Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-46877
jackson-databind 2.10.x up to and including 2.12.x prior to 2.12.6 and 2.13.x prior to 2.13.1 allows malicious users to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
Fasterxml Jackson-databind
Fasterxml Jackson-databind 2.13.0
NA
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component...
Apache Log4j
NA
CVE-2022-4492
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Undertow 2.7.0
Redhat Integration Camel For Spring Boot -
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Runtimes -
NA
CVE-2023-0482
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Redhat Resteasy
NA
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDiges...
Redhat Wildfly Elytron 1.15.15
Redhat Jboss Enterprise Application Platform 7.0.0
NA
CVE-2022-45787
Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or lat...
Apache James
NA
CVE-2022-47629
Libksba prior to 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
Gnupg Libksba
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-46364
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF prior to 3.5.5 and 3.4.10 allows an malicious user to perform SSRF style attacks on webservices that take at least one parameter of any type.
Apache Cxf
NA
CVE-2022-45693
Jettison before v1.5.2 exists to contain a stack overflow via the map parameter. This vulnerability allows malicious users to cause a Denial of Service (DoS) via a crafted string.
Jettison Project Jettison
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions before 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no worka...
Netty Netty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »