Vulnerabilities > Quarkus

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-18	CVE-2020-28491	Allocation of Resources Without Limits or Throttling vulnerability in multiple products This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. network low complexity fasterxml quarkus oracle CWE-770	7.5
2021-02-08	CVE-2021-21290	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. local low complexity netty debian quarkus oracle netapp	5.5
2020-12-10	CVE-2020-8908	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). local low complexity google quarkus oracle netapp CWE-732	3.3
2020-12-03	CVE-2020-25649	XXE vulnerability in multiple products A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. network low complexity fasterxml netapp fedoraproject quarkus apache oracle CWE-611	7.5
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3
2020-12-02	CVE-2020-25638	A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. network high complexity hibernate debian quarkus oracle	7.4
2020-09-18	CVE-2020-25633	Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. network low complexity redhat quarkus CWE-209	5.3
2020-07-06	CVE-2019-14900	SQL Injection vulnerability in multiple products A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. network low complexity hibernate redhat quarkus CWE-89	6.5
2020-06-04	CVE-2020-13692	XXE vulnerability in multiple products PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. network high complexity postgresql quarkus netapp fedoraproject debian CWE-611	7.7
2020-05-13	CVE-2020-1714	Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. network low complexity redhat quarkus CWE-20	8.8

Vulnerabilities > Quarkus {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Quarkus"}]}

Vulnerabilities > Quarkus