Vulnerabilities (CVE)

Filtered by vendor Quarkus Subscribe
Filtered by product Quarkus
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10693 4 Ibm, Oracle, Quarkus and 1 more 8 Websphere Application Server, Weblogic Server, Quarkus and 5 more 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVE-2020-1714 2 Quarkus, Redhat 7 Quarkus, Decision Manager, Jboss Fuse and 4 more 2024-02-04 6.5 MEDIUM 8.8 HIGH
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.
CVE-2020-13692 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 2 more 2024-02-04 6.8 MEDIUM 7.7 HIGH
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-1728 2 Quarkus, Redhat 2 Quarkus, Keycloak 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.
CVE-2017-18640 4 Fedoraproject, Oracle, Quarkus and 1 more 4 Fedora, Peoplesoft Enterprise Pt Peopletools, Quarkus and 1 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.