CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2974 – Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol
https://notcve.org/view.php?id=CVE-2023-2974
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol. • https://access.redhat.com/errata/RHSA-2023:3809 https://access.redhat.com/security/cve/CVE-2023-2974 https://bugzilla.redhat.com/show_bug.cgi?id=2211026 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-3914 – smallrye-health-ui: persistent cross-site scripting in endpoint
https://notcve.org/view.php?id=CVE-2021-3914
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. Se ha detectado que el componente de la interfaz de usuario de smallrye health metrics no sanea correctamente algunas entradas del usuario. Un atacante podría usar este fallo para conducir ataques de tipo cross-site scripting. • https://access.redhat.com/security/cve/CVE-2021-3914 https://bugzilla.redhat.com/show_bug.cgi?id=2018015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2021-3669 – kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts
https://notcve.org/view.php?id=CVE-2021-3669
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. Se ha encontrado un fallo en el kernel de Linux. La medición del uso de la memoria compartida no escala con grandes recuentos de segmentos de memoria compartida, lo que podría conllevar a el agotamiento de recursos y el DoS. • https://access.redhat.com/security/cve/CVE-2021-3669 https://bugzilla.redhat.com/show_bug.cgi?id=1980619 https://bugzilla.redhat.com/show_bug.cgi?id=1986473 https://security-tracker.debian.org/tracker/CVE-2021-3669 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-4178 – kubernetes-client: Insecure deserialization in unmarshalYaml method
https://notcve.org/view.php?id=CVE-2021-4178
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. Se ha encontrado un fallo de ejecución de código arbitrario en el cliente de Kubernetes Fabric 8 afectando a versiones 5.0.0-beta-1 y superiores. Debido a una configuración incorrecta del análisis de YAML, esto permitirá a un atacante local y con privilegios suministrar YAML malicioso. • https://access.redhat.com/security/cve/CVE-2021-4178 https://bugzilla.redhat.com/show_bug.cgi?id=2034388 https://github.com/advisories/GHSA-98g7-rxmf-rrxm https://github.com/fabric8io/kubernetes-client/issues/3653 • CWE-502: Deserialization of Untrusted Data •