Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Application Runtimes
Subscriptions
Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41881 | 3 Debian, Netty, Redhat | 13 Debian Linux, Netty, Camel Quarkus and 10 more | 2024-08-03 | 5.3 Medium |
| Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder. | ||||
| CVE-2022-38749 | 3 Debian, Redhat, Snakeyaml Project | 11 Debian Linux, Amq Broker, Amq Clients and 8 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
| CVE-2022-38751 | 3 Debian, Redhat, Snakeyaml Project | 9 Debian Linux, Amq Broker, Camel Spring Boot and 6 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | ||||
| CVE-2022-38752 | 2 Redhat, Snakeyaml Project | 9 Amq Streams, Camel Spring Boot, Jboss Data Grid and 6 more | 2024-08-03 | 6.5 Medium |
| Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-08-03 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-31684 | 2 Pivotal, Redhat | 3 Reactor Netty, Camel Spring Boot, Openshift Application Runtimes | 2024-08-03 | 4.3 Medium |
| Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. | ||||
| CVE-2022-23181 | 4 Apache, Debian, Oracle and 1 more | 10 Tomcat, Debian Linux, Agile Engineering Data Management and 7 more | 2024-08-03 | 7.0 High |
| The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | ||||
| CVE-2022-22950 | 2 Redhat, Vmware | 5 Jboss Enterprise Bpms Platform, Jboss Fuse, Openshift Application Runtimes and 2 more | 2024-08-03 | 6.5 Medium |
| n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | ||||
| CVE-2022-1319 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2024-08-03 | 7.5 High |
| A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | ||||
| CVE-2022-1259 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-08-02 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2023-20860 | 2 Redhat, Vmware | 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more | 2024-08-02 | 7.5 High |
| Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | ||||
| CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2024-08-02 | 6.5 Medium |
| In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
| CVE-2023-3223 | 1 Redhat | 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more | 2024-08-02 | 7.5 High |
| A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | ||||
| CVE-2023-1108 | 2 Netapp, Redhat | 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more | 2024-08-02 | 7.5 High |
| A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | ||||