Lucene search
K

12 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3074

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00511EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/11/19 9:20 p.m.3 views

io.quarkiverse.cxf:quarkus-cxf: Quarkus CXF may log user password and secret to application log

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS5.7AI score0.00511EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/19 9:20 p.m.25 views

Critical: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available (RHBQ 3.8.6.SP2)

An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available RHBQ 3.8.6.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

9.8CVSS7.2AI score0.01851EPSS
Exploits1References5
Veracode
Veracode
added 2024/10/14 10:0 a.m.6 views

Log Injection

io.quarkiverse.cxf, quarkus-cxf is vulnerable to Log Injection. The vulnerability is due to misconfiguration of logging settings, which results in passwords and other secrets being logged; specific configurations, such as enabled SOAP logging and access to application logs, allow attackers to...

5.3CVSS6.5AI score0.00511EPSS
Exploits0References7Affected Software1
vulnersOsv
vulnersOsv
added 2024/10/08 6:33 p.m.14 views

io.github.project-openubl:quarkus-xsender (>=4.0.0.Beta1 <=5.1.1), io.github.project-openubl:quarkus-xsender-deployment (>=4.0.0.Beta1 <=5.1.1) +56 more potentially affected by CVE-2024-9621 via io.quarkiverse.cxf:quarkus-cxf (>=0.1 <=3.15.1)

io.quarkiverse.cxf:quarkus-cxf MAVEN version =0.1, =4.0.0.Beta1, =4.0.0.Beta1, =0.1, =1.5.0, =2.7.0, =3.10.0, =2.2.1, =1.5.0, =2.2.0, =3.10.0, =1.5.3, =1.5.5, =2.7.0, =1.5.0, =3.15.1 and more Source cves: CVE-2024-9621 Source advisory: OSV:GHSA-JQH2-...

5.3CVSS6AI score0.00511EPSS
Exploits0
NVD
NVD
added 2024/10/08 5:15 p.m.29 views

CVE-2024-9621

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS0.00511EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/08 4:26 p.m.40 views

CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS0.00511EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/08 4:26 p.m.10 views

CVE-2024-9621 Io.quarkiverse.cxf:quarkus-cxf: quarkus cxf may log user password and secret to application log

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS7AI score0.00511EPSS
Exploits0References3
CVE
CVE
added 2024/10/08 4:26 p.m.85 views

CVE-2024-9621

CVE-2024-9621 concerns Quarkus CXF/quarkus-cxf where passwords and other secrets can appear in application logs despite redaction. The issue requires specific configuration (e.g., SOAP logging enabled, client/app/endpoint logging properties) and attacker must access logs. CVSSv3.1 base score 5.3 ...

5.3CVSS6.8AI score0.00511EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/10/08 1:27 a.m.22 views

CVE-2024-9621

A vulnerability was found in Quarkus CXF. Passwords and other secrets may appear in the application log in spite of the user configuring them to be hidden. This issue requires some special configuration to be vulnerable, such as SOAP logging enabled, application set client, and endpoint logging...

5.3CVSS5AI score0.00511EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/07/19 9:32 a.m.8 views

io.quarkiverse.cxf:quarkus-cxf-integration-test-ws-trust (>=2.0.0 <=3.13.0), io.quarkiverse.cxf:quarkus-cxf-services-sts (>=2.0.0 <=3.13.0) +23 more potentially affected by CVE-2024-32007 via org.apache.cxf:cxf-rt-rs-security-jose (>=4.0.0 <=4.0.4)

org.apache.cxf:cxf-rt-rs-security-jose MAVEN version =4.0.0, =2.0.0, =2.0.0, =2.0.0, =4.0.0, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =3.0.0-M1, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-32007 Source a...

7.5CVSS6.8AI score0.01269EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2024/03/15 12:30 p.m.7 views

io.github.project-openubl:quarkus-xsender-deployment (>=5.0.0 <=5.1.1), io.quarkiverse.cxf:quarkus-cxf-deployment (>=2.0.0 <=3.8.0) +29 more potentially affected by CVE-2024-28752 via org.apache.cxf:cxf-rt-databinding-aegis (>=4.0.0 <=4.0.3)

org.apache.cxf:cxf-rt-databinding-aegis MAVEN version =4.0.0, =5.0.0, =2.0.0, =2.7.0, =2.0.0, =2.2.0, =2.2.1, =2.0.0, =2.0.0, =2.0.0, =3.0.0-M2, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-28752 Source advisory: OSV:G...

9.3CVSS6.8AI score0.05849EPSS
Exploits0
Rows per page
Query Builder