cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2020-25689,https://securityvulnerability.io/vulnerability/CVE-2020-25689,,"A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.",Red Hat,Wildfly-core,5.3,MEDIUM,0.0005699999746866524,false,false,false,false,,false,false,2020-11-02T21:15:00.000Z,0
CVE-2020-14297,https://securityvulnerability.io/vulnerability/CVE-2020-14297,,"A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.",Red Hat,Wildfly,6.5,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2020-07-24T15:37:25.000Z,0
CVE-2020-14307,https://securityvulnerability.io/vulnerability/CVE-2020-14307,,"A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable.",Red Hat,Wildfly,6.5,MEDIUM,0.0007600000244565308,false,false,false,false,,false,false,2020-07-24T00:00:00.000Z,0
CVE-2019-14887,https://securityvulnerability.io/vulnerability/CVE-2019-14887,,"A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.",Red Hat,Wildfly,7.4,HIGH,0.0013500000350177288,false,false,false,false,,false,false,2020-03-16T14:48:09.000Z,0
CVE-2019-14843,https://securityvulnerability.io/vulnerability/CVE-2019-14843,,"A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.",Red Hat,Wildfly-security-manager,7.5,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2020-01-07T16:34:59.000Z,0
CVE-2019-14838,https://securityvulnerability.io/vulnerability/CVE-2019-14838,,"A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server",Red Hat,Wildfly-core,5.2,MEDIUM,0.004000000189989805,false,false,false,false,,false,false,2019-10-14T14:32:53.000Z,0
CVE-2019-3894,https://securityvulnerability.io/vulnerability/CVE-2019-3894,,It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.,Red Hat,Wildfly,5.4,MEDIUM,0.004240000154823065,false,false,false,false,,false,false,2019-05-03T19:25:58.000Z,0
CVE-2019-3805,https://securityvulnerability.io/vulnerability/CVE-2019-3805,,A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.,Red Hat,Wildfly,5.5,MEDIUM,0.0004199999966658652,false,false,false,false,,false,false,2019-05-03T19:25:28.000Z,0
CVE-2018-10934,https://securityvulnerability.io/vulnerability/CVE-2018-10934,,"A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.",Red Hat,Wildfly-core,5.4,MEDIUM,0.00139999995008111,false,false,false,false,,false,false,2019-03-27T12:20:07.000Z,0
CVE-2016-9589,https://securityvulnerability.io/vulnerability/CVE-2016-9589,,"Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to ""max-headers"" (default 200) * ""max-header-size"" (default 1MB) per active TCP connection.",Red Hat,Wildfly,7.5,HIGH,0.014689999632537365,false,false,false,false,,false,false,2018-03-12T15:00:00.000Z,0
CVE-2018-1047,https://securityvulnerability.io/vulnerability/CVE-2018-1047,,A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.,Red Hat,Wildfly,5.5,MEDIUM,0.0006099999882280827,false,false,false,false,,false,false,2018-01-24T23:00:00.000Z,0