Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Application Runtimes
Subscriptions
Total
213 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-08-03 | 7.5 High |
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
CVE-2022-31684 | 2 Pivotal, Redhat | 3 Reactor Netty, Camel Spring Boot, Openshift Application Runtimes | 2024-08-03 | 4.3 Medium |
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. | ||||
CVE-2022-23181 | 4 Apache, Debian, Oracle and 1 more | 10 Tomcat, Debian Linux, Agile Engineering Data Management and 7 more | 2024-08-03 | 7.0 High |
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | ||||
CVE-2022-22950 | 2 Redhat, Vmware | 5 Jboss Enterprise Bpms Platform, Jboss Fuse, Openshift Application Runtimes and 2 more | 2024-08-03 | 6.5 Medium |
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | ||||
CVE-2022-4245 | 2 Codehaus-plexus Project, Redhat | 23 Codehaus-plexus, A Mq Clients, Amq Broker and 20 more | 2024-08-03 | 4.3 Medium |
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | ||||
CVE-2022-4244 | 2 Codehaus-plexus Project, Redhat | 23 Codehaus-plexus, A Mq Clients, Amq Broker and 20 more | 2024-08-03 | 7.5 High |
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | ||||
CVE-2022-1319 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2024-08-03 | 7.5 High |
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | ||||
CVE-2022-1259 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-08-02 | 7.5 High |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
CVE-2023-33008 | 2 Apache, Redhat | 4 Johnzon, Amq Broker, Camel Spring Boot and 1 more | 2024-08-02 | 5.3 Medium |
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. A malicious attacker can craft up some JSON input that uses large numbers (numbers such asĀ 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. This issue affects Apache Johnzon: through 1.2.20. | ||||
CVE-2023-20860 | 2 Redhat, Vmware | 9 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 6 more | 2024-08-02 | 7.5 High |
Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | ||||
CVE-2023-20861 | 2 Redhat, Vmware | 8 Amq Broker, Camel Spring Boot, Jboss Enterprise Bpms Platform and 5 more | 2024-08-02 | 6.5 Medium |
In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | ||||
CVE-2023-3223 | 1 Redhat | 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more | 2024-08-02 | 7.5 High |
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | ||||
CVE-2023-1108 | 2 Netapp, Redhat | 28 Oncommand Workflow Automation, Build Of Quarkus, Camel Quarkus and 25 more | 2024-08-02 | 7.5 High |
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. |