Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:5606
HistoryJul 19, 2022 - 1:36 p.m.

(RHSA-2022:5606) Moderate: Red Hat Integration Camel Extensions for Quarkus 2.7 security update

2022-07-1913:36:43
access.redhat.com
47

0.02 Low

EPSS

Percentile

88.8%

JSON

Red Hat Integration - Camel Extensions for Quarkus 2.7 serves as a replacement for 2.2.1 and includes the following security Fix(es):

Security Fix(es):

  • hadoop: WebHDFS client might send SPNEGO authorization header (CVE-2020-9492)

  • lz4: memory corruption due to an integer overflow bug caused by memmove argument (CVE-2021-3520)

  • elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure (CVE-2021-22132)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients (CVE-2021-38153)

  • xstream: Injecting highly recursive collections or maps can cause a DoS (CVE-2021-43859)

  • quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)

  • elasticsearch: Document disclosure flaw in the Elasticsearch suggester (CVE-2021-22135)

  • elasticsearch: Document disclosure flaw when Document or Field Level Security is used (CVE-2021-22137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 18
openvas 30
redhat 3
github 8
osv 28
prion 8
ubuntucve 7
redhatcve 9
cve 8
veracode 7
cvelist 8
nessus 35
cnvd 1
suse 4
atlassian 1
fedora 2
cbl_mariner 1
debiancve 3
vaadin 1
wolfi 1
cgr 1
debian 4
mageia 1
rocky 1
archlinux 1
ubuntu 2
rustsec 1
cloudfoundry 1
oraclelinux 1
almalinux 1
photon 1
alpinelinux 1
ibm
ibm
Security Bulletin: Vulnerability in Elasticsearch affects IBM Cloud Private (CVE-2021-22135, CVE-2021-22137)
2022-01-04 20:51:38
Security Bulletin: IBM Security SOAR is using a version of Elasticsearch that has known vulnerabilities (CVE-2021-22137, CVE-2021-22135)
2021-09-27 19:24:38
Security Bulletin: Vulnerability affects IBM Observability with Instana
2022-01-11 20:10:06
openvas
openvas
Elastic Elasticsearch Multiple Vulnerabilities (ESA-2021-06, ESA-2021-08)
2021-05-14 00:00:00
Elastic Elasticsearch Information Disclosure Vulnerability (ESA-2021-01)
2021-01-25 00:00:00
Debian: Security Advisory (DLA-2924-1)
2022-02-16 00:00:00
redhat
redhat
(RHSA-2022:6407) Moderate: Red Hat Integration Camel-K 1.8 security update
2022-09-09 07:10:55
(RHSA-2022:0737) Moderate: Red Hat build of Eclipse Vert.x 4.2.5 security update
2022-03-31 11:11:24
(RHSA-2021:2575) Moderate: lz4 security update
2021-06-29 13:43:40
github
github
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
API information disclosure flaw in Elasticsearch
2021-07-02 18:33:02
Insufficiently Protected Credentials in Elasticsearch
2021-03-18 19:27:27
osv
osv
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
2022-05-24 19:02:19
BIT-elasticsearch-2021-22137
2024-03-06 10:53:35
CVE-2021-22135
2021-05-13 18:15:08
prion
prion
Information disclosure
2021-01-14 20:15:00
Design/Logic Flaw
2021-05-13 18:15:00
Input validation
2021-08-18 15:15:00
ubuntucve
ubuntucve
CVE-2021-22132
2021-01-14 00:00:00
CVE-2021-22135
2021-05-13 00:00:00
CVE-2021-22137
