Lucene search
+L

236 matches found

RedHat Linux
RedHat Linux
added 2025/07/07 1:35 p.m.2 views

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

6.2CVSS6.5AI score0.00921EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/07 1:27 p.m.3 views

org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

6.2CVSS6.5AI score0.00921EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/07 12:0 a.m.4 views

Red Hat JBoss Enterprise Application Platform和Red Hat Wildfly 代码问题漏洞

Red Hat JBoss Enterprise Application Platform EAP and Red Hat Wildfly are both products of Red Hat, Inc.Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform. J2EE-based middleware platform. The platform is mainly used for building, deploying and hosting...

6.2CVSS6.6AI score0.00921EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.4 views

PT-2025-15231

Name of the Vulnerable Software and Affected Versions WildFly affected versions not specified JBoss Enterprise Application Platform EAP affected versions not specified Description A security flaw exists within the Enterprise JavaBeans EJB remote invocation mechanism, stemming from untrusted data...

6.2CVSS7.1AI score0.00921EPSS
Exploits0References18
CNNVD
CNNVD
added 2025/03/31 12:0 a.m.5 views

EJBCA 注入漏洞

EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. An injection vulnerability exists in EJBCA version 8.0 that stems from a redirection attack that could result from modifying the Host header...

6.1CVSS7.1AI score0.00215EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2024/03/08 12:0 a.m.18 views

Fedora: Security Advisory for aopalliance (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS9.2AI score0.02578EPSS
Exploits3References2
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: scannotation-1.0.3-0.33.r12.fc40

Scannotation is a Java library that creates an annotation database from a set of .class files.This database is really just a set of maps that in dex what annotations are used and what classes are using them. Why do you need th is? What if you are an annotation framework like an EJB 3.0 container...

8.8CVSS9AI score0.02578EPSS
Exploits3
OSV
OSV
added 2024/03/06 11:9 a.m.47 views

BIT-WILDFLY-2020-10740

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application BeansEJB due to lack of validation/filtering capabilities in wildfly...

7.5CVSS8.3AI score0.0172EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2023/08/18 12:0 a.m.23 views

Red Hat WildFly < 20.0.0 Multiple Vulnerabilities

Red Hat WildFly is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:redhat:wildfly";...

7.5CVSS7.6AI score0.0172EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2023/03/01 10:2 p.m.4 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.7 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.5 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/01/02 5:18 p.m.8 views

CVE-2014-125038 IS_Projecto2 NewsBean.java sql injection

A vulnerability has been found in ISProjecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It i...

5.5CVSS7.8AI score0.00657EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/12/06 12:0 a.m.65 views

RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.8 Security update (Low) (RHSA-2022:8790)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:8790 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat...

4.9CVSS6.3AI score0.00787EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2022/12/05 9:10 p.m.23 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

4.9CVSS6.4AI score0.00787EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2022/12/05 9:9 p.m.6 views

Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations

A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LASTCHUNK from the bytes, causing a denial of service...

4.9CVSS6.6AI score0.00787EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/12/05 9:9 p.m.24 views

Low: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.8 Security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...

4.9CVSS6.4AI score0.00787EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.58 views

Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8

New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS7.2AI score0.63211EPSS
Exploits8References8
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.6 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00842EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.7 views

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

5.3CVSS5.8AI score0.00842EPSS
Exploits0References4
Rows per page
Query Builder