CVE-2023-5675
- EPSS 0.1%
- Veröffentlicht 25.04.2024 16:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:14
A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will n...
CVE-2023-48795
- EPSS 64.06%
- Veröffentlicht 18.12.2023 16:15:10
- Zuletzt bearbeitet 29.09.2025 21:56:10
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...
CVE-2023-44487
- EPSS 94.44%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-4853
- EPSS 0.35%
- Veröffentlicht 20.09.2023 10:15:14
- Zuletzt bearbeitet 21.11.2024 08:36:06
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...
CVE-2021-3703
- EPSS 0.43%
- Veröffentlicht 26.08.2022 16:15:09
- Zuletzt bearbeitet 21.11.2024 06:22:11
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.