CVSS: 7.5EPSS: 76%CPEs: 72EXPL: 1CVE-2021-4104 – Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
https://notcve.org/view.php?id=CVE-2021-4104
14 Dec 2021 — JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in Au... • https://github.com/cckuailong/log4shell_1.x • CWE-20: Improper Input Validation CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 0CVE-2020-14340 – xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS
https://notcve.org/view.php?id=CVE-2020-14340
13 Oct 2020 — A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. Se detectó una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolección de basura. Puede permitir al ... • https://bugzilla.redhat.com/show_bug.cgi?id=1860218 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 18%CPEs: 16EXPL: 0CVE-2016-6330
https://notcve.org/view.php?id=CVE-2016-6330
27 Sep 2016 — The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. El servidor en Red Hat JBoss Operations Network (JON), cuando la autenticación SSL no está configurada para comunicación de agente servidor JON, permite a atacantes remotos ejecutar có... • http://www.securityfocus.com/bid/92568 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-5422 – JON3: privilege escalation via improper authorization
https://notcve.org/view.php?id=CVE-2016-5422
31 Aug 2016 — The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. La consola web en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.7 no autoriza adecuadamente peticiones para agregar usuarios con el rol de superusuario, lo que permite a usuarios remotos autenticados obtener privilegios de administrador a través de ... • http://rhn.redhat.com/errata/RHSA-2016-1785.html • CWE-264: Permissions, Privileges, and Access Controls CWE-285: Improper Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3737 – Red Hat Security Advisory 2016-1519-01
https://notcve.org/view.php?id=CVE-2016-3737
28 Jul 2016 — The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. El servidor en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.6 permite a atacantes remotos ejecutar código arbitrario a traves una petición HTTP manipulada, relacionado con deserialización de mensaje. Red Hat JBoss Operations Network is a Middleware management solution that provides a single point of control... • http://rhn.redhat.com/errata/RHSA-2016-1519.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 72%CPEs: 19EXPL: 1CVE-2015-7501 – apache-commons-collections: InvokerTransformer code execution during deserialisation
https://notcve.org/view.php?id=CVE-2015-7501
20 Nov 2015 — Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collect... • https://github.com/ianxtianxt/CVE-2015-7501 • CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3267 – JON: Cross Site scripting possible on the JBoss ON 404 error page
https://notcve.org/view.php?id=CVE-2015-3267
03 Aug 2015 — Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la página de error 404 en Red Hat JBoss Operations Network en versiones anteriores a 3.3.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. It was discovered that a cross-site scripting (XSS) vulnerability on a JBoss Operation... • http://rhn.redhat.com/errata/RHSA-2015-1525.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0032 – CLI: world-writable root directory
https://notcve.org/view.php?id=CVE-2012-0032
01 Apr 2014 — Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials. Red Hat JBoss Operations Network (JON) anterior a 3.0.1 utiliza permisos 0777 para el directorio root cuando instala un cliente remoto, lo que permite a usuarios locales leer o modificar subdirectorios y archivos dentro del directorio root, ... • http://rhn.redhat.com/errata/RHSA-2012-0406.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0052 – JON: Unapproved agents can connect using the name of an existing approved agent
https://notcve.org/view.php?id=CVE-2012-0052
14 Feb 2014 — Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name. Red Hat JBoss Operations Network (JON) anterior a 2.4.2 y 3.0.x anterior a 3.0.1 no comprueba la clave del agente JON, lo que permite a atacantes remotos falsificar la identidad de agentes arbitrarios a través del nombre del agente registrado. • http://rhn.redhat.com/errata/RHSA-2012-0089.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0062 – JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token
https://notcve.org/view.php?id=CVE-2012-0062
14 Feb 2014 — Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. Red Hat JBoss Operations Network (JON) anterior a 2.4.2 y 3.0.x anterior a 3.0.1 permite a atacantes remotos secuestrar sesiones de agente a través de una solicitud de registro de agente sin un token de seguridad. • http://rhn.redhat.com/errata/RHSA-2012-0089.html • CWE-287: Improper Authentication •