Vulnerabilities > Redhat > Jboss Fuse

DATE CVE VULNERABILITY TITLE RISK
2021-02-11 CVE-2020-1717 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
2.7
2021-02-11 CVE-2020-10734 Unspecified vulnerability in Redhat products
A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF protection.
local
low complexity
redhat
3.3
2020-11-02 CVE-2020-25689 A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp
6.5
2020-10-06 CVE-2020-25644 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session.
network
low complexity
redhat netapp CWE-401
7.5
2020-09-23 CVE-2020-10714 A flaw was found in WildFly Elytron version 1.11.3.Final and before.
network
high complexity
redhat netapp
7.5
2020-09-16 CVE-2020-10718 Unspecified vulnerability in Redhat Jboss Fuse and Wildfly
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL).
network
low complexity
redhat
7.5
2020-07-24 CVE-2020-14307 Unspecified vulnerability in Redhat products
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server.
network
low complexity
redhat
6.5
2020-07-24 CVE-2020-14297 Unspecified vulnerability in Redhat products
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable.
network
low complexity
redhat
6.5
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
2020-05-12 CVE-2020-1718 Improper Authentication vulnerability in Redhat Keycloak
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0.
network
low complexity
redhat CWE-287
8.8