Lucene search

K
RedhatJboss Enterprise Application Platform

11 matches found

CVE
CVE
added 2021/12/14 12:15 p.m.1080 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS
CVE
CVE
added 2021/06/01 2:15 p.m.671 views

CVE-2021-32027

A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vul...

8.8CVSS7.6AI score0.00491EPSS
CVE
CVE
added 2021/10/08 5:15 p.m.305 views

CVE-2021-32029

A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

6.5CVSS7.2AI score0.00243EPSS
CVE
CVE
added 2021/05/28 11:15 a.m.300 views

CVE-2020-25710

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

7.5CVSS7.2AI score0.02005EPSS
CVE
CVE
added 2021/05/20 1:15 p.m.199 views

CVE-2021-3536

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

4.8CVSS5AI score0.00284EPSS
CVE
CVE
added 2021/08/05 9:15 p.m.163 views

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

5.3CVSS5.3AI score0.00222EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.137 views

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

6.1CVSS5.7AI score0.00432EPSS
CVE
CVE
added 2021/03/23 9:15 p.m.128 views

CVE-2019-19343

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be...

7.5CVSS7.3AI score0.00507EPSS
CVE
CVE
added 2021/06/02 1:15 p.m.127 views

CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

5.9CVSS5.5AI score0.00344EPSS
CVE
CVE
added 2021/12/23 8:15 p.m.94 views

CVE-2021-20318

The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.

7.2CVSS7.4AI score0.02131EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.51 views

CVE-2020-14317

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script ...

5.5CVSS4.5AI score0.00042EPSS