Filtered by vendor Redhat
Subscriptions
Filtered by product Migration Toolkit Applications
Subscriptions
Total
64 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-1300 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Streams and 17 more | 2024-09-18 | 5.4 Medium |
A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error. | ||||
CVE-2024-1023 | 1 Redhat | 20 A Mq Clients, Amq Broker, Amq Streams and 17 more | 2024-09-18 | 6.5 Medium |
A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak. | ||||
CVE-2023-6717 | 1 Redhat | 15 Amq Broker, Build Keycloak, Jboss Data Grid and 12 more | 2024-09-18 | 6 Medium |
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. | ||||
CVE-2024-1249 | 1 Redhat | 15 Amq Broker, Amq Streams, Build Keycloak and 12 more | 2024-09-17 | 7.4 High |
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origin validation for incoming messages. | ||||
CVE-2024-1132 | 1 Redhat | 13 Amq Broker, Build Keycloak, Jboss Data Grid and 10 more | 2024-09-17 | 8.1 High |
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL. | ||||
CVE-2022-41854 | 3 Fedoraproject, Redhat, Snakeyaml Project | 13 Fedora, Amq Clients, Camel Spring Boot and 10 more | 2024-09-16 | 5.8 Medium |
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | ||||
CVE-2023-6291 | 1 Redhat | 18 Build Keycloak, Enterprise Linux, Jboss Data Grid and 15 more | 2024-09-16 | 7.1 High |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | ||||
CVE-2023-45857 | 2 Axios, Redhat | 6 Axios, Ansible Automation Platform, Container Native Virtualization and 3 more | 2024-09-04 | 6.5 Medium |
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information. | ||||
CVE-2023-26364 | 2 Adobe, Redhat | 3 Css-tools, Migration Toolkit Applications, Migration Toolkit Runtimes | 2024-08-29 | 5.3 Medium |
@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges. | ||||
CVE-2023-45286 | 2 Redhat, Resty Project | 3 Migration Toolkit Applications, Openshift Distributed Tracing, Resty | 2024-08-28 | 5.9 Medium |
A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request. The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body. | ||||
CVE-2024-29131 | 1 Redhat | 3 Amq Broker, Migration Toolkit Applications, Migration Toolkit Runtimes | 2024-08-28 | 7.3 High |
Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. | ||||
CVE-2023-45288 | 1 Redhat | 26 Acm, Advanced Cluster Security, Ansible Automation Platform and 23 more | 2024-08-26 | 7.5 High |
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection. | ||||
CVE-2023-44487 | 32 Akka, Amazon, Apache and 29 more | 364 Http Server, Opensearch Data Prepper, Apisix and 361 more | 2024-08-19 | 7.5 High |
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
CVE-2022-37601 | 3 Debian, Redhat, Webpack.js | 4 Debian Linux, Logging, Migration Toolkit Applications and 1 more | 2024-08-16 | 9.8 Critical |
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. | ||||
CVE-2020-36567 | 2 Gin-gonic, Redhat | 3 Gin, Migration Toolkit Applications, Rhmt | 2024-08-04 | 7.5 High |
Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. | ||||
CVE-2021-46877 | 2 Fasterxml, Redhat | 13 Jackson-databind, Amq Streams, Camel Spring Boot and 10 more | 2024-08-04 | 7.5 High |
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | ||||
CVE-2021-35065 | 2 Gulpjs, Redhat | 8 Glob-parent, Enterprise Linux, Logging and 5 more | 2024-08-04 | 7.5 High |
The glob-parent package before 6.0.1 for Node.js allows ReDoS (regular expression denial of service) attacks against the enclosure regular expression. | ||||
CVE-2022-46751 | 2 Apache, Redhat | 5 Ivy, Amq Streams, Camel Spring Boot and 2 more | 2024-08-03 | 8.2 High |
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide". | ||||
CVE-2022-46364 | 2 Apache, Redhat | 9 Cxf, Camel Spring Boot, Jboss Enterprise Application Platform and 6 more | 2024-08-03 | 9.8 Critical |
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. | ||||
CVE-2022-46175 | 3 Fedoraproject, Json5, Redhat | 9 Fedora, Json5, Logging and 6 more | 2024-08-03 | 7.1 High |
JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores `__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. |