VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Quarkus
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2023-02-23
CVE-2023-0044
Cross-site Scripting vulnerability in multiple products
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure.
network
low complexity
quarkus
redhat
CWE-79
6.1
6.1
2021-12-09
CVE-2021-43797
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty
quarkus
netapp
oracle
debian
6.5
6.5
2021-09-22
CVE-2021-38153
Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
high complexity
apache
quarkus
oracle
CWE-203
5.9
5.9
2021-08-05
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat
quarkus
5.3
5.3
2021-05-26
CVE-2021-28170
Expression Language Injection vulnerability in multiple products
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
network
low complexity
eclipse
quarkus
oracle
CWE-917
5.3
5.3
2021-05-26
CVE-2020-25724
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided.
network
low complexity
redhat
quarkus
4.3
4.3
2021-04-12
CVE-2021-29429
In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle.
local
low complexity
gradle
quarkus
5.5
5.5
2021-03-30
CVE-2021-21409
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty
debian
netapp
oracle
quarkus
5.9
5.9
2021-03-26
CVE-2021-20289
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat
netapp
quarkus
oracle
5.3
5.3
2021-03-09
CVE-2021-21295
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty
netapp
debian
quarkus
apache
oracle
5.9
5.9
«
1
(current)
2
»
Next