Lucene search
K
RedhatIntegration Service Registry

7 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5301 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2023/09/14 2:48 p.m.2759 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.2041 views

CVE-2022-41862

CVE-2022-41862 affects PostgreSQL libpq/client memory disclosure when connecting with Kerberos to a modified server. Connected documents confirm impact across multiple package tracks (libpq for AL2/Linux distros and PostgreSQL server/client suites for various versions, including 12.x–15.x), with ...

3.7CVSS4.6AI score0.00616EPSS
CVE
CVE
added 2021/05/20 12:15 p.m.276 views

CVE-2021-3536

CVE-2021-3536 concerns WildFly/JBoss EAP domain-mode admin console vulnerability allowing XSS via the name field when creating roles, affecting Confidentiality and Integrity. Affected software is WildFly (prior to 23.0.2.Final). The issue arises in the domain mode role-creation flow and can be tr...

4.8CVSS5AI score0.00528EPSS
CVE
CVE
added 2023/09/20 9:47 a.m.230 views

CVE-2023-4853

CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...

8.1CVSS7.6AI score0.01215EPSS
CVE
CVE
added 2023/02/23 12:0 a.m.207 views

CVE-2022-4492

CVE-2022-4492 is linked to Undertow: the undertow client does not verify the server identity presented by the server certificate in HTTPS connections, a TLS-level check that should be performed by default. This can enable weaknesses in TLS client verification and potential MITM scenarios. Connect...

7.5CVSS7.3AI score0.00596EPSS
CVE
CVE
added 2022/09/13 1:38 p.m.152 views

CVE-2022-1278

Summary: CVE-2022-1278 affects WildFly and relates to information disclosure via the trace payload, allowing an attacker to view deployment names, endpoints, and other data contained in traces. What is affected: WildFly stack (as referenced across CVE listings and Red Hat advisories) with exposur...

7.5CVSS7.3AI score0.00722EPSS