redhat jboss enterprise data services platform vulnerabilities and exploits

(subscribe to this query)

The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss Enterprise Data Services Platform prior to 5.3.0, does not encrypt login messages by default contrary to documentation and specification, which allows remote malicious users to obtain login credentials via a man...

Redhat Jboss Enterprise Data Services Platform 5.1.0 Redhat Jboss Enterprise Data Services Platform

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform prior to 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote malicious users to obtain plaintext data via a...

Redhat Jboss Enterprise Portal Platform 5.0.0 Redhat Jboss Enterprise Portal Platform 5.1.1 Redhat Jboss Enterprise Portal Platform 5.1.0 Redhat Jboss Enterprise Portal Platform Redhat Jboss Enterprise Portal Platform 5.2.0 Redhat Jboss Enterprise Portal Platform 5.0.1

A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Openldap Openldap Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Jboss Enterprise Web Server 2.0.0 Redhat Enterprise Linux 5.0 Redhat Jboss Enterprise Application Platform 5.0.0 Redhat Jboss Core Services -Debian Debian Linux 9.0 Fedoraproject Fedora 33

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potent...

Redhat Jboss Data Grid 7.0.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Jboss Fuse 7.0.0 Redhat Openshift Application Runtimes -Redhat Single Sign-on 7.0 Redhat Wildfly 7.2.0 Redhat Wildfly 7.2.3 Redhat Wildfly 7.2.5

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an malicious user to cause an ...

Redhat Wildfly Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Single Sign-on 7.0 Redhat Jboss Fuse 7.0.0 Redhat Jboss Data Grid 7.0.0 Redhat Openshift Application Runtimes -Redhat Fuse 6.0.0 Netapp Oncommand Insight -Netapp Service Level Manager -Netapp Active Iq Unified Manager -

A flaw was found in postgresql in versions prior to 13.3, prior to 12.7, prior to 11.12, prior to 10.17 and prior to 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The...

Postgresql Postgresql Redhat Enterprise Linux 7.0 Redhat Jboss Enterprise Application Platform 7.0.0 Redhat Enterprise Linux 8.0 Redhat Software Collections -

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

Redhat Wildfly Redhat Single Sign-on 7.0 Redhat Amq 2.0 Redhat Integration Service Registry -Redhat Integration Camel K -Redhat Jboss A-mq 7 Redhat Jboss Enterprise Application Platform Expansion Pack -Redhat Amq Online -

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t...

20 Github repositories

There's a flaw in libxml2's xmllint in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.

Xmlsoft Xmllint Debian Debian Linux 9.0 Fedoraproject Fedora 33 Fedoraproject Fedora 34 Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Jboss Core Services -Redhat Enterprise Linux 8.0 Netapp Ontap Select Deploy Administration Utility -Netapp Clustered Data Ontap -Netapp Clustered Data Ontap Antivirus Connector -Oracle Zfs Storage Appliance Kit 8.8

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer...

1 Article

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook