CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2018-14667	High	89.4%	Red HatJBoss RichFaces Framework	Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.	Sep 28, 2023	KEV
CVE-2021-3560	High	12.4%	Red HatPolkit	Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.	May 12, 2023	KEV
CVE-2020-28949	High	93.0%	PEARArchive_Tar	PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.	Aug 25, 2022	KEV
CVE-2020-36193	High	71.1%	PEARArchive_Tar	PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.	Aug 25, 2022	KEV
CVE-2021-4034	High	87.1%	Red HatPolkit	The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.	Jun 27, 2022	KEV
CVE-2010-0738	High	90.9%	Red HatJBoss	The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.	May 25, 2022	KEV
CVE-2010-1428	High	65.3%	Red HatJBoss	Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.	May 25, 2022	KEV
CVE-2017-12149	High	94.3%	Red HatJBoss Application Server	The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.	Dec 10, 2021	KEV
CVE-2010-1871	High	93.8%	Red HatJBoss Seam 2	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.	Dec 10, 2021	KEV

CVE-2018-14667KEV

High

Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Red HatEPSS 89.4%

CVE-2021-3560KEV

High

Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.

Red HatEPSS 12.4%

CVE-2020-28949KEV

High

PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

PEAREPSS 93.0%

CVE-2020-36193KEV

High

PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

PEAREPSS 71.1%

CVE-2021-4034KEV

High

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

Red HatEPSS 87.1%

CVE-2010-0738KEV

High

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Red HatEPSS 90.9%

CVE-2010-1428KEV

High

Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.

Red HatEPSS 65.3%

CVE-2017-12149KEV

High

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

Red HatEPSS 94.3%

CVE-2010-1871KEV

High

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Red HatEPSS 93.8%