Filtered by vendor Redhat
Subscriptions
Filtered by product Jboss Enterprise Brms Platform
Subscriptions
Total
206 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10672 | 5 Debian, Fasterxml, Netapp and 2 more | 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more | 2024-08-04 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | ||||
| CVE-2020-10673 | 5 Debian, Fasterxml, Netapp and 2 more | 40 Debian Linux, Jackson-databind, Steelstore Cloud Integrated Storage and 37 more | 2024-08-04 | 8.8 High |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | ||||
| CVE-2020-9547 | 5 Debian, Fasterxml, Netapp and 2 more | 27 Debian Linux, Jackson-databind, Active Iq Unified Manager and 24 more | 2024-08-04 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | ||||
| CVE-2020-9546 | 5 Debian, Fasterxml, Netapp and 2 more | 41 Debian Linux, Jackson-databind, Active Iq Unified Manager and 38 more | 2024-08-04 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | ||||
| CVE-2020-9548 | 5 Debian, Fasterxml, Netapp and 2 more | 35 Debian Linux, Jackson-databind, Active Iq Unified Manager and 32 more | 2024-08-04 | 9.8 Critical |
| FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | ||||
| CVE-2020-9488 | 5 Apache, Debian, Oracle and 2 more | 53 Log4j, Debian Linux, Communications Application Session Controller and 50 more | 2024-08-04 | 3.7 Low |
| Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 | ||||
| CVE-2020-8840 | 6 Debian, Fasterxml, Huawei and 3 more | 19 Debian Linux, Jackson-databind, Oceanstor 9000 and 16 more | 2024-08-04 | 9.8 Critical |
| FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | ||||
| CVE-2020-7238 | 4 Debian, Fedoraproject, Netty and 1 more | 19 Debian Linux, Fedora, Netty and 16 more | 2024-08-04 | 7.5 High |
| Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | ||||
| CVE-2020-1945 | 6 Apache, Canonical, Fedoraproject and 3 more | 54 Ant, Ubuntu Linux, Fedora and 51 more | 2024-08-04 | 6.3 Medium |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | ||||
| CVE-2020-1954 | 4 Apache, Netapp, Oracle and 1 more | 15 Cxf, Oncommand Workflow Automation, Snapmanager and 12 more | 2024-08-04 | 5.3 Medium |
| Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. | ||||
| CVE-2020-1748 | 1 Redhat | 9 Decision Manager, Jboss Data Grid, Jboss Enterprise Application Platform and 6 more | 2024-08-04 | 7.5 High |
| A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources. | ||||
| CVE-2020-1714 | 2 Quarkus, Redhat | 11 Quarkus, Decision Manager, Jboss Enterprise Application Platform and 8 more | 2024-08-04 | 8.8 High |
| A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. | ||||
| CVE-2020-1718 | 1 Redhat | 7 Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform, Jboss Fuse and 4 more | 2024-08-04 | 7.1 High |
| A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. | ||||
| CVE-2021-42550 | 4 Netapp, Qos, Redhat and 1 more | 9 Cloud Manager, Service Level Manager, Snap Creator Framework and 6 more | 2024-08-04 | 6.6 Medium |
| In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | ||||
| CVE-2021-39150 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39141 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39149 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39152 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the [Security Framework](https://x-stream.github.io/security.html#framework), you will have to use at least version 1.4.18. | ||||
| CVE-2021-39154 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||
| CVE-2021-39151 | 6 Debian, Fedoraproject, Netapp and 3 more | 21 Debian Linux, Fedora, Snapmanager and 18 more | 2024-08-04 | 8.5 High |
| XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose. | ||||