Vulnerabilities > Redhat > Jboss Fuse > 7.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |
| 2020-10-06 | CVE-2020-25644 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. | 7.5 |
| 2020-09-23 | CVE-2020-10714 | Session Fixation vulnerability in multiple products A flaw was found in WildFly Elytron version 1.11.3.Final and before. | 7.5 |
| 2020-09-16 | CVE-2020-10718 | Unspecified vulnerability in Redhat Jboss Fuse and Wildfly A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). | 5.0 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 6.5 |
| 2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
| 2020-04-21 | CVE-2020-1757 | Improper Input Validation vulnerability in Redhat products A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | 5.5 |
| 2020-03-16 | CVE-2019-14887 | Unspecified vulnerability in Redhat products A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. | 6.4 |
| 2020-03-02 | CVE-2019-14892 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
| 2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 5.0 |