2021-05-13 00:00:00
redhatcve
redhatcve
CVE-2021-22135
2022-04-26 22:20:26
CVE-2021-22132
2021-02-01 15:13:12
CVE-2021-22137
2021-03-25 14:58:19
cve
cve
CVE-2021-22137
2021-05-13 18:15:00
CVE-2021-22132
2021-01-14 20:15:00
CVE-2021-22135
2021-05-13 18:15:00
veracode
veracode
Information Disclosure
2021-03-19 05:35:47
Information Disclosure
2021-01-27 06:24:24
Information Disclosure
2021-05-17 07:46:38
cvelist
cvelist
CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
2021-08-18 15:10:11
CVE-2020-9492
2021-01-26 12:55:29
CVE-2021-22135
2021-05-13 17:35:17
nessus
nessus
SUSE SLED15 / SLES15 Security Update : jsoup, jsr-305 (SUSE-SU-2022:1265-1)
2022-04-21 00:00:00
Photon OS 3.0: Kafka PHSA-2021-3.0-0324
2021-11-12 00:00:00
openSUSE 15 Security Update : xstream (openSUSE-SU-2022:0817-1)
2022-03-17 00:00:00
cnvd
cnvd
Apache Kafka timing attack vulnerability
2021-09-22 00:00:00
suse
suse
Security update for xstream (moderate)
2022-03-14 00:00:00
Security update for jsoup, jsr-305 (important)
2022-04-19 00:00:00
Security update for lz4 (important)
2021-05-22 00:00:00
atlassian
atlassian
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
2023-11-12 13:45:30
fedora
fedora
[SECURITY] Fedora 34 Update: xstream-1.4.19-1.fc34
2022-02-12 01:16:35
[SECURITY] Fedora 35 Update: xstream-1.4.19-1.fc35
2022-02-12 01:20:20
cbl_mariner
cbl_mariner
CVE-2021-37714 affecting package jsoup 1.11.3-3
2024-05-18 09:07:43
debiancve
debiancve
CVE-2021-37714
2021-08-18 15:15:00
CVE-2021-43859
2022-02-01 12:15:00
CVE-2021-3520
2021-06-02 13:15:00
vaadin
vaadin
Denial of service in third-party component in Vaadin 7 and 8
2021-10-27 00:00:00
wolfi
wolfi
CVE-2021-38153 vulnerabilities
2024-05-18 09:07:35
cgr
cgr
CVE-2021-38153 vulnerabilities
2024-05-18 09:07:38
debian
debian
[SECURITY] [DLA 2924-1] libxstream-java security update
2022-02-15 21:37:34
[SECURITY] [DSA 4919-1] lz4 security update
2021-05-21 12:51:57
[SECURITY] [DLA 2657-1] lz4 security update
2021-05-12 10:24:09
mageia
mageia
Updated lz4 packages fix a security vulnerability
2021-06-08 17:33:02
rocky
rocky
lz4 security update
2021-06-29 13:43:40
archlinux
archlinux
[ASA-202105-27] lz4: denial of service
2021-05-25 00:00:00
ubuntu
ubuntu
LZ4 vulnerability
2021-05-31 00:00:00
LZ4 vulnerability
2021-05-26 00:00:00
rustsec
rustsec
Memory corruption in liblz4
2022-08-25 12:00:00
cloudfoundry
cloudfoundry
USN-4968-1: LZ4 vulnerability | Cloud Foundry
2021-06-11 00:00:00
oraclelinux
oraclelinux
lz4 security update
2021-06-30 00:00:00
almalinux
almalinux
Moderate: lz4 security update
2021-06-29 13:43:40
photon
photon
Critical Photon OS Security Update - PHSA-2021-0255
2021-06-17 00:00:00
alpinelinux
alpinelinux
CVE-2021-3520
2021-06-02 13:15:00

0.02 Low

EPSS

Percentile

88.8%

JSON
Related for RHSA-2022:5606
ibm18openvas30redhat3github8osv28prion8ubuntucve7redhatcve9cve8veracode7cvelist8nessus35cnvd1suse4atlassian1fedora2cbl_mariner1debiancve3vaadin1wolfi1cgr1debian4mageia1rocky1archlinux1ubuntu2rustsec1cloudfoundry1oraclelinux1almalinux1photon1alpinelinux1