Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Jboss Middleware Text-only Advisories

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4853 2 Quarkus, Redhat 13 Quarkus, Build Of Optaplanner, Build Of Quarkus and 10 more 2023-12-21 N/A 8.1 HIGH
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
CVE-2019-14900 3 Hibernate, Quarkus, Redhat 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more 2022-04-29 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CVE-2018-1288 2 Apache, Redhat 2 Kafka, Jboss Middleware Text-only Advisories 2021-10-07 5.5 MEDIUM 5.4 MEDIUM
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
CVE-2011-2487 2 Apache, Redhat 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more 2021-06-16 4.3 MEDIUM 5.9 MEDIUM
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2016-4970 3 Apache, Netty, Redhat 4 Cassandra, Netty, Jboss Data Grid and 1 more 2021-02-14 7.8 HIGH 7.5 HIGH
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).