Redhat

Build Of Quarkus

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-1259

  • EPSS 0.18%
  • Published 31.08.2022 16:15:09
  • Last modified 21.11.2024 06:40:21

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

5.5

CVE-2021-3669

  • EPSS 0.01%
  • Published 26.08.2022 16:15:09
  • Last modified 21.11.2024 06:22:06

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.

6.1

CVE-2021-3914

  • EPSS 0.48%
  • Published 25.08.2022 20:15:09
  • Last modified 21.11.2024 06:22:45

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

6.7

CVE-2021-4178

  • EPSS 0.08%
  • Published 24.08.2022 16:15:09
  • Last modified 21.11.2024 06:37:04

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

7.8

CVE-2022-1011

  • EPSS 0.22%
  • Published 18.03.2022 18:15:12
  • Last modified 21.11.2024 06:39:51

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.

5.5

CVE-2021-3744

Exploit
  • EPSS 0.01%
  • Published 04.03.2022 16:15:08
  • Last modified 21.11.2024 06:22:19

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18...

7

CVE-2021-3609

Exploit
  • EPSS 0.06%
  • Published 03.03.2022 19:15:08
  • Last modified 21.11.2024 06:21:58

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This race condition in net/can/bcm.c in the Linux kerne...

5.3

CVE-2021-3642

  • EPSS 0.27%
  • Published 05.08.2021 21:15:13
  • Last modified 21.11.2024 06:22:03

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

4.8

CVE-2021-3536

  • EPSS 0.28%
  • Published 20.05.2021 13:15:07
  • Last modified 21.11.2024 06:21:47

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

7.4

CVE-2021-20218

  • EPSS 0.59%
  • Published 16.03.2021 21:15:10
  • Last modified 21.11.2024 05:46:09

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest t...