Red hat jboss fuse

This hub aggregates every CVE we track for Red hat jboss fuse, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat jboss fuse.

• CVE-2024-21490This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With larg...7.5Feb 10, 2024
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2022-46751Apache Ivy: XML External Entity vulnerability in Apache Ivy8.2Aug 21, 2023
• CVE-2023-20861In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression ...6.5Mar 23, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client ...3.7Mar 3, 2023
• CVE-2022-45047Apache MINA SSHD: Java unsafe deserialization vulnerability9.8Nov 16, 2022
• CVE-2022-37866Apache Ivy allows path traversal in the presence of a malicious repository7.5Nov 7, 2022
• CVE-2022-40152Stack Buffer Overflow in Woodstox6.5Sep 16, 2022
• CVE-2021-3644A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management inte...3.3Aug 26, 2022
• CVE-2022-22971In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticate...6.5May 12, 2022
• CVE-2022-29885EncryptInterceptor does not provide complete protection on insecure networks7.5May 12, 2022
• CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http5.5May 6, 2022