CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2020-14340

all versions

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between g

5.9MEDIUM

CVE-2012-5626

all versions

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat

7.5HIGH

CVE-2008-5083

>= 2.1.0 and < 2.1.2

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.

6.5MEDIUM

CVE-2013-4374

all versions

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.

7.1HIGH

CVE-2010-0737

< 2.3.1

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, whic

8.0HIGH

CVE-2019-3834

> 3.2.1 and < 3.3.11

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to m

7.3HIGH

CVE-2015-7501

all versions

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp

9.8CRITICAL

CVE-2016-6330

all versions

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communicati

9.8CRITICAL

CVE-2016-5422

<= 3.3.6

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the

8.8HIGH

CVE-2016-3737

<= 3.3.5

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted

9.8CRITICAL

CVE-2015-3267

<= 3.3.2

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote atta

CVE-2015-0297

all versions

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute

CVE-2014-7853

all versions

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does n

CVE-2012-0032

<= 3.0

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client,

CVE-2011-4573

<= 2.4.1

Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticat

CVE-2012-1100

<= 2.4.1

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bi

CVE-2012-0062

<= 2.4.1

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an

CVE-2012-0052

<= 2.4.1

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote a

CVE-2013-4452

all versions

Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which

CVE-2013-4373

all versions

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary d

CVE-2013-4293

all versions

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensiti

CVE-2013-2165

all versions

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat

CVE-2011-3206

<= 2.4.1

Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Netw