Page 3 of 44 results (0.003 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. Se ha detectado que Quarkus versión 2.10.x, no termina el contexto de el encabezado de las peticiones HTTP, lo que puede conllevar a un comportamiento imprevisible • https://github.com/yuxblank/CVE-2022-2466---Request-Context-not-terminated-with-GraphQL https://github.com/quarkusio/quarkus/issues/26748 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. Se ha encontrado un fallo en Quarkus. El estado y los permisos potencialmente asociados pueden filtrarse de una petición web a otra en RestEasy Reactive. • https://bugzilla.redhat.com/show_bug.cgi?id=2062520 https://github.com/quarkusio/quarkus/issues/23269 https://access.redhat.com/security/cve/CVE-2022-0981 • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 2

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. • https://github.com/ToontjeM/CVE-2022-21724 https://github.com/pgjdbc/pgjdbc/commit/f4d0ed69c0b3aae8531d83d6af4c57f22312c813 https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-v7wg-cpwc-24m4 https://lists.debian.org/debian-lts-announce/2022/05/msg00027.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVEO7BEFXPBVHSPYL3YKQWZI6DYXQLFS https://security.netapp.com/advisory/ntap-20220311-0005 https://www.debian.org/security/2022/dsa-5196 https://access.redhat.com&# • CWE-665: Improper Initialization •

CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2022-21363 https://bugzilla.redhat.com/show_bug.cgi?id=2047343 • CWE-280: Improper Handling of Insufficient Permissions or Privileges •

CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. • https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html https://security.netapp.com/advisory/ntap-20220107-0003 https://www.debian.org/security/2023/dsa-5316 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2021-43797 https://bugzilla&# • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •