Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-25	CVE-2021-20328	Improper Certificate Validation vulnerability in multiple products Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. high complexity mongodb quarkus CWE-295	6.8
2021-02-08	CVE-2021-21290	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. local low complexity netty debian quarkus oracle netapp	5.5
2020-12-02	CVE-2020-13956	Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. network low complexity apache quarkus oracle netapp	5.3
2020-09-18	CVE-2020-25633	Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. network low complexity redhat quarkus CWE-209	5.3
2020-07-06	CVE-2019-14900	SQL Injection vulnerability in multiple products A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. network low complexity hibernate redhat quarkus CWE-89	6.5
2020-05-06	CVE-2020-10693	A flaw was found in Hibernate Validator version 6.1.2.Final. network low complexity redhat ibm quarkus oracle	5.3
2020-04-06	CVE-2020-1728	Improper Restriction of Rendered UI Layers or Frames vulnerability in multiple products A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. network low complexity redhat quarkus CWE-1021	5.4