CVE-2024-7885

all versions

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple r

7.5HIGH

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2022-4245

< 1.10.1

A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a

4.3MEDIUM

CVE-2022-4244

< 1.10.1

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and direct

7.5HIGH

CVE-2023-4853

< 1.10.2

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when acceptin

8.1HIGH

CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2022-41862

all versions

In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport e

3.7LOW

CVE-2022-4492

all versions

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compul

7.5HIGH

CVE-2022-1278

all versions

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may conta

7.5HIGH

CVE-2022-2764

all versions

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invoca

4.9MEDIUM

CVE-2022-1259

all versions

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or

7.5HIGH

CVE-2022-0084

all versions

A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to ano

7.5HIGH

CVE-2021-4178

all versions

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an i

6.7MEDIUM

CVE-2021-3690

all versions

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows

7.5HIGH

CVE-2022-2053

all versions

When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequest

7.5HIGH

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-3642

all versions

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where Scra

5.3MEDIUM

CVE-2020-14326

all versions

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to s

7.5HIGH

CVE-2021-3536

all versions

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is

4.8MEDIUM

CVE-2021-20218

all versions

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause

7.4HIGH