Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2022-03-23 CVE-2022-0981 Incorrect Authorization vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus CWE-863
6.5
2021-12-09 CVE-2021-43797 HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
4.3
2021-10-20 CVE-2021-2471 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
oracle quarkus
7.9
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp CWE-400
5.0
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp CWE-400
5.0
2021-09-22 CVE-2021-38153 Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
4.3
2021-08-18 CVE-2021-37714 Infinite Loop vulnerability in multiple products
jsoup is a Java library for working with HTML.
network
low complexity
jsoup quarkus oracle netapp CWE-835
5.0
2021-08-05 CVE-2021-3642 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
3.5
2021-05-26 CVE-2021-28170 Expression Language Injection vulnerability in multiple products
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
network
low complexity
eclipse quarkus oracle CWE-917
5.0
2021-05-26 CVE-2020-25724 Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in multiple products
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided.
network
low complexity
redhat quarkus CWE-567
4.0