Lucene search
K

17 matches found

vulnersOsv
vulnersOsv
added 2022/02/10 11:5 p.m.5 views

ai.dstack:server-base-local (>=0.0.12 <=0.1.15), ai.hyacinth.framework:core-service-jpa-support (=0.5.24) +1374 more potentially affected by CVE-2019-14900 via org.hibernate:hibernate-core (>=5.4.0.CR1 <=5.4.17.Final)

org.hibernate:hibernate-core MAVEN version =5.4.0.CR1, =0.0.12, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.1.0 and more Source cves: CVE-2019-14900 Source advisory: OSV:GHSA-8GRG-Q944-CCH5...

6.5CVSS6.7AI score0.02126EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/02/10 11:5 p.m.3 views

org.hibernate.orm.tooling:hibernate-enhance-maven-plugin (=5.5.0.Alpha1), org.hibernate:hibernate-agroal (=5.5.0.Alpha1) +16 more potentially affected by CVE-2019-14900 via org.hibernate:hibernate-core (=5.5.0.Alpha1)

org.hibernate:hibernate-core MAVEN version =5.5.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate:hibernate-core and may be impacted: - org.hibernate.orm.tooling:hibernate-enhance-maven-plugin =5.5.0.Alpha1 -...

6.5CVSS6.7AI score0.02126EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/05/14 9:22 p.m.32 views

Security Bulletin: Hibernate ORM Vulnerabilities Affect IBM Control Center (CVE-2019-14900, CVE-2020-25638)

Summary Hibernate ORM is vulnerable to SQL injection. Vulnerability Details CVEID: CVE-2019-14900 DESCRIPTION: Hibernate ORM is vulnerable to SQL injection. The implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the...

7.4CVSS1.1AI score0.02907EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.176 views

Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update

A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

9.8CVSS8AI score0.95586EPSS
Exploits12References39
RedHat Linux
RedHat Linux
added 2020/10/14 11:16 a.m.98 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 1.7.5 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

8.8CVSS6.9AI score0.09438EPSS
Exploits0References9
OSV
OSV
added 2020/09/16 12:24 p.m.12 views

SUSE-SU-2020:2650-1 Security update for SUSE Manager Server 4.0

This update fixes the following issues: hibernate5: - Address CVE-2019-14900 bsc1172079 image-sync-formula: - Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default /srv/saltboot if that pillar is missing s...

9.3CVSS8.4AI score0.99019EPSS
Exploits8References32
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.61 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 8 (RHSA-2020:3639)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3639 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

9.8CVSS7.5AI score0.26587EPSS
Exploits5References65
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.46 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.2.9 on RHEL 7 (RHSA-2020:3638)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3638 advisory. This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platfor...

9.8CVSS7.5AI score0.26587EPSS
Exploits5References65
RedHat Linux
RedHat Linux
added 2020/08/31 3:40 p.m.110 views

Important: Red Hat Security Advisory: EAP Continuous Delivery Technical Preview Release 20 security update

This is a security update for JBoss EAP Continuous Delivery 20. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9.8CVSS7.2AI score0.17044EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.89 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.09438EPSS
Exploits0References33
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.94 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.09438EPSS
Exploits0References32
RedHat Linux
RedHat Linux
added 2020/08/17 1:28 p.m.105 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

9.8CVSS7AI score0.09438EPSS
Exploits0References32
RedHat Linux
RedHat Linux
added 2020/08/17 1:25 p.m.98 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.2 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7AI score0.09438EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2020/08/17 12:0 a.m.53 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3463)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3463 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS7.6AI score0.09438EPSS
Exploits0References48
Tenable Nessus
Tenable Nessus
added 2020/08/17 12:0 a.m.53 views

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.2 (RHSA-2020:3461)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3461 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...

9.8CVSS7.6AI score0.09438EPSS
Exploits0References47
Circl
Circl
added 2020/07/06 10:55 p.m.5 views

CVE-2019-14900

creationtimestamp| type| source ---|---|--- 2020-07-06 22:55:28+00:00| seen| https://t.me/cibsecurity/13266...

6.5CVSS6.4AI score0.02126EPSS
Exploits0References1
CVE
CVE
added 2020/07/06 6:35 p.m.289 views

CVE-2019-14900

CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...

6.5CVSS6.7AI score0.02126EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder