Red Hat Jboss Middleware Text Only Advisories
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Jboss Middleware Text Only Advisories.
By the Year
In 2025 there have been 0 vulnerabilities in Red Hat Jboss Middleware Text Only Advisories. Jboss Middleware Text Only Advisories did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 0 | 0.00 |
2023 | 2 | 8.45 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 2 | 6.20 |
2019 | 1 | 7.50 |
2018 | 1 | 5.40 |
It may take a day or so for new Jboss Middleware Text Only Advisories vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Middleware Text Only Advisories Security Vulnerabilities
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests
CVE-2023-4853
8.1 - High
- September 20, 2023
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
AuthZ
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data
CVE-2022-1415
8.8 - High
- September 11, 2023
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Marshaling, Unmarshaling
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1
CVE-2019-14900
6.5 - Medium
- July 06, 2020
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
SQL Injection
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2011-2487
5.9 - Medium
- March 11, 2020
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Use of a Broken or Risky Cryptographic Algorithm
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2
CVE-2019-14439
7.5 - High
- July 30, 2019
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
Marshaling, Unmarshaling
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker
CVE-2018-1288
5.4 - Medium
- July 26, 2018
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final
CVE-2016-4970
7.5 - High
- April 13, 2017
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Infinite Loop
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature
CVE-2016-4437
9.8 - Critical
- June 07, 2016
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Fuse or by Red Hat? Click the Watch button to subscribe.