RHSA-2018:2669HighCVSS 8.1

Red Hat Security Advisory: Fuse 7.1 security update

Published
September 11, 2018
Last Modified
June 27, 2026

🔗 CVE IDs covered (23)

📋 Description

CVE-2014-0114 — 1: Class Loader manipulation via request parameters CVE-2016-5397 — thrift: Improper file path sanitization in t_go_generator.cc:format_go_output() of the go client library can allow an attacker to inject commands CVE-2016-1000338 — bouncycastle: DSA does not fully validate ASN.1 encoding during signature verification allowing for injection of unsigned data CVE-2016-1000339 — bouncycastle: Information leak in AESFastEngine class CVE-2016-1000340 — bouncycastle: Carry propagation bug in math.raw.Nat??? class CVE-2016-1000341 — bouncycastle: Information exposure in DSA signature generation via timing attack CVE-2016-1000342 — bouncycastle: ECDSA improper validation of ASN.1 encoding of signature CVE-2016-1000343 — bouncycastle: DSA key pair generator generates a weak private key by default CVE-2016-1000344 — bouncycastle: DHIES implementation allowed the use of ECB mode CVE-2016-1000345 — bouncycastle: DHIES/ECIES CBC modes are vulnerable to padding oracle attack CVE-2016-1000346 — bouncycastle: Other party DH public keys are not fully validated CVE-2016-1000352 — bouncycastle: ECIES implementation allowed the use of ECB mode CVE-2017-14063 — async-http-client: Invalid URL parsing with '?' CVE-2018-1114 — undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service CVE-2018-1271 — spring-framework: Directory traversal vulnerability with static resources on Windows filesystems CVE-2018-1272 — spring-framework: Multipart content pollution CVE-2018-1338 — tika: Infinite loop in BPGParser can allow remote attacker to cause a denial of service CVE-2018-1339 — tika: Infinite loop in ChmParser can allow remote attacker to cause a denial of service CVE-2018-8036 — pdfbox: Infinite loop in AFMParser.java allows for out of memory erros via crafted PDF CVE-2018-8088 — slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution CVE-2018-1000129 — jolokia: Cross site scripting in the HTTP servlet CVE-2018-1000130 — jolokia: JMX proxy mode vulnerable to remote code execution CVE-2018-1000180 — bouncycastle: flaw in the low-level interface to RSA key pair generator

🔗 References (29)