CVE-2023-5675
- EPSS 0.1%
- Published 25.04.2024 16:15:08
- Last modified 21.11.2024 08:42:14
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will n...
CVE-2023-48795
- EPSS 64.06%
- Published 18.12.2023 16:15:10
- Last modified 29.09.2025 21:56:10
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-4853
- EPSS 0.35%
- Published 20.09.2023 10:15:14
- Last modified 21.11.2024 08:36:06
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...
CVE-2021-3703
- EPSS 0.43%
- Published 26.08.2022 16:15:09
- Last modified 21.11.2024 06:22:11
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.