
Network
|
redhat
|
keycloak
jboss_enterprise_application_platform
|
It was found that while parsing the SAML messages the StaxParserUtil class of keycloak before 2.5.1 replaces special strings for obtaining attribute values with system property. This could allow an a…
|
CWE-200
Information Exposure
|
CVE-2017-2582
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250586
|
9.0 |
CRITICAL
Network
|
redhat
hawt
|
jboss_fuse
hawtio
|
It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and …
|
NVD-CWE-noinfo
|
CVE-2017-2589
|
2024-11-21 12:23 |
2018-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250587
|
6.5 |
MEDIUM
Network
|
redhat
|
cloudforms
cloudforms_management_engine
|
CloudForms Management Engine (cfme) before 5.7.3 and 5.8.x before 5.8.1 lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a vari…
|
NVD-CWE-noinfo
|
CVE-2017-2664
|
2024-11-21 12:23 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250588
|
10.0 |
CRITICAL
Network
|
redhat
|
openstack
|
A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable libvirtd based live-migration. Libvirtd is deployed by default (by director) listening on 0.0.0.0 (al…
|
-
|
CVE-2017-2637
|
2024-11-21 12:23 |
2018-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250589
|
7.2 |
HIGH
Network
|
redhat
|
openstack
|
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and uninte…
|
-
|
CVE-2017-2673
|
2024-11-21 12:23 |
2018-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
250590
|
6.5 |
MEDIUM
Network
|
infinispan
redhat
|
infinispan
jboss_data_grid
|
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a …
|
CWE-287
Improper Authentication
|
CVE-2017-2638
|
2024-11-21 12:23 |
2018-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
