Redhat

Jboss Middleware Text-only Advisories

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2024-1132

  • EPSS 0.24%
  • Veröffentlicht 17.04.2024 14:15:07
  • Zuletzt bearbeitet 30.06.2025 13:58:57

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain ...

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Veröffentlicht 20.09.2023 10:15:14
  • Zuletzt bearbeitet 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

8.8

CVE-2022-1415

  • EPSS 0.63%
  • Veröffentlicht 11.09.2023 21:15:41
  • Zuletzt bearbeitet 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

6.5

CVE-2019-14900

  • EPSS 1.22%
  • Veröffentlicht 06.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:38

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. Th...

5.9

CVE-2011-2487

  • EPSS 0.14%
  • Veröffentlicht 11.03.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 01:28:23

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

7.5

CVE-2019-14439

  • EPSS 9.41%
  • Veröffentlicht 30.07.2019 11:15:11
  • Zuletzt bearbeitet 21.11.2024 04:26:44

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac...

5.5

CVE-2018-1288

  • EPSS 0.67%
  • Veröffentlicht 26.07.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:33

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data ...

7.8

CVE-2016-4970

  • EPSS 8.23%
  • Veröffentlicht 13.04.2017 14:59:01
  • Zuletzt bearbeitet 20.04.2025 01:37:25

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

9.8

CVE-2016-4437

Warnung Exploit
  • EPSS 94.3%
  • Veröffentlicht 07.06.2016 14:06:13
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.