Redhat Integration_camel_k
20 CVEs affecting Redhat Integration_camel_k. Latest disclosed: 2024-08-21. Critical: 0, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4853 | High | 8.1 | 2023-09-20 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in inco… |
CVE-2024-7885 | High | 7.5 | 2024-08-21 | A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs wh… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2022-4244 | High | 7.5 | 2023-09-25 | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the inte… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2022-4492 | High | 7.5 | 2023-02-23 | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should… |
CVE-2022-1278 | High | 7.5 | 2022-09-13 | A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. |
CVE-2022-1259 | High | 7.5 | 2022-08-31 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the s… |
CVE-2022-0084 | High | 7.5 | 2022-08-26 | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw… |
CVE-2021-3690 | High | 7.5 | 2022-08-23 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denia… |
CVE-2022-2053 | High | 7.5 | 2022-08-05 | When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2020-14326 | High | 7.5 | 2021-06-02 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CP… |
CVE-2021-20218 | High | 7.4 | 2021-03-16 | A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric… |
CVE-2021-4178 | Medium | 6.7 | 2022-08-24 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML par… |
CVE-2021-3642 | Medium | 5.3 | 2021-08-05 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to… |
CVE-2022-2764 | Medium | 4.9 | 2022-09-01 | A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. |
CVE-2021-3536 | Medium | 4.8 | 2021-05-20 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in… |
CVE-2022-4245 | Medium | 4.3 | 2023-09-25 | A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue mean… |
CVE-2022-41862 | Low | 3.7 | 2023-03-03 | In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditi… |