Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
richfaces vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-0086
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote malicious users to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
Redhat Richfaces 5.0.0
Redhat Jboss Web Framework Kit 2.5.0
Redhat Richfaces 4.3.5
Redhat Richfaces 4.3.4
9.8
CVSSv3
CVE-2018-12532
JBoss RichFaces 4.5.3 up to and including 4.5.17 allows unauthenticated remote malicious users to inject an arbitrary expression language (EL) variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309.
Redhat Richfaces
1 Github repository
NA
CVE-2015-0279
JBoss RichFaces prior to 4.5.4 allows remote malicious users to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
Redhat Richfaces
1 Github repository
NA
CVE-2014-7852
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote malicious users to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
Redhat Jboss Enterprise Portal Platform 6.1.1
9.8
CVSSv3
CVE-2013-4521
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote malicious users to execute arbitrary code via crafted serialized data. NOTE: this vulnerability m...
Nuxeo Nuxeo 5.6.0
Nuxeo Nuxeo 5.8.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-24955
man-in-the-middle
dos
CVE-2024-2818
CVE-2024-30584
CVE-2024-31134
camera
CVE-2023-45866
CVE-2024-30585
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started