Vulnerabilities > Redhat > Jboss Fuse > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-01 CVE-2022-2764 A flaw was found in Undertow.
network
low complexity
redhat netapp
4.9
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat quarkus
5.3
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
2020-11-02 CVE-2020-25689 A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp
6.5
2020-07-24 CVE-2020-14307 Unspecified vulnerability in Redhat products
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server.
network
low complexity
redhat
6.5
2020-07-24 CVE-2020-14297 Unspecified vulnerability in Redhat products
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable.
network
low complexity
redhat
6.5
2020-01-08 CVE-2019-14820 Unspecified vulnerability in Redhat products
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL.
network
low complexity
redhat
4.3
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2018-08-01 CVE-2016-8653 Unspecified vulnerability in Redhat Jboss A-Mq and Jboss Fuse
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it.
network
low complexity
redhat
5.3
2018-04-18 CVE-2017-12196 Incorrect Authorization vulnerability in Redhat products
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line.
network
high complexity
redhat CWE-863
5.9