Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hibernate vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-26646
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during b...
NA
CVE-2022-4963
A vulnerability was found in Folio Spring Module Core up to 1.1.5. It has been rated as critical. Affected by this issue is the function dropSchema of the file tenant/src/main/java/org/folio/spring/tenant/hibernate/HibernateSchemaService.java of the component Schema Name Handler....
NA
CVE-2021-47110
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corrupti...
NA
CVE-2023-52559
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend c...
NA
CVE-2023-52460
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL pointer dereference at hibernate During hibernate sequence the source context might not have a clk_mgr. So don't use it to look for DML2 support.
NA
CVE-2023-1932
Description<!---->A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may rende...
NA
CVE-2023-37472
Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. Th...
Eng Knowage
NA
CVE-2023-26093
Liima prior to 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.
Puzzle Liima
5.8
CVSSv2
CVE-2020-25638
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an malicious user to ac...
Hibernate Hibernate Orm
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Quarkus Quarkus
Oracle Retail Customer Management And Segmentation Foundation 19.0
Oracle Communications Cloud Native Core Console 1.9.0
2 Github repositories
4
CVSSv2
CVE-2019-14900
A flaw was found in Hibernate ORM in versions prior to 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an malic...
Hibernate Hibernate Orm
Redhat Decision Manager 7.0
Redhat Openstack 10
Redhat Single Sign-on -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Middleware Text-only Advisories -
Redhat Openstack 14
Redhat Openstack 13
Redhat Jboss Enterprise Application Platform -
Redhat Build Of Quarkus -
Redhat Fuse
Quarkus Quarkus
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.2
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »