8 matches found
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is receiv...
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
CVE-2011-3923
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
CVE-2012-2148
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
CVE-2014-3699
eDeploy has RCE via cPickle deserialization of untrusted data
CVE-2014-3701
eDeploy has tmp file race condition flaws
CVE-2014-3655
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
CVE-2014-3700
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data