Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Openshift_application_runtimes
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 32 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-24 | CVE-2020-14307 | A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unavailable. | Amq, Jboss_enterprise_application_platform_continuous_delivery, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On | 6.5 | ||
| 2020-11-02 | CVE-2020-25689 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. | Active_iq_unified_manager, Oncommand_insight, Service_level_manager, Fuse, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On, Wildfly | 6.5 | ||
| 2022-05-24 | CVE-2021-3597 | A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | Active_iq_unified_manager, Oncommand_insight, Oncommand_workflow_automation, Fuse, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow | 5.9 | ||
| 2022-08-31 | CVE-2022-1259 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Build_of_quarkus, Integration_camel_k, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow | 7.5 | ||
| 2022-08-31 | CVE-2022-1319 | A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Openshift_application_runtimes, Single_sign\-On, Undertow | 7.5 | ||
| 2022-08-24 | CVE-2021-4178 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. | A\-Mq_streams, Build_of_quarkus, Descision_manager, Fabric8\-Kubernetes, Fuse, Integration_camel_k, Integration_camel_quarkus, Openshift_application_runtimes, Process_automation | 6.7 | ||
| 2022-08-25 | CVE-2021-3914 | It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. | Build_of_quarkus, Openshift_application_runtimes, Smallrye_health | 6.1 | ||
| 2021-05-27 | CVE-2020-10688 | A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | Fuse, Jboss_enterprise_application_platform, Openshift_application_runtimes, Resteasy | 6.1 | ||
| 2020-06-10 | CVE-2020-10705 | A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service. | Oncommand_insight, Jboss_enterprise_application_platform, Openshift_application_runtimes, Undertow | 7.5 | ||
| 2019-06-12 | CVE-2019-3888 | A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) | Active_iq_unified_manager, Jboss_data_grid, Openshift_application_runtimes, Undertow, Virtualization, Virtualization_host | 9.8 |