a-mq streams vulnerabilities and exploits

(subscribe to this query)

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated malicious user to access information outsi...

Red Hat Red Hat Amq Streams 2.2.1 Red Hat Red Hat Amq Streams 2.4.0 Squareup Okhttp Redhat A-mq Streams

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged malicious user to supply malicious YAML.

* Kubernetes-client Redhat Fabric8-kubernetes Redhat Fabric8-kubernetes 5.0.0 Redhat Fabric8-kubernetes 5.8.0 Redhat A-mq Streams 2.0.1 Redhat Build Of Quarkus 2.2.5 Redhat Descision Manager 7.0 Redhat Fuse 7.11 Redhat Integration Camel K -Redhat Integration Camel Quarkus 2.2.1 Redhat Openshift Application Runtimes -Redhat Process Automation 7.0

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allow...

Red Hat A-mq Clients 2 Red Hat Cryostat 2 Red Hat Red Hat Amq Broker 7 Red Hat Red Hat A-mq Online Red Hat Red Hat Bpm Suite 6 Red Hat Red Hat Codeready Studio 12 Red Hat Red Hat Data Grid 8 Red Hat Red Hat Decision Manager 7 Red Hat Red Hat Fuse 7 Red Hat Red Hat Jboss Brms 5 Red Hat Red Hat Jboss Data Grid 7 Red Hat Red Hat Jboss Data Virtualization 6

A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate r...

Red Hat Ceq 3.2 Red Hat Cryostat 2 On Rhel 8 Red Hat Mta-6.2-rhel-9 Red Hat Red Hat Amq Streams 2.7.0 Red Hat Red Hat Build Of Apache Camel 4.4.1 For Spring Boot Red Hat Red Hat Build Of Quarkus 3.2.11.final Red Hat Rhint Service Registry 2.5.11 Ga Red Hat A-mq Clients 2 Red Hat Migration Toolkit For Runtimes Red Hat Openshift Serverless Red Hat Red Hat Amq Broker 7 Red Hat Red Hat Build Of Apache Camel For Spring Boot 3

A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server ...

Red Hat Ceq 3.2 Red Hat Cryostat 2 On Rhel 8 Red Hat Migration Toolkit For Runtimes 1 On Rhel 8 Red Hat Mta-6.2-rhel-9 Red Hat Red Hat Amq Streams 2.7.0 Red Hat Red Hat Build Of Apache Camel 4.4.1 For Spring Boot Red Hat Red Hat Build Of Quarkus 3.2.11.final Red Hat Rhint Service Registry 2.5.11 Ga Red Hat A-mq Clients 2 Red Hat Openshift Serverless Red Hat Red Hat Amq Broker 7 Red Hat Red Hat Build Of Apache Camel For Spring Boot 3

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.

* Openshift Red Hat Openshift Serverless Red Hat Openshift Service Mesh 2.2.x Red Hat Openshift Service Mesh 2.3.x Red Hat Openshift Service Mesh 2.4 Red Hat Red Hat Advanced Cluster Management For Kubernetes 2 Red Hat Red Hat Jboss A-mq Streams Red Hat Red Hat Openshift Container Platform 3.11 Red Hat Red Hat Openshift Container Platform 4 Red Hat Red Hat Openshift Data Foundation 4 Red Hat Red Hat Openshift Sandboxed Containers Red Hat Red Hat Openshift Virtualization 4

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Ietf Http 2.0 Nghttp2 Nghttp2 Netty Netty Envoyproxy Envoy 1.24.10 Envoyproxy Envoy 1.25.9 Envoyproxy Envoy 1.26.4 Envoyproxy Envoy 1.27.0 Eclipse Jetty Caddyserver Caddy Golang Go Golang Http2 Golang Networking

39 Github repositories2 Articles

Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. ...

Apple Swiftnio Apache Traffic Server Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Synology Skynas -Synology Diskstation Manager 6.2 Synology Vs960hd Firmware -Fedoraproject Fedora 29 Fedoraproject Fedora 30

2 Articles

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer...

Apple Swiftnio Apache Traffic Server Debian Debian Linux 10.0 Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Debian Debian Linux 9.0 Synology Skynas -Synology Diskstation Manager 6.2 Synology Vs960hd Firmware -Fedoraproject Fedora 29 Fedoraproject Fedora 30

1 Article

Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame ...

Apple Swiftnio Apache Traffic Server Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 19.04 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Synology Skynas -Synology Diskstation Manager 6.2 Synology Vs960hd Firmware -Fedoraproject Fedora 29 Fedoraproject Fedora 30

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook