ReportizFlow
Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Amq
Subscriptions
Total
102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0109 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (memory consumption) via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error. | ||||
| CVE-2014-0110 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service (/tmp disk consumption) via a large invalid SOAP message. | ||||
| CVE-2014-1904 | 2 Pivotal Software, Redhat | 3 Spring Framework, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. | ||||
| CVE-2015-0263 | 2 Apache, Redhat | 6 Camel, Jboss Amq, Jboss Bpms and 3 more | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. | ||||
| CVE-2015-3192 | 4 Fedoraproject, Pivotal Software, Redhat and 1 more | 8 Fedora, Spring Framework, Jboss Amq and 5 more | 2025-04-12 | N/A |
| Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file. | ||||
| CVE-2014-3623 | 2 Apache, Redhat | 8 Cxf, Wss4j, Jboss Amq and 5 more | 2025-04-12 | N/A |
| Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors. | ||||
| CVE-2014-3612 | 2 Apache, Redhat | 6 Activemq, Fuse Esb Enterprise, Fuse Management Console and 3 more | 2025-04-12 | N/A |
| The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6524 for the use of wildcard operators in usernames. | ||||
| CVE-2016-0734 | 2 Apache, Redhat | 3 Activemq, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| The web-based administration console in Apache ActiveMQ 5.x before 5.13.2 does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element. | ||||
| CVE-2014-0002 | 2 Apache, Redhat | 9 Camel, Fuse Esb Enterprise, Fuse Management Console and 6 more | 2025-04-12 | N/A |
| The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3577 | 2 Apache, Redhat | 18 Httpasyncclient, Httpclient, Enterprise Linux and 15 more | 2025-04-12 | N/A |
| org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field. | ||||
| CVE-2013-6429 | 3 Pivotal Software, Redhat, Vmware | 4 Spring Framework, Jboss Amq, Jboss Fuse and 1 more | 2025-04-11 | N/A |
| The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315. | ||||
| CVE-2013-4152 | 3 Redhat, Springsource, Vmware | 6 Jboss Amq, Jboss Enterprise Soa Platform, Jboss Fuse and 3 more | 2025-04-11 | N/A |
| The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. | ||||
| CVE-2013-4221 | 2 Redhat, Restlet | 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more | 2025-04-11 | N/A |
| The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML. | ||||
| CVE-2013-4271 | 2 Redhat, Restlet | 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more | 2025-04-11 | N/A |
| The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221. | ||||
| CVE-2013-4372 | 1 Redhat | 6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page. | ||||
| CVE-2013-4330 | 2 Apache, Redhat | 10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more | 2025-04-11 | N/A |
| Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. | ||||
| CVE-2013-2035 | 1 Redhat | 12 Fuse Mq Enterprise, Hawtjni, Jboss Amq and 9 more | 2025-04-11 | N/A |
| Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp. | ||||
| CVE-2012-5783 | 3 Apache, Canonical, Redhat | 12 Httpclient, Ubuntu Linux, Enterprise Linux and 9 more | 2025-04-11 | N/A |
| Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2013-2192 | 2 Apache, Redhat | 4 Hadoop, Jboss Amq, Jboss Fuse and 1 more | 2025-04-11 | N/A |
| The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attackers to disable bidirectional authentication and obtain sensitive information by forcing a downgrade to simple authentication. | ||||
| CVE-2022-23307 | 4 Apache, Oracle, Qos and 1 more | 44 Chainsaw, Log4j, Advanced Supply Chain Planning and 41 more | 2024-11-21 | 8.8 High |
| CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. | ||||