Filtered by vendor Quarkus Subscriptions
Filtered by product Quarkus Subscriptions
Total 45 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-13956 5 Apache, Netapp, Oracle and 2 more 27 Httpclient, Active Iq Unified Manager, Snapcenter and 24 more 2024-11-21 5.3 Medium
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CVE-2020-13692 6 Debian, Fedoraproject, Netapp and 3 more 14 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 11 more 2024-11-21 7.7 High
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CVE-2020-10693 4 Ibm, Oracle, Quarkus and 1 more 13 Websphere Application Server, Weblogic Server, Quarkus and 10 more 2024-11-21 5.3 Medium
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CVE-2019-14900 3 Hibernate, Quarkus, Redhat 17 Hibernate Orm, Quarkus, Build Of Quarkus and 14 more 2024-11-21 6.5 Medium
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CVE-2017-18640 5 Fedoraproject, Oracle, Quarkus and 2 more 8 Fedora, Peoplesoft Enterprise Pt Peopletools, Quarkus and 5 more 2024-11-21 7.5 High
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.