7.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-10	CVE-2023-44487	Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco CWE-400	7.5
2023-02-23	CVE-2022-4492	Unspecified vulnerability in Redhat products The undertow client is not checking the server identity presented by the server certificate in https connections. network low complexity redhat	7.5
2022-09-01	CVE-2022-2764	A flaw was found in Undertow. network low complexity redhat netapp	4.9
2021-12-14	CVE-2021-4104	Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. network high complexity apache fedoraproject redhat oracle CWE-502	7.5
2021-08-05	CVE-2021-3642	Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. network redhat quarkus CWE-203	3.5
2021-06-02	CVE-2020-14340	A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. network redhat oracle	4.3
2021-03-16	CVE-2021-20218	Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. network redhat CWE-22	5.8
2021-02-23	CVE-2020-27782	Resource Exhaustion vulnerability in Redhat products A flaw was found in the Undertow AJP connector. network low complexity redhat CWE-400	7.8
2021-02-11	CVE-2020-1717	Information Exposure Through an Error Message vulnerability in Redhat products A flaw was found in Keycloak 7.0.1. network low complexity redhat CWE-209	4.0
2021-02-11	CVE-2020-10734	Cross-Site Request Forgery (CSRF) vulnerability in Redhat products A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection. local low complexity redhat CWE-352	2.1