Vulnerabilities > Redhat > Openshift Application Runtimes > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-24 CVE-2021-4178 Deserialization of Untrusted Data vulnerability in Redhat products
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above.
local
low complexity
redhat CWE-502
6.7
2022-05-24 CVE-2021-3597 Race Condition vulnerability in multiple products
A flaw was found in undertow.
network
high complexity
redhat netapp CWE-362
5.9
2021-05-27 CVE-2020-10688 Cross-site Scripting vulnerability in Redhat products
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.
network
redhat CWE-79
4.3
2021-02-11 CVE-2020-1717 Information Exposure Through an Error Message vulnerability in Redhat products
A flaw was found in Keycloak 7.0.1.
network
low complexity
redhat CWE-209
4.0
2020-11-02 CVE-2020-25689 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp CWE-401
6.5
2020-10-16 CVE-2020-14299 Improper Authentication vulnerability in Redhat products
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode.
network
redhat CWE-287
6.3
2020-09-16 CVE-2020-10758 Allocation of Resources Without Limits or Throttling vulnerability in Redhat Keycloak
A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.
network
low complexity
redhat CWE-770
5.0
2020-09-16 CVE-2020-1710 Unspecified vulnerability in Redhat products
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
network
low complexity
redhat
5.0
2020-07-24 CVE-2020-14307 Improper Resource Shutdown or Release vulnerability in Redhat products
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server.
network
low complexity
redhat CWE-404
6.5
2020-07-24 CVE-2020-14297 Resource Exhaustion vulnerability in Redhat products
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable.
network
low complexity
redhat CWE-400
6.5