Red hat jboss brms
This hub aggregates every CVE we track for Red hat jboss brms, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
15
CVEs tracked
0
Critical
6
High
0
In CISA KEV
Severity distribution
MEDIUM9HIGH6
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat jboss brms.
- CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5
- CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5
- CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3
- CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1
- CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4
- CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3
- CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack5.8
- CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2021-20190A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidenti...8.1
- CVE-2020-35491FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.8.1
- CVE-2020-1695A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header...7.5
- CVE-2017-5637Two four letter word commands "wchp/wchc" are CPU intensive and could cause spike of CPU utilization on Apache ZooKeeper server if abused, which leads to the server unable to serve legitimate clien...7.5
Product normalization is registry-driven with AI assist and human review. How it works