Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
quarkus quarkus vulnerabilities and exploits
(subscribe to this query)
8
CVSSv3
CVE-2022-31197
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious c...
Postgresql Postgresql Jdbc Driver
Postgresql Postgresql Jdbc Driver 42.4.0
Postgresql Postgresql Jdbc Driver 42.4.1
Debian Debian Linux 10.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
7.8
CVSSv3
CVE-2022-1011
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation.
Linux Linux Kernel
Linux Linux Kernel 5.17
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Developer Tools 1.0
Redhat Enterprise Linux For Real Time 8
Redhat Enterprise Linux For Real Time For Nfv 8
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.6
Redhat Build Of Quarkus 2.0
Redhat Enterprise Linux For Real Time For Nfv Tus 8.6
Redhat Enterprise Linux For Real Time Tus 8.6
Redhat Enterprise Linux Eus 8.6
Redhat Enterprise Linux Server Aus 8.6
Redhat Enterprise Linux For Ibm Z Systems Eus 8.6
Redhat Enterprise Linux For Power Little Endian Eus 8.6
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.6
Redhat Enterprise Linux Server Tus 8.6
1 Github repository
7.8
CVSSv3
CVE-2021-29428
In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly delet...
Gradle Gradle
Quarkus Quarkus
7.7
CVSSv3
CVE-2020-13692
PostgreSQL JDBC Driver (aka PgJDBC) prior to 42.2.13 allows XXE.
Postgresql Postgresql Jdbc Driver
Quarkus Quarkus
Netapp Steelstore Cloud Integrated Storage -
Fedoraproject Fedora 32
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
7.5
CVSSv3
CVE-2023-5720
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an malicious user to access potentially sensitive information from the build system within the applica...
Quarkus Quarkus 3.0.0
Quarkus Quarkus
3 Github repositories
7.5
CVSSv3
CVE-2023-4043
In Eclipse Parsson prior to 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much large...
Eclipse Parsson
7.5
CVSSv3
CVE-2023-31582
jose4j before v0.9.3 allows malicious users to set a low iteration count of 1000 or less.
Jose4j Project Jose4j
7.5
CVSSv3
CVE-2023-5072
Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used.
Json-java Project Json-java
2 Github repositories
7.5
CVSSv3
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
7.5
CVSSv3
CVE-2023-1584
A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow malicious users to access sensitive user data directly from the ID token or by using the access token to access user...
Quarkus Quarkus
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »