CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-4853

all versions

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when acceptin

8.1HIGH

CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2022-1415

all versions

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows

8.1HIGH

CVE-2019-14841

all versions

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw all

8.8HIGH

CVE-2019-14840

all versions

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of c

7.5HIGH

CVE-2020-1748

all versions

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager check

7.5HIGH

CVE-2019-14900

all versions

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the

6.5MEDIUM

CVE-2020-1714

all versions

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.

8.8HIGH

CVE-2020-1720

all versions

A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An aut

3.1LOW

CVE-2019-14886

all versions

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in err

6.5MEDIUM

CVE-2019-14892

all versions

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deser

9.8CRITICAL

CVE-2019-14863

all versions

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the

6.1MEDIUM

CVE-2019-14862

all versions

There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web a

6.1MEDIUM

CVE-2018-12023

all versions

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe

7.5HIGH

CVE-2018-12022

all versions

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (eithe

7.5HIGH

CVE-2018-19362

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jb

9.8CRITICAL

CVE-2018-19361

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the op

9.8CRITICAL

CVE-2018-19360

all versions

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the ax

9.8CRITICAL

CVE-2017-7545

all versions

It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XM

6.5MEDIUM