Redhat

Jboss Middleware Text-only Advisories

9 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-1132

  • EPSS 0.24%
  • Published 17.04.2024 14:15:07
  • Last modified 30.06.2025 13:58:57

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Published 20.09.2023 10:15:14
  • Last modified 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

8.8

CVE-2022-1415

  • EPSS 0.63%
  • Published 11.09.2023 21:15:41
  • Last modified 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

6.5

CVE-2019-14900

  • EPSS 1.22%
  • Published 06.07.2020 19:15:12
  • Last modified 21.11.2024 04:27:38

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. Th...

5.9

CVE-2011-2487

  • EPSS 0.14%
  • Published 11.03.2020 16:15:11
  • Last modified 21.11.2024 01:28:23

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Published 30.07.2019 11:15:11
  • Last modified 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

5.5

CVE-2018-1288

  • EPSS 0.67%
  • Published 26.07.2018 14:29:00
  • Last modified 21.11.2024 03:59:33

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data ...

7.8

CVE-2016-4970

  • EPSS 8.23%
  • Published 13.04.2017 14:59:01
  • Last modified 20.04.2025 01:37:25

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

9.8

CVE-2016-4437

Warning Exploit
  • EPSS 94.3%
  • Published 07.06.2016 14:06:13
  • Last modified 12.04.2025 10:46:40

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.