The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of JBoss EAP by Red Hat

Wildfly: memory leak via OpenTracing API
An attacker can create a memory leak via OpenTracing API of Wildfly, in order to trigger a denial of service...
CVE-2020-27822, RHBUG-1904060, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, RHSA-2021:0317-01, VIGILANCE-VUL-34049
WildFly: password leak in log file
An attacker can retrieve usernames and associated passwords in WildFly log files...
13, CVE-2020-25640, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33970
Hibernate ORM: SQL injection via Comments
An attacker can use a SQL injection via Comments of Hibernate ORM, in order to read or alter data...
CVE-2020-25638, DLA-2512-1, RHSA-2020:5174-01, RHSA-2020:5175-01, RHSA-2020:5254-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33940
WildFly: memory leak via Host Controller Connect Loop
An attacker can create a memory leak via Host Controller Connect Loop of WildFly, in order to trigger a denial of service...
CVE-2020-25689, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33757, WFCORE-5105
WildFly OpenSSL: memory leak via HTTP Session End
An attacker can create a memory leak via HTTP Session End of WildFly OpenSSL, in order to trigger a denial of service...
CVE-2020-25644, RHBUG-1885485, RHSA-2020:4256-01, RHSA-2020:4257-01, RHSA-2020:4922-01, RHSA-2020:4923-01, RHSA-2020:4978-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, VIGILANCE-VUL-33574
FasterXML Jackson Databind: external XML entity injection
An attacker can transmit malicious XML data to FasterXML Jackson Databind, in order to read a file, scan sites, or trigger a denial of service...
6410882, CERTFR-2021-AVI-101, CVE-2020-25649, DLA-2406-1, FEDORA-2021-1d8254899c, openSUSE-SU-2021:0221-1, RHSA-2020:4312-01, RHSA-2020:4401-01, RHSA-2020:4402-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, SUSE-SU-2021:0243-1, VIGILANCE-VUL-33573
XNIO: denial of service via File Descriptor Leak
An attacker can trigger a fatal error via File Descriptor Leak of XNIO, in order to trigger a denial of service...
CVE-2020-14340, RHBUG-1860218, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33554
PicketBox: privilege escalation via Admin-only Mode Reload
An attacker can bypass restrictions via Admin-only Mode Reload of PicketBox, in order to escalate his privileges...
CVE-2020-14299, RHBUG-1848533, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33553
Apache HttpClient: information disclosure via java.net.URI Authority Component
An attacker can bypass access restrictions to data via java.net.URI Authority Component of Apache HttpClient, in order to obtain sensitive information...
CVE-2020-13956, DLA-2405-1, DSA-4772-1, KB0086419, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33523
Apache CXF: information disclosure via InstrumentationManager Extension Bus
An attacker can bypass access restrictions to data via InstrumentationManager Extension Bus of Apache CXF, in order to obtain sensitive information...
6344071, cpuoct2020, CVE-2020-1954, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33515
Our database contains other pages. You can request a free trial to read them.

Display information about JBoss EAP by Red Hat: