Redhat Jboss Middleware Text-only Advisories — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Middleware Text-only Advisories, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2023-4853 — CVSS 8.1 (high): A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting…
CVE-2022-1415 — CVSS 8.1 (high): A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an…
CVE-2024-1132 — CVSS 8.1 (high): A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to…
CVE-2019-14439 — CVSS 7.5 (high): A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled…
CVE-2016-4970 — CVSS 7.5 (high): handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2011-2487 — CVSS 5.9 (medium): The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a…
CVE-2018-1288 — CVSS 5.4 (medium): In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action…