cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-07T10:00:51.745Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T21:21:20.899Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-03-22T18:24:42.696Z,0
CVE-2024-1635,https://securityvulnerability.io/vulnerability/CVE-2024-1635,Undertow Vulnerability Impacts Wildfly-HTTP-Client Server,"A vulnerability has been identified within Undertow that affects servers utilizing the WildFly HTTP Client protocol. The issue occurs when a malicious actor exploits the behavior of connection handling, causing the server to exhaust its memory and file descriptor limits. This situation arises when a connection is opened and immediately closed at the HTTP port, leading to leaked connections via the WriteTimeoutStreamSinkConduit. Notably, if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener, the connection's outermost layer fails to notify the Undertow conduit of the closure. Consequently, this lack of notification allows the timeout task to continue leaking connections through the XNIO WorkerThread, resulting in a prolonged impact on the server's resource consumption. Organizations are urged to address this vulnerability promptly to safeguard against potential denial-of-service scenarios.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Streams For Apache Kafka",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-02-19T21:23:14.496Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0
CVE-2022-1415,https://securityvulnerability.io/vulnerability/CVE-2022-1415,Drools: unsafe data deserialization in streamutils,"A security flaw exists in Drools Core where certain utility classes fail to implement appropriate safety measures during data deserialization. This vulnerability permits an authenticated attacker to craft malicious serialized objects, often referred to as gadgets, which can then lead to unauthorized code execution on the server. Proper safeguards should be implemented to mitigate risks associated with this vulnerability.",Red Hat,"RHPam 7.13.1 Async,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7",8.1,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2023-09-11T20:20:23.745Z,0