Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Enterprise Bpms Platform Subscriptions
Total 209 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-36373 3 Apache, Oracle, Redhat 33 Ant, Agile Plm, Banking Trade Finance and 30 more 2024-11-21 5.5 Medium
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVE-2021-33813 6 Apache, Debian, Fedoraproject and 3 more 10 Solr, Tika, Debian Linux and 7 more 2024-11-21 7.5 High
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
CVE-2021-30129 3 Apache, Oracle, Redhat 13 Sshd, Banking Payments, Banking Trade Finance and 10 more 2024-11-21 6.5 Medium
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
CVE-2021-2471 3 Oracle, Quarkus, Redhat 11 Communications Cloud Native Core Console, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 8 more 2024-11-21 5.9 Medium
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
CVE-2021-29505 6 Debian, Fedoraproject, Netapp and 3 more 23 Debian Linux, Fedora, Snapmanager and 20 more 2024-11-21 7.5 High
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
CVE-2021-29425 5 Apache, Debian, Netapp and 2 more 69 Commons Io, Debian Linux, Active Iq Unified Manager and 66 more 2024-11-21 4.8 Medium
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
CVE-2021-26291 4 Apache, Oracle, Quarkus and 1 more 9 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 6 more 2024-11-21 9.1 Critical
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html
CVE-2021-23436 2 Immer Project, Redhat 2 Immer, Jboss Enterprise Bpms Platform 2024-11-21 5.6 Medium
This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, this bypass is possible because the condition (p === "__proto__" || p === "constructor") in applyPatches_ returns false if p is ['__proto__'] (or ['constructor']). The === operator (strict equality operator) returns false if the operands have different type.
CVE-2021-23383 3 Handlebarsjs, Netapp, Redhat 6 Handlebars, E-series Performance Analyzer, Acm and 3 more 2024-11-21 5.6 Medium
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2021-23369 2 Handlebarsjs, Redhat 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more 2024-11-21 5.6 Medium
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.
CVE-2021-22569 3 Google, Oracle, Redhat 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more 2024-11-21 7.5 High
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
CVE-2021-22096 4 Netapp, Oracle, Redhat and 1 more 12 Active Iq Unified Manager, Management Services For Element Software And Netapp Hci, Metrocluster Tiebreaker and 9 more 2024-11-21 4.3 Medium
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CVE-2021-21351 5 Debian, Fedoraproject, Oracle and 2 more 19 Debian Linux, Fedora, Banking Enterprise Default Management and 16 more 2024-11-21 5.4 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21350 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 5.3 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21349 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 6.1 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21348 5 Debian, Fedoraproject, Oracle and 2 more 19 Debian Linux, Fedora, Banking Enterprise Default Management and 16 more 2024-11-21 5.3 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21347 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 6.1 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21346 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 6.1 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21345 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 5.8 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.
CVE-2021-21344 5 Debian, Fedoraproject, Oracle and 2 more 20 Debian Linux, Fedora, Banking Enterprise Default Management and 17 more 2024-11-21 5.3 Medium
XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.16.