CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

RedhatCVE•added 2024/12/09 4:57 p.m.•8 views

CVE-2024-12369

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with t...

4.2CVSS7.4AI score0.00121EPSS

Exploits0References3

Github Security Blog•added 2022/05/17 12:15 a.m.•30 views

Improper Neutralization of CRLF Sequences in Wildfly Undertow

CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors...

6.1CVSS4.5AI score0.01476EPSS

Exploits0References13Affected Software1

RedhatCVE•added 2020/12/06 11:49 a.m.•86 views

CVE-2018-7489

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of th...

9.8CVSS1.1AI score0.82379EPSS

Exploits7References2

NVD•added 2016/09/26 2:59 p.m.•13 views

CVE-2016-5406

The domain controller in Red Hat JBoss Enterprise Application Platform EAP 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves...

8.8CVSS8.6AI score0.01504EPSS

Exploits0References9

NVD•added 2016/09/26 2:59 p.m.•23 views

CVE-2016-4993

6.1CVSS5.9AI score0.01476EPSS

Exploits0References11