Lucene search
+L

729 matches found

OSV
OSV
added 2022/11/22 12:0 a.m.35 views

CVE-2022-4116

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution...

9.8CVSS9.7AI score0.32516EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/11/09 5:20 p.m.8 views

org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2), org.apache.camel.quarkus:camel-quarkus-coap (>=3.8.0 <=3.36.0) +32 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=3.0.0 <=3.6.0)

org.eclipse.californium:scandium MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...

8.2CVSS7.4AI score0.00553EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/11/09 5:20 p.m.5 views

org.apache.camel.quarkus:camel-quarkus-coap (>=2.13.1 <=2.15.0), org.apache.camel.quarkus:camel-quarkus-coap-deployment (>=2.13.1 <=2.15.0) +16 more potentially affected by CVE-2022-39368 via org.eclipse.californium:scandium (>=2.7.0 <=2.7.3)

org.eclipse.californium:scandium MAVEN version =2.7.0, =2.13.1, =2.13.1, =2.13.1, =3.18.3, =3.18.3, =2.7.0, =2.7.0, =2.7.0, =1.10.1, =1.10.1, =1.10.1, =1.4.0, =1.4.0, =1.4.0, =1.4.0, =1.4.1 and more Source cves: CVE-2022-39368 Source advisory: OSV:GHSA-P72G-CGH9-GHJG...

8.2CVSS7.2AI score0.00553EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2022/10/13 11:14 a.m.48 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus Platform 2.7.6.SP1 and security update

An update is now available for the Red Hat build of Quarkus Platform. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For mo...

7.5CVSS6.7AI score0.02191EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.8 views

quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended...

8.8CVSS5.8AI score0.0115EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2022/10/06 12:26 p.m.88 views

Important: Red Hat Security Advisory: Service Registry (container images) release and security update [2.3.0.GA]

An update to the images for Red Hat Integration Service Registry is now available from the Red Hat Container Catalog. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact o...

10CVSS7.2AI score0.1223EPSS
Exploits10References19
Veracode
Veracode
added 2022/09/01 8:3 a.m.27 views

HTTP Request Smuggling

Quarkus is vulnerable to HTTP request smuggling. The vulnerability exists in handle function in SmallRyeGraphQLAbstractHandler.java due to incomplete termination of the HTTP request header which allows an attacker to smuggle HTTP requests by submitting malicious headers...

9.8CVSS8.8AI score0.01497EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/09/01 12:0 a.m.25 views

Quarkus does not terminate HTTP requests header context

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final...

9.8CVSS1.3AI score0.01497EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/09/01 12:0 a.m.57 views

GHSA-MWHW-6P27-4CRC Quarkus does not terminate HTTP requests header context

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final...

9.8CVSS7AI score0.01497EPSS
Exploits1References4
NVD
NVD
added 2022/08/31 4:15 p.m.31 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

9.8CVSS0.01497EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/08/31 4:15 p.m.5 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

9.8CVSS6.8AI score0.01497EPSS
Exploits1References2
Prion
Prion
added 2022/08/31 4:15 p.m.23 views

Design/Logic Flaw

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

7.5CVSS9.3AI score0.01497EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/31 3:33 p.m.33 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

9.7AI score0.01497EPSS
Exploits1References1
EUVD
EUVD
added 2022/08/31 3:33 p.m.14 views

EUVD-2022-6884

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

9.8CVSS7.2AI score0.01497EPSS
Exploits1References4
CVE
CVE
added 2022/08/31 3:33 p.m.2068 views

CVE-2022-2466

Summary: CVE-2022-2466 affects Quarkus 2.10.x due to incomplete termination of the HTTP request header context, enabling HTTP request smuggling as described in connected sources. The issue relates to the handle logic in SmallRyeGraphQLAbstractHandler.java and may cause unpredictable behavior. The...

9.8CVSS9.3AI score0.01497EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/08/31 3:33 p.m.16 views

CVE-2022-2466

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior...

9.8CVSS9.4AI score0.01497EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.7 views

PT-2022-16781 · Quarkus · Quarkus

Name of the Vulnerable Software and Affected Versions: Quarkus versions 2.10.x through 2.10.3 Description: The issue is related to Quarkus not terminating HTTP requests header context, which may lead to unpredictable behavior. This is a problem in the framework that can cause unexpected outcomes...

9.8CVSS6.9AI score0.01497EPSS
Exploits1References7
CNNVD
CNNVD
added 2022/08/31 12:0 a.m.9 views

Quarkus 环境问题漏洞

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus version 2.10.x that stems from an HTTP request header environment that will not terminate...

9.8CVSS6.8AI score0.01497EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2022/08/26 12:3 a.m.8 views

com.datastax.oss.quarkus:cassandra-quarkus-client (=1.0.0), com.datastax.oss.quarkus:cassandra-quarkus-client-deployment (>=1.0.0 <=1.1.1) +45 more potentially affected by CVE-2021-3914 via io.smallrye:smallrye-health-ui (>=2.2.3 <=3.1.1)

io.smallrye:smallrye-health-ui MAVEN version =2.2.3, =1.0.0, =1.0.4, =0.4.0, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.3.0.Beta1, =1.2.3.Final, =1.2.3.Final, =1.2.3.Final, =1.2.1.Final, =1.2.2.Final and more Source cves: CVE-2021-3914 Source advisory: OSV:GHSA-PVC3-WVXR-7CMF...

6.1CVSS6.3AI score0.00442EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/07/30 12:0 a.m.11 views

io.github.xiaomisum:ryze-coap (=6.1.0), org.apache.camel.karaf:camel-coap (>=4.7.0 <=4.18.2) +34 more potentially affected by CVE-2022-2576 via org.eclipse.californium:californium-core (>=3.0.0 <=3.5.0)

org.eclipse.californium:californium-core MAVEN version =3.0.0, =4.7.0, =3.8.0, =3.8.0, =3.8.0, =4.4.0, =4.4.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.12.0, =2.0.0, =2.0.0-M6, =2.0.0-M15 and more Source cves: CVE-2022-2576 Source advisory: OSV:GHSA-QQ3J-44GW-CF6R...

7.5CVSS7.2AI score0.00517EPSS
Exploits1
Rows per page
Query Builder