Redhat Openshift_application_runtimes
33 CVEs affecting Redhat Openshift_application_runtimes. Latest disclosed: 2023-09-14. Critical: 3, High: 14.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-10212 | Critical | 9.8 | 2019-10-02 | A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the… |
CVE-2019-3888 | Critical | 9.8 | 2019-06-12 | A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeR… |
CVE-2019-14887 | Critical | 9.1 | 2020-03-16 | A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker… |
CVE-2020-1714 | High | 8.8 | 2020-05-13 | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker… |
CVE-2019-10174 | High | 8.8 | 2019-11-25 | A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke priva… |
CVE-2020-1757 | High | 8.1 | 2020-04-21 | A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2022-1319 | High | 7.5 | 2022-08-31 | A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though… |
CVE-2022-1259 | High | 7.5 | 2022-08-31 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the s… |
CVE-2021-3690 | High | 7.5 | 2022-08-23 | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denia… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2020-27782 | High | 7.5 | 2021-02-23 | A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-… |
CVE-2020-25644 | High | 7.5 | 2020-10-06 | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM lead… |
CVE-2020-10758 | High | 7.5 | 2020-09-16 | A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, al… |
CVE-2020-10705 | High | 7.5 | 2020-06-10 | A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memor… |
CVE-2019-10184 | High | 7.5 | 2019-07-25 | undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests withou… |
CVE-2020-1718 | High | 7.1 | 2020-05-12 | A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the applicatio… |
CVE-2021-4178 | Medium | 6.7 | 2022-08-24 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML par… |
CVE-2020-14299 | Medium | 6.5 | 2020-10-16 | A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain… |
CVE-2020-14307 | Medium | 6.5 | 2020-07-24 | A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed fr… |