CVE-2019-1559

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...

CVE-2019-19906

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

CVE-2011-3923

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

CVE-2012-2148

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

CVE-2014-3699

eDeploy has RCE via cPickle deserialization of untrusted data

CVE-2014-3701

eDeploy has tmp file race condition flaws

CVE-2014-3655

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

CVE-2014-3700

eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data