Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-2378 | 4.3 |
Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before 2.6.1, does not properly enforce child policies of a WS-SecurityPolicy 1.1 SupportingToken policy on the client side, which allows remote attackers to bypass the (1) AlgorithmSuite
|
13-02-2023 - 04:33 | 05-01-2013 - 00:55 | |
CVE-2014-7812 | 3.5 |
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
|
13-02-2023 - 00:42 | 15-01-2015 - 15:59 | |
CVE-2014-7811 | 3.5 |
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
|
13-02-2023 - 00:42 | 15-01-2015 - 15:59 | |
CVE-2012-3451 | 4.3 |
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsistent with the message body.
|
13-02-2023 - 00:25 | 24-09-2012 - 17:55 | |
CVE-2012-2379 | 10.0 |
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impac
|
13-02-2023 - 00:24 | 03-01-2013 - 01:55 | |
CVE-2017-7514 | 3.5 |
A cross-site scripting (XSS) flaw was found in how the failed action entry is processed in Red Hat Satellite before version 5.8.0. A user able to specify a failed action could exploit this flaw to perform XSS attacks against other Satellite users.
|
12-02-2023 - 23:30 | 30-07-2018 - 15:29 | |
CVE-2008-0455 | 4.3 |
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use
|
21-09-2022 - 19:09 | 25-01-2008 - 01:00 | |
CVE-2012-2687 | 2.6 |
Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to in
|
06-06-2021 - 11:15 | 22-08-2012 - 19:55 | |
CVE-2012-2672 | 2.1 |
Oracle Mojarra 2.1.7 does not properly "clean up" the FacesContext reference during startup, which allows local users to obtain context information an access resources from another WAR file by calling the FacesContext.getCurrentInstance function.
|
29-08-2017 - 01:31 | 17-06-2012 - 03:41 | |
CVE-2012-4550 | 6.4 |
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being appl
|
07-05-2013 - 04:00 | 05-01-2013 - 00:55 | |
CVE-2012-4549 | 5.8 |
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB)
|
15-01-2013 - 05:00 | 05-01-2013 - 00:55 | |
CVE-2012-3428 | 4.3 |
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attack
|
08-01-2013 - 05:04 | 20-12-2012 - 12:02 |