Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Single_sign\-On
(Redhat)| Repositories | https://github.com/FasterXML/jackson-databind |
| #Vulnerabilities | 94 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-26 | CVE-2021-3632 | A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | Keycloak, Single_sign\-On | 7.5 | ||
| 2022-08-26 | CVE-2021-3754 | A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | Keycloak, Single_sign\-On | 5.3 | ||
| 2022-08-26 | CVE-2021-3859 | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Jboss_enterprise_application_platform, Single_sign\-On, Undertow | 7.5 | ||
| 2022-08-26 | CVE-2022-0084 | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | Integration_camel_k, Integration_camel_quarkus, Single_sign\-On, Xnio | 7.5 | ||
| 2022-08-26 | CVE-2022-0225 | A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | Keycloak, Single_sign\-On | 5.4 | ||
| 2022-08-31 | CVE-2022-1259 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Build_of_quarkus, Integration_camel_k, Jboss_enterprise_application_platform, Openshift_application_runtimes, Single_sign\-On, Undertow | 7.5 | ||
| 2022-08-31 | CVE-2022-1319 | A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Openshift_application_runtimes, Single_sign\-On, Undertow | 7.5 | ||
| 2022-09-01 | CVE-2022-2256 | A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | Single_sign\-On | 3.8 | ||
| 2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | Active_iq_unified_manager, Cloud_secure_agent, Oncommand_insight, Oncommand_workflow_automation, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Single_sign\-On, Undertow | 4.9 | ||
| 2022-09-13 | CVE-2022-1278 | A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | Amq, Amq_online, Integration_camel_k, Integration_service_registry, Jboss_a\-Mq, Jboss_enterprise_application_platform_expansion_pack, Single_sign\-On, Wildfly | 7.5 |