Redhat Build Of Quarkus — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Build Of Quarkus, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2022-4116 — CVSS 9.8 (critical): A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks…
CVE-2023-4853 — CVSS 8.1 (high): A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting…
CVE-2022-1011 — CVSS 7.8 (high): A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user…
CVE-2022-4492 — CVSS 7.5 (high): The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step…
CVE-2022-1259 — CVSS 7.5 (high): A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2023-6394 — CVSS 7.4 (high): A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the…
CVE-2021-20218 — CVSS 7.4 (high): A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause…
CVE-2021-3609 — CVSS 7.0 (high): .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to…
CVE-2021-4178 — CVSS 6.7 (medium): A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2023-1664 — CVSS 6.5 (medium): A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the…
CVE-2023-2974 — CVSS 6.5 (medium): A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is…
CVE-2021-3914 — CVSS 6.1 (medium): It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to…
CVE-2023-0044 — CVSS 6.1 (medium): If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead…
CVE-2021-3744 — CVSS 5.5 (medium): A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows…
CVE-2021-3669 — CVSS 5.5 (medium): A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which…
CVE-2023-6393 — CVSS 5.3 (medium): A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses…
CVE-2021-3642 — CVSS 5.3 (medium): A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer…
CVE-2021-3536 — CVSS 4.8 (medium): A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible…