Vulnerabilities > Redhat > Build OF Quarkus
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-09 | CVE-2023-6394 | Missing Authorization vulnerability in multiple products A flaw was found in Quarkus. | 9.1 |
| 2023-12-06 | CVE-2023-6393 | Unspecified vulnerability in Redhat Build of Quarkus A flaw was found in the Quarkus Cache Runtime. | 5.3 |
| 2023-10-10 | CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
| 2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
| 2023-07-04 | CVE-2023-2974 | Unspecified vulnerability in Redhat Build of Quarkus A vulnerability was found in quarkus-core. | 8.1 |
| 2023-05-26 | CVE-2023-1664 | Improper Certificate Validation vulnerability in Redhat products A flaw was found in Keycloak. | 6.5 |
| 2023-02-23 | CVE-2022-4492 | Unspecified vulnerability in Redhat products The undertow client is not checking the server identity presented by the server certificate in https connections. | 7.5 |
| 2023-02-23 | CVE-2023-0044 | Cross-site Scripting vulnerability in multiple products If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. | 6.1 |
| 2022-11-22 | CVE-2022-4116 | A vulnerability was found in quarkus. | 9.8 |