Redhat

Jboss Data Grid

28 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-6875

  • EPSS 0.06%
  • Published 28.03.2025 20:34:30
  • Last modified 01.04.2025 20:26:30

A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.

6.5

CVE-2025-23366

  • EPSS 0.05%
  • Published 14.01.2025 18:16:06
  • Last modified 14.01.2025 18:16:06

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authentica...

7.4

CVE-2023-4639

  • EPSS 3.74%
  • Published 17.11.2024 11:15:05
  • Last modified 07.02.2025 17:15:29

A flaw was found in Undertow, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary addit...

2.7

CVE-2023-5384

  • EPSS 0.17%
  • Published 18.12.2023 14:15:11
  • Last modified 21.11.2024 08:41:39

A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration.

6.5

CVE-2023-5236

  • EPSS 0.1%
  • Published 18.12.2023 14:15:10
  • Last modified 25.09.2025 09:15:29

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory ...

6.5

CVE-2023-3629

  • EPSS 0.08%
  • Published 18.12.2023 14:15:08
  • Last modified 21.11.2024 08:17:42

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

6.5

CVE-2023-3628

  • EPSS 0.12%
  • Published 18.12.2023 14:15:08
  • Last modified 21.11.2024 08:17:42

A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

8.8

CVE-2022-1271

  • EPSS 0.72%
  • Published 31.08.2022 16:15:09
  • Last modified 09.06.2025 15:15:26

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file....

7.5

CVE-2021-4104

  • EPSS 72.2%
  • Published 14.12.2021 12:15:12
  • Last modified 21.11.2024 06:36:54

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...