Red hat jboss data virtualization

This hub aggregates every CVE we track for Red hat jboss data virtualization, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat jboss data virtualization.

• CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK7.5Sep 29, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2023-26464Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender7.5Mar 10, 2023
• CVE-2022-40152Stack Buffer Overflow in Woodstox6.5Sep 16, 2022
• CVE-2021-3644A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management inte...3.3Aug 26, 2022
• CVE-2022-29885EncryptInterceptor does not provide complete protection on insecure networks7.5May 12, 2022
• CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5Dec 14, 2021
• CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5Oct 19, 2021
• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021
• CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3Mar 22, 2021
• CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1Mar 22, 2021
• CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021
• CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4Mar 22, 2021
• CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3Mar 22, 2021
• CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021