Jboss Aerogear

jboss_aerogear

Vendor: Redhat • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-3650 1Redhat 1Jboss Aerogear Nov 21, 2024 Jul 1, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted inpu...Show more Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.Show less
CVE-2014-3648 1Redhat 1Jboss Aerogear Nov 21, 2024 Jul 1, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceToke...Show more The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on.Show less
CVE-2014-3649 1Redhat 1Jboss Aerogear Nov 21, 2024 Nov 4, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JBoss AeroGear has reflected XSS via the password field