Vulnerabilities > Redhat > Openshift Application Runtimes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1259 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1319 | Unchecked Return Value vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-24 | CVE-2021-4178 | Deserialization of Untrusted Data vulnerability in Redhat products A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. | 6.7 |
| 2022-08-23 | CVE-2021-3690 | Memory Leak vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
| 2022-05-24 | CVE-2021-3597 | Race Condition vulnerability in multiple products A flaw was found in undertow. | 5.9 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-08-05 | CVE-2021-3642 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. | 3.5 |
| 2021-05-27 | CVE-2020-10688 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 4.3 |
| 2021-02-23 | CVE-2020-27782 | Resource Exhaustion vulnerability in Redhat products A flaw was found in the Undertow AJP connector. | 7.8 |