5 matches found
CVE-2021-4104
CVE-2021-4104 affects JMSAppender in Log4j 1.2 when it is explicitly configured to use JMSAppender. A deserialization of untrusted data can occur if an attacker can write Log4j configuration and supply TopicBindingName and TopicConnectionFactoryBindingName, causing JMSAppender to perform JNDI req...
CVE-2015-7501
CVE-2015-7501 involves a deserialization flaw in Apache Commons Collections that affects Red Hat JBoss Middleware stack (A-MQ 6.x; BPMS 6.x; BRMS 5.x/6.x; JDG 6.x/5.x; JDV 6.x/5.x; AEP 6.x; Fuse 6.x; FSW 6.x; JBoss ON 3.x; Portal 6.x; SOA-P 5.x; JWS 3.x; OpenShift/xPaaS 3.x; Subscription Asset Ma...
CVE-2020-14340
CVE-2020-14340 affects XNIO prior to the fix in RHSA-2020:4246. A file descriptor leak occurs due to growing NIO Selector handles across garbage collection cycles, enabling a denial-of-service condition. Affected: XNIO 3.6.0.Beta1 through 3.8.1.Final. Root cause: leak in file descriptor managemen...
CVE-2014-0170
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 are affected by an XML External Entity (XXE) vulnerability. A remote attacker could read arbitrary files via a crafted request to a REST endpoint. The Red Hat advisory RHSA-2014:1284 confirms a fix in Red...
CVE-2014-0171
An XXE vulnerability (CVE-2014-0171) affects StaxXMLFactoryProvider2 in Odata4j used by Red Hat JBoss Data Virtualization prior to 6.0.0 patch 4. The flaw lets a remote attacker submit a crafted XML payload via a REST endpoint that resolves external entities and can read arbitrary files on the se...