Vulnerabilities > Redhat > Jboss Enterprise Application Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
2021-06-02 CVE-2020-14317 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression.
local
low complexity
redhat
5.5
2021-05-27 CVE-2020-10688 Unspecified vulnerability in Redhat products
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.
network
low complexity
redhat
6.1
2021-05-20 CVE-2021-3536 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS.
network
low complexity
redhat CWE-79
4.8
2020-11-02 CVE-2020-25689 A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp
6.5
2020-10-16 CVE-2020-14299 Improper Authentication vulnerability in Redhat products
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode.
network
low complexity
redhat CWE-287
6.5
2020-09-23 CVE-2020-10687 Unspecified vulnerability in Redhat Undertow 1.0.0
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request.
network
high complexity
redhat
4.8
2020-09-16 CVE-2020-1710 Unspecified vulnerability in Redhat products
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
network
low complexity
redhat
5.3
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5
2020-05-26 CVE-2020-10719 HTTP Request Smuggling vulnerability in multiple products
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.
network
low complexity
redhat netapp CWE-444
6.5