cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12397,https://securityvulnerability.io/vulnerability/CVE-2024-12397,Cookies vulnerability could lead to unauthorized data access or modification,"A vulnerability in Quarkus-HTTP has been identified, where improper parsing of cookies occurs due to certain value-delimiting characters in HTTP requests. This issue enables attackers to create specially crafted cookie values that could facilitate the exfiltration of HttpOnly cookie values or allow the spoofing of arbitrary additional cookie values. These actions may lead to unauthorized access or alterations of sensitive data, significantly affecting the confidentiality and integrity of the data being handled.",Red Hat,"Cryostat 3,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.000910000002477318,false,false,false,false,,false,false,2024-12-12T09:05:28.451Z,0
CVE-2024-9621,https://securityvulnerability.io/vulnerability/CVE-2024-9621,Quarkus CXF Vulnerability: Hidden Passwords and Secrets at Risk,"A security issue exists in Quarkus CXF where sensitive information like passwords can be inadvertently logged, despite user configurations intended to keep these details hidden. This vulnerability requires specific configurations to be exposed, including the enablement of SOAP logging, along with the presence of user-set client and endpoint logging properties. Attackers with access to the application logs can exploit this flaw for unauthorized data access, highlighting the importance of stringent logging practices in application security.",Red Hat,Red Hat Build Of Apache Camel 4.4 For Quarkus 3.8,5.3,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-10-08T16:26:09.155Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,false,false,false,,false,false,2024-08-21T14:13:36.579Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T21:21:20.899Z,0
CVE-2024-5971,https://securityvulnerability.io/vulnerability/CVE-2024-5971,Undertow Vulnerability Leads to Denial of Service Attack,"A vulnerability exists in Undertow that can lead to a denial of service scenario. This occurs when chunked responses hang after the body is flushed. Although the response headers and body are sent successfully, the client continues to wait for the termination of the chunked response, which does not occur as expected. This behavior is particularly problematic in Java 17 environments utilizing TLSv1.3, as it results in uncontrolled resource consumption on the server side, potentially leaving it vulnerable to service disruption.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-07-08T20:51:29.223Z,0
CVE-2024-2700,https://securityvulnerability.io/vulnerability/CVE-2024-2700,Quarkus-core: leak of local configuration properties into quarkus applications,"A vulnerability exists in the Quarkus core component, where local environment variables prefixed by 'quarkus.*' can be inadvertently inherited by the application during its build process. This occurs when developers or CI environments utilize such variables for testing purposes, like database modifications or TLS certificate trust settings. If these properties are not explicitly overridden in the application code, their presence in the built application can lead to risky behaviors, potentially exposing the application to unintended effects or vulnerabilities. It's important to note that this behavior is limited to the 'quarkus.*' namespace, and application-specific properties remain unaffected.",Red Hat,"Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apicurio Registry 2.6.1 Ga,Red Hat Build Of Quarkus 3.2.12.final,Red Hat Build Of Quarkus 3.8.4.Red Hat,Rhoss-1.33-rhel-8,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus",7,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-04-04T14:15:00.000Z,0
CVE-2024-1300,https://securityvulnerability.io/vulnerability/CVE-2024-1300,Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error,"A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Openshift Serverless,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",5.4,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-04-02T08:15:00.000Z,0
CVE-2024-1023,https://securityvulnerability.io/vulnerability/CVE-2024-1023,Memory Leak Vulnerability in Eclipse Vert.x Toolkit,"A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Migration Toolkit For Runtimes,Openshift Serverless,Red Hat AMQ Broker 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,false,false,false,,false,false,2024-03-27T07:51:15.716Z,0
CVE-2024-1635,https://securityvulnerability.io/vulnerability/CVE-2024-1635,Undertow Vulnerability Impacts Wildfly-HTTP-Client Server,"A vulnerability has been identified within Undertow that affects servers utilizing the WildFly HTTP Client protocol. The issue occurs when a malicious actor exploits the behavior of connection handling, causing the server to exhaust its memory and file descriptor limits. This situation arises when a connection is opened and immediately closed at the HTTP port, leading to leaked connections via the WriteTimeoutStreamSinkConduit. Notably, if the RemotingConnection is closed by the Remoting ServerConnectionOpenListener, the connection's outermost layer fails to notify the Undertow conduit of the closure. Consequently, this lack of notification allows the timeout task to continue leaking connections through the XNIO WorkerThread, resulting in a prolonged impact on the server's resource consumption. Organizations are urged to address this vulnerability promptly to safeguard against potential denial-of-service scenarios.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Streams For Apache Kafka",7.5,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2024-02-19T21:23:14.496Z,0
CVE-2022-4245,https://securityvulnerability.io/vulnerability/CVE-2022-4245,Codehaus-plexus: xml external entity (xxe) injection,A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.,Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",4.3,MEDIUM,0.0034099998883903027,false,false,false,false,,false,false,2023-09-25T19:20:57.329Z,0
CVE-2022-4244,https://securityvulnerability.io/vulnerability/CVE-2022-4244,Codehaus-plexus: directory traversal,"A directory traversal vulnerability exists within the Codeplex-Codehaus product, enabling attackers to exploit the flaw by using sequences such as 'dot-dot-slash (../)' or absolute file paths. This could allow unauthorized access to sensitive files and directories beyond the designated folder structure. Exploitation of this vulnerability can potentially expose critical resources, including application source code, configuration files, and other sensitive system files, posing significant risks to system security and integrity.",Red Hat,"Rhint Camel-k-1.10.1,RHPam 7.13.1 Async,A-MQ Clients 2,Red Hat A-MQ Online,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Integration Service Registry,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Web Server 3,Red Hat Jboss Web Server 5,Red Hat Openshift Application Runtimes,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Red Hat Software Collections,Red Hat Support For Spring Boot",7.5,HIGH,0.001120000029914081,false,false,false,false,,false,false,2023-09-25T19:20:04.703Z,0
CVE-2022-1415,https://securityvulnerability.io/vulnerability/CVE-2022-1415,Drools: unsafe data deserialization in streamutils,"A security flaw exists in Drools Core where certain utility classes fail to implement appropriate safety measures during data deserialization. This vulnerability permits an authenticated attacker to craft malicious serialized objects, often referred to as gadgets, which can then lead to unauthorized code execution on the server. Proper safeguards should be implemented to mitigate risks associated with this vulnerability.",Red Hat,"RHPam 7.13.1 Async,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Quarkus,Red Hat Decision Manager 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7",8.1,HIGH,0.0015200000489130616,false,false,false,false,,false,false,2023-09-11T20:20:23.745Z,0