CVE-2016-5406 (jboss_enterprise_application_platform)
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
Source: CVE-2016-5406 (jboss_enterprise_application_platform)
CVE-2016-5406
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
Source: CVE-2016-5406
CVE-2016-5395 (ranger)
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
Source: CVE-2016-5395 (ranger)
CVE-2016-5395
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
Source: CVE-2016-5395
CVE-2016-4993 (jboss_enterprise_application_platform, jboss_wildfly_application_server)
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Source: CVE-2016-4993 (jboss_enterprise_application_platform, jboss_wildfly_application_server)
CVE-2016-4993
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as usued in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
Source: CVE-2016-4993
CVE-2016-4303 (iperf, leap, opensuse, suse_package_hub_for_suse_linux_enterprise)
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Source: CVE-2016-4303 (iperf, leap, opensuse, suse_package_hub_for_suse_linux_enterprise)
CVE-2016-4303
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.
Source: CVE-2016-4303
CVE-2016-3110 (jboss_enterprise_web_server)
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
CVE-2016-3110
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
Source: CVE-2016-3110