Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2021-02-25 CVE-2021-20328 Improper Certificate Validation vulnerability in multiple products
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate.
high complexity
mongodb quarkus CWE-295
6.8
2021-02-18 CVE-2020-28491 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.
network
low complexity
fasterxml quarkus oracle CWE-770
7.5
2021-02-08 CVE-2021-21290 Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
local
low complexity
netty debian quarkus oracle netapp CWE-379
5.5
2020-12-10 CVE-2020-8908 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir().
local
low complexity
google quarkus oracle netapp CWE-732
3.3
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly.
7.5
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3
2020-12-02 CVE-2020-25638 SQL Injection vulnerability in multiple products
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final.
network
high complexity
hibernate debian quarkus oracle CWE-89
7.4
2020-09-18 CVE-2020-25633 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final.
network
low complexity
redhat quarkus CWE-209
5.3
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5
2020-06-04 CVE-2020-13692 XXE vulnerability in multiple products
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
7.7