Vulnerabilities > Redhat > Openshift Application Runtimes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1259 | A flaw was found in Undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1319 | A flaw was found in Undertow. | 7.5 |
| 2022-08-23 | CVE-2021-3690 | Memory Leak vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
| 2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
| 2021-02-23 | CVE-2020-27782 | Unspecified vulnerability in Redhat products A flaw was found in the Undertow AJP connector. | 7.5 |
| 2020-10-06 | CVE-2020-25644 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. | 7.5 |
| 2020-09-16 | CVE-2020-10758 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body. | 7.5 |
| 2020-06-10 | CVE-2020-10705 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. | 7.5 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 8.8 |