CVE-2023-6394

all versions

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on

7.4HIGH

CVE-2023-6393

all versions

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni

5.3MEDIUM

CVE-2023-44487

all versions

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q

7.5HIGH

CVE-2023-4853

>= 2.13.0 and < 2.13.8

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when acceptin

8.1HIGH

CVE-2023-1108

all versions

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status update

7.5HIGH

CVE-2023-2974

< 2.13.8

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.pro

6.5MEDIUM

CVE-2023-1664

all versions

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and t

6.5MEDIUM

CVE-2023-0044

all versions

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which mig

6.1MEDIUM

CVE-2022-4492

all versions

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compul

7.5HIGH

CVE-2022-4116

all versions

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost

9.8CRITICAL

CVE-2022-1259

all versions

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or

7.5HIGH

CVE-2021-3669

>= 2.0 and < 2.7

A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts

5.5MEDIUM

CVE-2021-3914

< 2.7.5

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this

6.1MEDIUM

CVE-2021-4178

all versions

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an i

6.7MEDIUM

CVE-2022-1011

all versions

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a loc

7.8HIGH

CVE-2021-3744

all versions

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allo

5.5MEDIUM

CVE-2021-3609

all versions

.A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsy

7.0HIGH

CVE-2021-3642

all versions

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where Scra

5.3MEDIUM

CVE-2021-3536

all versions

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is

4.8MEDIUM

CVE-2021-20218

all versions

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause

7.4HIGH

CVE-2019-14900

all versions

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the

6.5MEDIUM