17 matches found
ai.dstack:server-base-local (>=0.0.12 <=0.1.15), ai.hyacinth.framework:core-service-jpa-support (=0.5.24) +1374 more potentially affected by CVE-2019-14900 via org.hibernate:hibernate-core (>=5.4.0.CR1 <=5.4.17.Final)
org.hibernate:hibernate-core MAVEN version =5.4.0.CR1, =0.0.12, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0 and more Source cves: CVE-2019-14900 Source advisory: OSV:GHSA-8GRG-Q944-CCH5...
org.hibernate.orm.tooling:hibernate-enhance-maven-plugin (=5.5.0.Alpha1), org.hibernate:hibernate-agroal (=5.5.0.Alpha1) +16 more potentially affected by CVE-2019-14900 via org.hibernate:hibernate-core (=5.5.0.Alpha1)
org.hibernate:hibernate-core MAVEN version =5.5.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate:hibernate-core and may be impacted: - org.hibernate.orm.tooling:hibernate-enhance-maven-plugin =5.5.0.Alpha1 -...
Security Bulletin: Hibernate ORM Vulnerabilities Affect IBM Control Center (CVE-2019-14900, CVE-2020-25638)
Summary Hibernate ORM is vulnerable to SQL injection. Vulnerability Details CVEID: CVE-2019-14900 DESCRIPTION: Hibernate ORM is vulnerable to SQL injection. The implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the...
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Important: Red Hat Security Advisory: Red Hat build of Quarkus 1.7.5 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...
SUSE-SU-2020:2650-1 Security update for SUSE Manager Server 4.0
This update fixes the following issues: hibernate5: - Address CVE-2019-14900 bsc1172079 image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default /srv/saltboot if that pillar is missing s...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3639 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...
Important: Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update
This is a security update for JBoss EAP Continuous Delivery 20. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3463)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3463 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3461)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3461 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
CVE-2019-14900
creationtimestamp| type| source ---|---|--- 2020-07-06 22:55:28+00:00| seen| https://t.me/cibsecurity/13266...
CVE-2019-14900
CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...