Vulnerabilities > Redhat > Single Sign ON > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2023-6841 | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A denial of service vulnerability was found in keycloak where the amount of attributes per object is not limited,an attacker by sending repeated HTTP requests could cause a resource exhaustion when the application send back rows with long attribute values. | 7.5 |
| 2024-09-09 | CVE-2024-7341 | Session Fixation vulnerability in Redhat Keycloak A session fixation issue was discovered in the SAML adapters provided by Keycloak. | 7.1 |
| 2024-08-21 | CVE-2024-7885 | Unspecified vulnerability in Redhat products A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. | 7.5 |
| 2024-01-26 | CVE-2023-6291 | Open Redirect vulnerability in Redhat products A flaw was found in the redirect_uri validation logic in Keycloak. | 7.1 |
| 2023-12-21 | CVE-2023-2585 | Unspecified vulnerability in Redhat products Keycloak's device authorization grant does not correctly validate the device code and client ID. | 8.1 |
| 2023-12-14 | CVE-2023-6563 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products An unconstrained memory consumption vulnerability was discovered in Keycloak. | 7.7 |
| 2023-12-12 | CVE-2023-5379 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-10-04 | CVE-2023-2422 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 7.1 |
| 2023-09-27 | CVE-2023-3223 | Unspecified vulnerability in Redhat products A flaw was found in undertow. | 7.5 |