Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss jboss application server vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2014-0170
Teiid prior to 8.4.3 and prior to 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote malicious users to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.
Redhat Jboss Data Virtualization
Jboss Teiid
Jboss Teiid 8.4
4.3
CVSSv2
CVE-2012-3428
The IronJacamar container prior to 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote malicious users to obtain access t...
Jboss Ironjacamar
6.4
CVSSv2
CVE-2019-20445
HttpObjectDecoder.java in Netty prior to 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Netty Netty
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Redhat Jboss Amq Clients 2
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Apache Spark 2.4.7
Apache Spark 2.4.8
1.9
CVSSv2
CVE-2019-12400
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader...
Apache Santuario Xml Security For Java
Redhat Jboss Enterprise Application Platform 7.2
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
5 Github repositories
6.5
CVSSv2
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped wit...
Redhat Single Sign-on 7.3
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on -
1 Github repository
5.8
CVSSv2
CVE-2011-4314
message/ax/AxMessage.java in OpenID4Java prior to 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 prior to 5.1.2, Step2, Kay Framework prior to 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows re...
Openid Openid4java
Kay Framework Project Kay Framework 1.0.0
Redhat Jboss Enterprise Application Platform 5.1.2
Openid Openid4java 0.9.2
Kay Framework Project Kay Framework 0.1.0
Redhat Jboss Enterprise Application Platform 5.1.1
Kay Framework Project Kay Framework
Kay Framework Project Kay Framework 0.8.0
Kay Framework Project Kay Framework 0.2.0
Redhat Jboss Enterprise Application Platform 5.1.0
Openid Openid4java 0.9.4.339
Openid Openid4java 0.9.3
Kay Framework Project Kay Framework 0.0.0
Kay Framework Project Kay Framework 0.3.0
5
CVSSv2
CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
7.8
CVSSv2
CVE-2019-0205
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language ...
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
5
CVSSv2
CVE-2014-3648
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints...
Redhat Jboss Aerogear 1.0.0
6.5
CVSSv2
CVE-2021-32027
A flaw was found in postgresql in versions prior to 13.3, prior to 12.7, prior to 11.12, prior to 10.17 and prior to 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The...
Postgresql Postgresql
Redhat Enterprise Linux 7.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »