Redhat Jboss_data_grid
25 CVEs affecting Redhat Jboss_data_grid. Latest disclosed: 2023-12-18. Critical: 5, High: 11.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-14892 | Critical | 9.8 | 2020-03-02 | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious obj… |
CVE-2019-10158 | Critical | 9.8 | 2020-01-02 | A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration ca… |
CVE-2019-10212 | Critical | 9.8 | 2019-10-02 | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the… |
CVE-2019-3888 | Critical | 9.8 | 2019-06-12 | A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeR… |
CVE-2019-14887 | Critical | 9.1 | 2020-03-16 | A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker… |
CVE-2022-1271 | High | 8.8 | 2022-08-31 | An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted f… |
CVE-2019-10174 | High | 8.8 | 2019-11-25 | A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke priva… |
CVE-2018-1131 | High | 8.8 | 2018-05-15 | Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access… |
CVE-2020-1757 | High | 8.1 | 2020-04-21 | A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2020-25644 | High | 7.5 | 2020-10-06 | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM lead… |
CVE-2019-14888 | High | 7.5 | 2020-01-23 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out… |
CVE-2019-10184 | High | 7.5 | 2019-07-25 | undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests withou… |
CVE-2016-4970 | High | 7.5 | 2017-04-13 | handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite l… |
CVE-2023-5384 | High | 7.2 | 2023-12-18 | A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store with connection pooling… |
CVE-2023-3628 | Medium | 6.5 | 2023-12-18 | A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated… |
CVE-2019-14900 | Medium | 6.5 | 2020-07-06 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit u… |
CVE-2017-2638 | Medium | 6.5 | 2018-07-16 | It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read o… |
CVE-2019-10219 | Medium | 6.1 | 2019-11-08 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious cod… |