Vulnerabilities > Redhat > Build OF Quarkus > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-12-06 CVE-2023-6393 Unspecified vulnerability in Redhat Build of Quarkus
A flaw was found in the Quarkus Cache Runtime.
network
high complexity
redhat
5.3
2023-05-26 CVE-2023-1664 Improper Certificate Validation vulnerability in Redhat products
A flaw was found in Keycloak.
network
low complexity
redhat CWE-295
6.5
2023-02-23 CVE-2023-0044 Cross-site Scripting vulnerability in multiple products
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure.
network
low complexity
quarkus redhat CWE-79
6.1
2022-08-26 CVE-2021-3669 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the Linux kernel.
local
low complexity
linux ibm debian fedoraproject redhat CWE-770
5.5
2022-08-25 CVE-2021-3914 Cross-site Scripting vulnerability in Redhat products
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs.
network
low complexity
redhat CWE-79
6.1
2022-08-24 CVE-2021-4178 Deserialization of Untrusted Data vulnerability in Redhat products
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above.
local
low complexity
redhat CWE-502
6.7
2022-03-04 CVE-2021-3744 A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).
local
low complexity
linux fedoraproject debian redhat oracle
5.5
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat quarkus
5.3
2021-05-20 CVE-2021-3536 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS.
network
low complexity
redhat CWE-79
4.8
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5