Vulnerabilities > Redhat > Jboss Middleware Text Only Advisories > High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-20	CVE-2023-4853	Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. network high complexity quarkus redhat CWE-863	8.1
2023-09-11	CVE-2022-1415	Deserialization of Untrusted Data vulnerability in Redhat products A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. network low complexity redhat CWE-502	8.8
2019-07-30	CVE-2019-14439	Deserialization of Untrusted Data vulnerability in multiple products A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. network low complexity fasterxml debian fedoraproject apache redhat oracle CWE-502	7.5
2017-04-13	CVE-2016-4970	Infinite Loop vulnerability in multiple products handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop). network low complexity netty redhat apache CWE-835	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.