Filtered by vendor Redhat
Subscriptions
Filtered by product Red Hat Single Sign On
Subscriptions
Total
203 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21295 | 7 Apache, Debian, Netapp and 4 more | 19 Kudu, Zookeeper, Debian Linux and 16 more | 2024-11-21 | 5.9 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`. | ||||
| CVE-2021-21290 | 6 Debian, Netapp, Netty and 3 more | 27 Debian Linux, Active Iq Unified Manager, Cloud Secure Agent and 24 more | 2024-11-21 | 6.2 Medium |
| Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. | ||||
| CVE-2021-20323 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-11-21 | 6.1 Medium |
| A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak. | ||||
| CVE-2021-20289 | 4 Netapp, Oracle, Quarkus and 1 more | 12 Oncommand Insight, Communications Cloud Native Core Console, Quarkus and 9 more | 2024-11-21 | 5.3 Medium |
| A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-20250 | 1 Redhat | 5 Jboss-ejb-client, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 2 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2021-20220 | 2 Netapp, Redhat | 6 Active Iq Unified Manager, Oncommand Workflow Automation, Jboss Enterprise Application Platform and 3 more | 2024-11-21 | 4.8 Medium |
| A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2021-0341 | 2 Google, Redhat | 7 Android, Amq Streams, Jboss Data Grid and 4 more | 2024-11-21 | 7.5 High |
| In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2024-11-21 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-7676 | 2 Angularjs, Redhat | 5 Angular.js, Amq Broker, Ansible Tower and 2 more | 2024-11-21 | 5.4 Medium |
| angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code. | ||||
| CVE-2020-36518 | 5 Debian, Fasterxml, Netapp and 2 more | 48 Debian Linux, Jackson-databind, Active Iq Unified Manager and 45 more | 2024-11-21 | 7.5 High |
| jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | ||||
| CVE-2020-35510 | 1 Redhat | 5 Jboss-remoting, Jboss Enterprise Application Platform, Jboss Fuse and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redhat-00001. A malicious attacker could cause threads to hold up forever in the EJB server by writing a sequence of bytes corresponding to the expected messages of a successful EJB client request, but omitting the ACK messages, or just tamper with jboss-remoting code, deleting the lines that send the ACK message from the EJB client code resulting in a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-35509 | 1 Redhat | 2 Keycloak, Red Hat Single Sign On | 2024-11-21 | 5.4 Medium |
| A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2020-28491 | 4 Fasterxml, Oracle, Quarkus and 1 more | 11 Jackson-dataformats-binary, Weblogic Server, Quarkus and 8 more | 2024-11-21 | 7.5 High |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | ||||
| CVE-2020-28052 | 4 Apache, Bouncycastle, Oracle and 1 more | 26 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 23 more | 2024-11-21 | 8.1 High |
| An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | ||||
| CVE-2020-27826 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 4.2 Medium |
| A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user's metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application. | ||||
| CVE-2020-27822 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jbosseapxp, Openshift Application Runtimes and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-27782 | 1 Redhat | 7 Camel Quarkus, Integration, Jboss Enterprise Application Platform and 4 more | 2024-11-21 | 7.5 High |
| A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This affects Undertow 2.1.5.SP1, 2.0.33.SP2, and 2.2.3.SP1. | ||||
| CVE-2020-25689 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Oncommand Insight, Service Level Manager and 8 more | 2024-11-21 | 5.3 Medium |
| A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-25649 | 7 Apache, Fasterxml, Fedoraproject and 4 more | 50 Iotdb, Jackson-databind, Fedora and 47 more | 2024-11-21 | 7.5 High |
| A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | ||||
| CVE-2020-25640 | 1 Redhat | 5 Jboss Enterprise Application Platform, Jboss Fuse, Openshift Application Runtimes and 2 more | 2024-11-21 | 5.3 Medium |
| A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | ||||