Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
red hat vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-27782
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availa...
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Undertow 2.0.33
Redhat Undertow 2.1.5
Redhat Undertow 2.2.3
5.3
CVSSv3
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions before 1.10.14.Final, before 1.15.5.Final and before 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Redhat Wildfly Elytron
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Data Grid 8.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Quarkus Quarkus
NA
CVE-2014-7827
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypas...
Redhat Jboss Enterprise Application Platform
NA
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
NA
CVE-2014-7849
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 up to and including 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attribut...
Redhat Jboss Enterprise Application Platform 6.2.4
Redhat Jboss Enterprise Application Platform 6.3.0
Redhat Jboss Enterprise Application Platform 6.2.0
Redhat Jboss Enterprise Application Platform 6.2.1
Redhat Jboss Enterprise Application Platform 6.2.2
Redhat Jboss Enterprise Application Platform 6.2.3
Redhat Jboss Enterprise Application Platform 6.3.1
Redhat Jboss Enterprise Application Platform 6.3.2
NA
CVE-2014-8122
Race condition in JBoss Weld prior to 2.2.8 and 3.x prior to 3.0.0 Alpha3 allows remote malicious users to obtain information from a previous conversation via vectors related to a stale thread state.
Redhat Jboss Weld
Redhat Jboss Weld 3.0.0
NA
CVE-2012-3467
Apache QPID 0.14, 0.16, and previous versions uses a NullAuthenticator mechanism to authenticate catch-up shadow connections to AMQP brokers, which allows remote malicious users to bypass authentication.
Apache Qpid
Apache Qpid 0.6
Apache Qpid 0.14
Apache Qpid 0.5
9.8
CVSSv3
CVE-2020-1745
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final. A remote, unauthenticated attacker could exploit this vulnerability to read web applicati...
Redhat Undertow
7.5
CVSSv3
CVE-2020-14384
A flaw was found in JBossWeb in versions prior to 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat ...
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jbossweb
5.3
CVSSv3
CVE-2020-14338
A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation pr...
Redhat Xerces 2.12.0
Redhat Xerces
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »