Red hat jboss fuse service works

This hub aggregates every CVE we track for Red hat jboss fuse service works, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat jboss fuse service works.

• CVE-2023-39410Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK7.5Sep 29, 2023
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2022-45047Apache MINA SSHD: Java unsafe deserialization vulnerability9.8Nov 16, 2022
• CVE-2022-42920Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing9.8Nov 7, 2022
• CVE-2022-40152Stack Buffer Overflow in Woodstox6.5Sep 16, 2022
• CVE-2016-4437​Уязвимость реализации функции «Remember Me» фреймворка Apache Shiro, позволяющая нарушителю выполнить произвольный код или обойти ограничения безопасности8.1Nov 25, 2021
• CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5Oct 19, 2021
• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021
• CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3Mar 22, 2021
• CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1Mar 22, 2021
• CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021
• CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4Mar 22, 2021
• CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3Mar 22, 2021