Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fuse vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-1718
A flaw was found in the reset credential flow in all Keycloak versions prior to 8.0.0. This flaw allows an malicious user to gain unauthorized access to the application.
Redhat Keycloak
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
NA
CVE-2013-7397
Async Http Client (aka AHC or async-http-client) prior to 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle malicious users to spoof HTTPS servers by presenting an arbitrary cert...
Redhat Jboss Fuse
Async-http-client Project Async-http-client
7.5
CVSSv3
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Single Sign-on 7.0
Netapp Active Iq Unified Manager -
NA
CVE-2013-6469
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.
Redhat Jboss Fuse Service Works 6.0
Redhat Jboss Overlord Run Time Governance 1.0
7.5
CVSSv3
CVE-2022-2053
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy mark...
Redhat Jboss Fuse 7.0.0
Redhat Integration Camel K -
Redhat Undertow
Redhat Undertow 2.3.0
3.3
CVSSv3
CVE-2020-10734
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. Versions shipped with Red Hat Fuse 7, Red Hat Single Sign-on 7, and Red Hat Openshift Application Runtimes are believed to be vulnerable.
Redhat Keycloak -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
6.5
CVSSv3
CVE-2020-25689
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an malicious user to cause an ...
Redhat Wildfly
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Application Runtimes -
Redhat Fuse 6.0.0
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
2.7
CVSSv3
CVE-2020-1717
A flaw was found in Keycloak 7.0.1. A logged in user can do an account email enumeration attack.
Redhat Keycloak 7.0.1
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
8.1
CVSSv3
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may...
Redhat Undertow 2.0.0
Redhat Undertow 2.0.25
Redhat Undertow 2.0.26
Redhat Undertow 2.0.28
Redhat Undertow
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
6.1
CVSSv3
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions prior to 3.11.1.Final and prior to 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Resteasy
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »