Redhat

Jboss Enterprise Application Platform

236 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-10172

Media report
  • EPSS 0.57%
  • Published 18.11.2019 17:15:11
  • Last modified 21.11.2024 04:18:34

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

7.8

CVE-2019-0205

  • EPSS 0.7%
  • Published 29.10.2019 19:15:15
  • Last modified 21.11.2024 04:16:29

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it ...

7.5

CVE-2019-0210

  • EPSS 0.3%
  • Published 29.10.2019 19:15:15
  • Last modified 21.11.2024 04:16:29

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

4.9

CVE-2019-14838

  • EPSS 0.4%
  • Published 14.10.2019 15:15:09
  • Last modified 21.11.2024 04:27:28

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

9.8

CVE-2019-17531

  • EPSS 1.19%
  • Published 12.10.2019 21:15:08
  • Last modified 21.11.2024 04:32:27

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext...

9.8

CVE-2019-17267

  • EPSS 1.36%
  • Published 07.10.2019 00:15:10
  • Last modified 21.11.2024 04:31:59

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.

9.8

CVE-2019-10212

  • EPSS 0.29%
  • Published 02.10.2019 19:15:11
  • Last modified 21.11.2024 04:18:39

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

9.8

CVE-2019-16942

  • EPSS 0.44%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1....

9.8

CVE-2019-16943

  • EPSS 1.84%
  • Published 01.10.2019 17:15:10
  • Last modified 21.11.2024 04:31:23

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja...