Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2021:4767
HistoryNov 23, 2021 - 10:29 a.m.

(RHSA-2021:4767) Moderate: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-11-2310:29:48
access.redhat.com
38

0.974 High

EPSS

Percentile

99.9%

JSON

This release of Red Hat Integration - Camel Extensions for Quarkus - 2.2 GA serves as a replacement for tech-preview 2, and includes bug fixes and
enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jetty (CVE-2021-28163, CVE-2020-27218, CVE-2020-27223, CVE-2021-28164, CVE-2021-28169, CVE-2021-28165, CVE-2021-34428, CVE-2021-34428)

  • undertow: potential security issue in flow control over HTTP/2 may lead to DOS (CVE-2021-3629)

  • xstream (CVE-2021-39144, CVE-2021-39141, CVE-2021-39154, CVE-2021-39153, CVE-2021-39152, CVE-2021-39151, CVE-2021-39150, CVE-2021-39149, CVE-2021-39148, CVE-2021-39147, CVE-2021-39146, CVE-2021-39145, CVE-2021-39140, CVE-2021-39139, CVE-2021-21351, CVE-2021-21350, CVE-2021-21349, CVE-2021-21348, CVE-2021-21347, CVE-2021-21346, CVE-2021-21345, CVE-2021-21344, CVE-2021-21343, CVE-2021-21342, CVE-2021-21341, CVE-2021-29505, CVE-2020-26259, CVE-2020-26258, CVE-2020-26217)

  • wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  • RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)

  • resteasy-core: resteasy: Error message exposes endpoint class information (CVE-2021-20289)

  • velocity: arbitrary code execution when attacker is able to modify templates (CVE-2020-13936)

  • undertow: buffer leak on incoming websocket PONG message may lead to DoS (CVE-2021-3690)

  • mongodb-driver: mongo-java-driver: client-side field level encryption not verifying KMS host name (CVE-2021-20328)

  • gradle: information disclosure through temporary directory permissions (CVE-2021-29429)

  • json-smart: uncaught exception may lead to crash or information disclosure (CVE-2021-27568)

  • bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible (CVE-2020-28052)

  • jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 44
debian 7
openvas 25
fedora 3
nessus 43
redhat 25
amazon 2
suse 6
oraclelinux 2
osv 13
mageia 2
ubuntu 3
centos 1
githubexploit 3
attackerkb 1
atlassian 2
debiancve 1
cvelist 3
redhatcve 1
prion 2
cve 3
nvd 2
github 1
alpinelinux 1
ubuntucve 1
veracode 1
freebsd 1
ibm
ibm
Security Bulletin: Vulnerabilities in XStream affect IBM Spectrum Copy Data Management
2021-12-11 00:37:03
Security Bulletin: IBM Security Verify Governance is vulnerable to multiple security threats due to use of XStream
2022-11-22 16:29:37
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream
2021-10-01 06:19:43
debian
debian
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:46:19
[SECURITY] [DSA 5004-1] libxstream-java security update
2021-11-10 20:29:25
openvas
openvas
Fedora: Security Advisory for xstream (FEDORA-2021-5e376c0ed9)
2021-10-30 00:00:00
Fedora: Security Advisory for xstream (FEDORA-2021-fbad11014a)
2021-10-21 00:00:00
Fedora: Security Advisory for xstream (FEDORA-2021-d894ca87dc)
2021-10-21 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: xstream-1.4.18-2.fc33
2021-10-12 23:47:14
[SECURITY] Fedora 34 Update: xstream-1.4.18-2.fc34
2021-10-12 23:45:05
[SECURITY] Fedora 35 Update: xstream-1.4.18-2.fc35
2021-10-29 23:18:39
nessus
nessus
Debian DSA-5004-1 : libxstream-java - security update
2021-11-12 00:00:00
RHEL 7 : xstream (RHSA-2021:3956)
2021-10-26 00:00:00
Debian DLA-2769-1 : libxstream-java - LTS security update
2021-10-01 00:00:00
redhat
redhat
(RHSA-2021:4918) Moderate: Red Hat Integration Camel-K 1.6 release and security update
2021-12-02 16:13:28
(RHSA-2021:3956) Important: xstream security update
2021-10-25 06:30:03
(RHSA-2022:0297) Moderate: Red Hat Decision Manager 7.12.0 security update
2022-01-26 16:28:59
amazon
amazon
Important: xstream
2021-12-08 16:28:00
Important: xstream
2021-05-20 17:10:00
suse
suse
Security update for xstream (important)
2021-10-20 00:00:00
Security update for xstream (important)
2021-10-31 00:00:00
Security update for xstream (important)
2021-06-04 00:00:00
oraclelinux
oraclelinux
xstream security update
2021-10-25 00:00:00
xstream security update
2021-04-27 00:00:00
osv
osv
libxstream-java - security update
2021-09-29 00:00:00
libxstream-java - security update
2021-11-10 00:00:00
libxstream-java vulnerabilities
2023-03-13 10:57:59
mageia
mageia
Updated xstream/xmlpull/mxparser packages fix security vulnerability
2021-10-13 22:39:52
Updated xstream packages fix security vulnerabilities
2021-07-25 17:45:06
ubuntu
ubuntu
XStream vulnerabilities
2023-03-13 00:00:00
XStream vulnerabilities
2021-05-11 00:00:00
XStream vulnerabilities
2021-01-28 00:00:00
centos
centos
xstream security update
2021-04-29 17:56:41
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Xstream Project Xstream
2021-08-24 06:15:20
Exploit for OS Command Injection in Xstream Project Xstream
2020-12-13 17:39:11
Exploit for OS Command Injection in Xstream Project Xstream
2021-01-22 09:56:11
attackerkb
attackerkb
CVE-2021-28169
2021-06-09 00:00:00
atlassian
atlassian
XStream upgrade to 1.4.18
2021-09-10 04:35:37
XStream upgrade to 1.4.18
2021-09-10 04:35:37
debiancve
debiancve
CVE-2021-29429
2021-04-12 22:15:13
cvelist
cvelist
CVE-2021-29429 Information disclosure through temporary directory permissions
2021-04-12 21:30:12
CVE-2020-14326
2021-06-02 11:23:23
CVE-2021-27568
2021-02-23 01:32:14
redhatcve
redhatcve
CVE-2021-29429
2021-04-14 17:39:30
prion
prion
Information disclosure
2021-04-12 22:15:00
Design/Logic Flaw
2021-02-18 16:15:00
cve
cve
CVE-2021-29429
2021-04-12 22:15:13
CVE-2021-27568
2021-02-23 02:15:12
CVE-2021-20289
2021-03-26 17:15:13
nvd
nvd
CVE-2020-14326
2021-06-02 12:15:08
CVE-2021-29429
2021-04-12 22:15:13
github
github
Denial of Service (DoS) in Jackson Dataformat CBOR
2021-12-09 19:17:21
alpinelinux
alpinelinux
CVE-2021-29429
2021-04-12 22:15:00
ubuntucve
ubuntucve
CVE-2021-29429
2021-04-12 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-02-19 01:15:41
freebsd
freebsd
bouncycastle15 -- bcrypt password checking vulnerability
2020-11-02 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for RHSA-2021:4767
ibm44debian7openvas25fedora3nessus43redhat25amazon2suse6oraclelinux2osv13mageia2ubuntu3centos1githubexploit3attackerkb1atlassian2debiancve1cvelist3redhatcve1prion2cve3nvd2github1alpinelinux1ubuntucve1veracode1freebsd1