Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss fuse vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-1714
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an malicious user to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potent...
Redhat Keycloak
Redhat Decision Manager 7.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Redhat Single Sign-on 7.0
Quarkus Quarkus
4.9
CVSSv3
CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Integration Camel K -
Redhat Undertow 2.3.0
Redhat Undertow
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Netapp Cloud Secure Agent -
6.5
CVSSv3
CVE-2019-14900
A flaw was found in Hibernate ORM in versions prior to 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an malic...
Hibernate Hibernate Orm
Redhat Decision Manager 7.0
Redhat Openstack 10
Redhat Single Sign-on -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Middleware Text-only Advisories -
Redhat Openstack 14
Redhat Openstack 13
Redhat Jboss Enterprise Application Platform -
Redhat Build Of Quarkus -
Redhat Fuse
Quarkus Quarkus
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.2
1 Github repository
5.3
CVSSv3
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions before 1.10.14.Final, before 1.15.5.Final and before 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Redhat Wildfly Elytron
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Data Grid 8.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Quarkus Quarkus
7.5
CVSSv3
CVE-2022-4492
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Undertow 2.7.0
Redhat Integration Camel For Spring Boot -
Redhat Migration Toolkit For Applications 6.0
Redhat Migration Toolkit For Runtimes -
7.5
CVSSv3
CVE-2021-3690
A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an malicious user to cause a denial of service. The highest threat from this vulnerability is availability.
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Fuse 1.0
Redhat Undertow
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
NA
CVE-2012-5575
Apache CXF 2.5.x prior to 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote malicious users to force CXF to use w...
Apache Cxf 2.5.2
Apache Cxf 2.5.9
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
Apache Cxf 2.6.0
Apache Cxf 2.5.3
Apache Cxf 2.7.3
Apache Cxf 2.5.7
Redhat Jboss Fuse Esb Enterprise 7.1.0
Apache Cxf 2.6.2
Apache Cxf 2.5.0
Apache Cxf 2.5.1
Apache Cxf 2.5.5
Apache Cxf 2.5.8
Apache Cxf 2.6.5
Apache Cxf 2.7.0
Apache Cxf 2.6.6
Apache Cxf 2.6.3
Redhat Jboss Enterprise Portal Platform 4.3.0
Apache Cxf 2.5.6
Apache Cxf 2.6.4
Apache Cxf 2.6.1
7.4
CVSSv3
CVE-2021-20218
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability ...
Redhat Kubernetes-client
Redhat A-mq Online -
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Container Platform 3.11
Redhat Process Automation 7.0
6.5
CVSSv3
CVE-2020-10719
A flaw was found in Undertow in versions prior to 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an malicious user to take advantage of HTTP request smuggling.
Redhat Undertow
Netapp Oncommand Insight
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.2
Netapp Oncommand Workflow Automation -
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2019-19343
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1...
Redhat Jboss-remoting 5.0.14
Redhat Jboss-remoting
Redhat Undertow 2.0.25
Redhat Undertow
Redhat Jboss Enterprise Application Platform
Netapp Active Iq Unified Manager -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »