exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2020-14338

Status Candidate

Overview

A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3.

Related Files

Red Hat Security Advisory 2021-0603-01
Posted Feb 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0603-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.10.0 serves as an update to Red Hat Decision Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
systems | linux, redhat
advisories | CVE-2020-13956, CVE-2020-14338, CVE-2020-25638, CVE-2020-9488
MD5 | 3cb851da470a8ccb90168f60e59028e9
Red Hat Security Advisory 2021-0600-01
Posted Feb 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-0600-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.10.0 serves as an update to Red Hat Process Automation Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
systems | linux, redhat
advisories | CVE-2020-14338, CVE-2020-25638
MD5 | 159710b357810a7aafdf1766517a14d5
Red Hat Security Advisory 2020-5361-01
Posted Dec 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-5361-01 - This release of Red Hat build of Thorntail 2.7.2 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include XML injection, bypass, denial of service, and remote SQL injection vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, sql injection
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-25638, CVE-2020-25649
MD5 | 18127811ab5157ce8edc1fde98458362
Red Hat Security Advisory 2020-4931-01
Posted Nov 5, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4931-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.3 serves as a replacement for Red Hat Single Sign-On 7.4.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, web, denial of service, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-10776, CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-14389, CVE-2020-1954
MD5 | c8d96572a1451b71d5219cd6f0a6e0d2
Red Hat Security Advisory 2020-4246-01
Posted Oct 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4246-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-1954
MD5 | c29e8a19bf61eb5256912f2ffd6b1d17
Red Hat Security Advisory 2020-4247-01
Posted Oct 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4247-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-1954
MD5 | 9f5fe1cbc34931ad8a93c209056242dc
Red Hat Security Advisory 2020-4244-01
Posted Oct 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4244-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-1954
MD5 | 3e65f53ef7688e0da75381cc0f59f65f
Red Hat Security Advisory 2020-4245-01
Posted Oct 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-4245-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.3 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.2 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.3 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include bypass, denial of service, and man-in-the-middle vulnerabilities.

tags | advisory, java, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2020-14299, CVE-2020-14338, CVE-2020-14340, CVE-2020-1954
MD5 | 17ae504d69369fdb5978c2f3297f98ef
Page 1 of 1
Back1Next

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close