Vulnerabilities > Quarkus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-23 | CVE-2022-0981 | Incorrect Authorization vulnerability in Quarkus A flaw was found in Quarkus. | 6.5 |
| 2021-12-09 | CVE-2021-43797 | HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 4.3 |
| 2021-10-20 | CVE-2021-2471 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 7.9 |
| 2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 5.0 |
| 2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 5.0 |
| 2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 4.3 |
| 2021-08-18 | CVE-2021-37714 | Infinite Loop vulnerability in multiple products jsoup is a Java library for working with HTML. | 5.0 |
| 2021-08-05 | CVE-2021-3642 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. | 3.5 |
| 2021-05-26 | CVE-2021-28170 | Expression Language Injection vulnerability in multiple products In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | 5.0 |
| 2021-05-26 | CVE-2020-25724 | Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in multiple products A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. | 4.0 |