Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Quarkus Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-13956 4 Apache, Netapp, Oracle and 1 more 17 Httpclient, Active Iq Unified Manager, Snapcenter and 14 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2020-13692 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 2 more 2024-11-21 6.8 MEDIUM 7.7 HIGH
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-10693 4 Ibm, Oracle, Quarkus and 1 more 8 Websphere Application Server, Weblogic Server, Quarkus and 5 more 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVE-2019-14900 3 Hibernate, Quarkus, Redhat 11 Hibernate Orm, Quarkus, Build Of Quarkus and 8 more 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CVE-2017-18640 4 Fedoraproject, Oracle, Quarkus and 1 more 4 Fedora, Peoplesoft Enterprise Pt Peopletools, Quarkus and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.