Redhat Build_of_quarkus
21 CVEs affecting Redhat Build_of_quarkus. Latest disclosed: 2023-12-09. Critical: 1, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4116 | Critical | 9.8 | 2022-11-22 | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote co… |
CVE-2023-4853 | High | 8.1 | 2023-09-20 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in inco… |
CVE-2022-1011 | High | 7.8 | 2022-03-18 | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized ac… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2022-4492 | High | 7.5 | 2023-02-23 | The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should… |
CVE-2022-1259 | High | 7.5 | 2022-08-31 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the s… |
CVE-2023-6394 | High | 7.4 | 2023-12-09 | A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarku… |
CVE-2021-20218 | High | 7.4 | 2021-03-16 | A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric… |
CVE-2021-3609 | High | 7.0 | 2022-03-03 | .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash… |
CVE-2021-4178 | Medium | 6.7 | 2022-08-24 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML par… |
CVE-2023-2974 | Medium | 6.5 | 2023-07-04 | A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and t… |
CVE-2023-1664 | Medium | 6.5 | 2023-05-26 | A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not valid… |
CVE-2019-14900 | Medium | 6.5 | 2020-07-06 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit u… |
CVE-2023-0044 | Medium | 6.1 | 2023-02-23 | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Di… |
CVE-2021-3914 | Medium | 6.1 | 2022-08-25 | It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site sc… |
CVE-2021-3669 | Medium | 5.5 | 2022-08-26 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource… |
CVE-2021-3744 | Medium | 5.5 | 2022-03-04 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denia… |
CVE-2023-6393 | Medium | 5.3 | 2023-12-06 | A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completi… |
CVE-2021-3642 | Medium | 5.3 | 2021-08-05 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to… |