Filtered by vendor Redhat
Subscriptions
Filtered by product Openshift Application Runtimes
Subscriptions
Total
214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3690 | 1 Redhat | 13 Camel Quarkus, Enterprise Linux, Fuse and 10 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | ||||
| CVE-2021-3642 | 2 Quarkus, Redhat | 18 Quarkus, Build Of Quarkus, Camel Quarkus and 15 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. | ||||
| CVE-2021-3629 | 2 Netapp, Redhat | 14 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 11 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | ||||
| CVE-2021-3597 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Oncommand Insight, Oncommand Workflow Automation and 9 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. | ||||
| CVE-2021-38153 | 4 Apache, Oracle, Quarkus and 1 more | 15 Kafka, Communications Brm - Elastic Charging Engine, Communications Cloud Native Core Policy and 12 more | 2024-11-21 | 5.9 Medium |
| Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0. | ||||
| CVE-2021-37714 | 5 Jsoup, Netapp, Oracle and 2 more | 24 Jsoup, Management Services For Element Software And Netapp Hci, Banking Trade Finance and 21 more | 2024-11-21 | 7.5 High |
| jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. | ||||
| CVE-2021-37137 | 6 Debian, Netapp, Netty and 3 more | 23 Debian Linux, Oncommand Insight, Netty and 20 more | 2024-11-21 | 7.5 High |
| The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk. | ||||
| CVE-2021-37136 | 6 Debian, Netapp, Netty and 3 more | 30 Debian Linux, Oncommand Insight, Netty and 27 more | 2024-11-21 | 7.5 High |
| The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | ||||
| CVE-2021-33037 | 5 Apache, Debian, Mcafee and 2 more | 25 Tomcat, Tomee, Debian Linux and 22 more | 2024-11-21 | 5.3 Medium |
| Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. | ||||
| CVE-2021-30640 | 4 Apache, Debian, Oracle and 1 more | 10 Tomcat, Debian Linux, Communications Cloud Native Core Policy and 7 more | 2024-11-21 | 6.5 Medium |
| A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65. | ||||
| CVE-2021-2471 | 3 Oracle, Quarkus, Redhat | 11 Communications Cloud Native Core Console, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 8 more | 2024-11-21 | 5.9 Medium |
| Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H). | ||||
| CVE-2021-29425 | 5 Apache, Debian, Netapp and 2 more | 69 Commons Io, Debian Linux, Active Iq Unified Manager and 66 more | 2024-11-21 | 4.8 Medium |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | ||||
| CVE-2021-28170 | 4 Eclipse, Oracle, Quarkus and 1 more | 11 Jakarta Expression Language, Communications Cloud Native Core Policy, Weblogic Server and 8 more | 2024-11-21 | 5.3 Medium |
| In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | ||||
| CVE-2021-26291 | 4 Apache, Oracle, Quarkus and 1 more | 9 Maven, Financial Services Analytical Applications Infrastructure, Goldengate Big Data And Application Adapters and 6 more | 2024-11-21 | 9.1 Critical |
| Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. Maven is changing the default behavior in 3.8.1+ to no longer follow http (non-SSL) repository references by default. More details available in the referenced urls. If you are currently using a repository manager to govern the repositories used by your builds, you are unaffected by the risks present in the legacy behavior, and are unaffected by this vulnerability and change to default behavior. See this link for more information about repository management: https://maven.apache.org/repository-management.html | ||||
| CVE-2021-25329 | 4 Apache, Debian, Oracle and 1 more | 15 Tomcat, Debian Linux, Agile Plm and 12 more | 2024-11-21 | 7.0 High |
| The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue. | ||||
| CVE-2021-25122 | 4 Apache, Debian, Oracle and 1 more | 15 Tomcat, Debian Linux, Agile Plm and 12 more | 2024-11-21 | 7.5 High |
| When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. | ||||
| CVE-2021-24122 | 4 Apache, Debian, Oracle and 1 more | 6 Tomcat, Debian Linux, Agile Plm and 3 more | 2024-11-21 | 5.9 Medium |
| When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. | ||||
| CVE-2021-22569 | 3 Google, Oracle, Redhat | 14 Google-protobuf, Protobuf-java, Protobuf-kotlin and 11 more | 2024-11-21 | 7.5 High |
| An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. | ||||
| CVE-2021-21409 | 6 Debian, Netapp, Netty and 3 more | 29 Debian Linux, Oncommand Api Services, Oncommand Workflow Automation and 26 more | 2024-11-21 | 5.9 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final. | ||||
| CVE-2021-21295 | 7 Apache, Debian, Netapp and 4 more | 19 Kudu, Zookeeper, Debian Linux and 16 more | 2024-11-21 | 5.9 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. | ||||