Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
red hat vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2022-36437
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated malicious user to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are up to and including 4.0.6, 4.1.9, 4...
Hazelcast Hazelcast-jet
Hazelcast Hazelcast
6.5
CVSSv3
CVE-2022-22971
In spring framework versions before 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
Vmware Spring Framework
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
Netapp Oncommand Insight -
Netapp Cloud Secure Agent -
7.2
CVSSv3
CVE-2022-2668
An issue exists in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
Redhat Single Sign-on 7.0
Redhat Keycloak 18.0.0
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
6.5
CVSSv3
CVE-2020-25689
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an malicious user to cause an ...
Redhat Wildfly
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Application Runtimes -
Redhat Fuse 6.0.0
Netapp Oncommand Insight -
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
5.4
CVSSv3
CVE-2022-0225
A flaw was found in Keycloak. This flaw allows a privileged malicious user to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.
Redhat Keycloak -
Redhat Single Sign-on 7.0
7.5
CVSSv3
CVE-2022-46363
A vulnerability in Apache CXF prior to 3.5.5 and 3.4.10 allows an malicious user to perform a remote directory listing or code exfiltration. The vulnerability only applies when the CXFServlet is configured with both the static-resources-list and redirect-query-check attributes. T...
Apache Cxf
6.5
CVSSv3
CVE-2022-38749
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Snakeyaml Project Snakeyaml
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from thi...
Redhat Jboss Fuse 7.0.0
Redhat Wildfly
7.5
CVSSv3
CVE-2022-0084
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an malicious user to send flawed requests to a server, possibly causing log contention-related performance concern...
Redhat Single Sign-on 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Xnio
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »