Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:4623
HistoryMay 18, 2022 - 10:52 a.m.

(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update

2022-05-1810:52:45
access.redhat.com
65

0.018 Low

EPSS

Percentile

88.2%

JSON

This release of Red Hat build of Quarkus 2.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.

Security Fix(es):

  • gradle: information disclosure through temporary directory permissions (CVE-2021-29429)

  • gradle: repository content filters do not work in Settings pluginManagement (CVE-2021-29427)

  • gradle: local privilege escalation through system temporary director (CVE-2021-29428)

  • smallrye-health-ui: persistent cross-site scripting in endpoint (CVE-2021-3914)

  • Quarkus Resteasy component may return Resteasy implementation details

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)

  • mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

  • quarkus: privilege escalation vulnerability with RestEasy Reactive scope leakage in Quarkus (CVE-2022-0981)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

osv 24
cvelist 9
debiancve 7
redhatcve 9
alpinelinux 4
openvas 16
cve 9
ubuntucve 7
prion 9
nessus 28
nvd 9
f5 2
cgr 2
ibm 23
wolfi 2
github 6
veracode 6
githubexploit 1
cbl_mariner 2
atlassian 2
cnvd 1
suse 3
fedora 1
debian 5
redhat 11
ubuntu 1
osv
osv
CVE-2021-29429
2021-04-12 22:15:13
CVE-2021-29428
2021-04-13 20:15:21
BIT-gradle-2021-29427
2024-03-06 10:55:05
cvelist
cvelist
CVE-2021-29429 Information disclosure through temporary directory permissions
2021-04-12 21:30:12
CVE-2021-29427 Repository content filters do not work in Settings pluginManagement
2021-04-13 17:55:24
CVE-2021-29428 Local privilege escalation through system temporary directory
2021-04-13 17:55:18
debiancve
debiancve
CVE-2021-29429
2021-04-12 22:15:13
CVE-2021-29427
2021-04-13 20:15:21
CVE-2021-29428
2021-04-13 20:15:21
redhatcve
redhatcve
CVE-2021-29427
2021-04-14 17:39:25
CVE-2021-29429
2021-04-14 17:39:30
CVE-2021-29428
2021-04-14 18:09:28
alpinelinux
alpinelinux
CVE-2021-29427
2021-04-13 20:15:00
CVE-2021-29428
2021-04-13 20:15:00
CVE-2021-29429
2021-04-12 22:15:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1867-1)
2023-04-18 00:00:00
Debian: Security Advisory (DLA-3018-1)
2022-05-21 00:00:00
openSUSE: Security Advisory for netty3 (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
cve
cve
CVE-2021-29427
2021-04-13 20:15:21
CVE-2021-29429
2021-04-12 22:15:13
CVE-2021-29428
2021-04-13 20:15:21
ubuntucve
ubuntucve
CVE-2021-29428
2021-04-13 00:00:00
CVE-2021-29427
2021-04-13 00:00:00
CVE-2021-29429
2021-04-12 00:00:00
prion
prion
Information disclosure
2021-04-12 22:15:00
Design/Logic Flaw
2021-04-13 20:15:00
Directory traversal
2021-04-13 20:15:00
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : gradle (SUSE-SU-2023:1867-1)
2023-04-18 00:00:00
EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-1946)
2022-06-22 00:00:00
SUSE SLED15 / SLES15 Security Update : netty3 (SUSE-SU-2022:2047-1)
2022-06-14 00:00:00
nvd
nvd
CVE-2021-29427
2021-04-13 20:15:21
CVE-2021-29428
2021-04-13 20:15:21
CVE-2021-29429
2021-04-12 22:15:13
f5
f5
K69124112 : PostgreSQL JDBC vulnerability CVE-2022-21724
2022-04-29 00:00:00
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-05-19 03:07:16
CVE-2022-21724 vulnerabilities
2024-05-19 03:07:16
ibm
ibm
Security Bulletin: Vulnerability from Google Protocol Buffer affect IBM Operations Analytics - Log Analysis (CVE-2021-22569)
2022-11-07 11:28:53
Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is vulnerable to HTTP request smuggling due to Netty (CVE-2021-43797)
2022-03-30 09:48:30
Security Bulletin: IBM MaaS360 Cloud Extender Configuration Utility and Mobile Enterprise Gateway have vulnerability (CVE-2021-43797)
2022-05-02 15:06:03
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-07-03 09:08:38
CVE-2022-21724 vulnerabilities
2024-07-03 09:08:38
github
github
HTTP request smuggling in netty
2021-12-09 19:09:17
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
2022-02-02 00:04:20
veracode
veracode
Denial Of Service (DoS)
2022-06-01 09:52:03
Denial Of Service (DoS)
2022-01-10 05:41:50
HTTP Request Smuggling
2021-12-10 07:49:39
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
cbl_mariner
cbl_mariner
CVE-2022-21363 affecting package mysql for versions less than 8.0.28-1
2022-04-09 06:53:03
CVE-2022-21363 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
2022-04-20 20:14:01
cnvd
cnvd
Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)
2022-01-26 00:00:00
suse
suse
Security update for netty3 (moderate)
2022-06-13 00:00:00
Security update for protobuf (important)
2022-11-09 00:00:00
Security update for netty (important)
2022-04-20 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.25-1.fc35
2022-04-14 16:07:47
debian
debian
[SECURITY] [DLA 3018-1] libpgjava security update
2022-05-20 20:43:57
[SECURITY] [DSA 5196-1] libpgjava security update
2022-07-31 11:22:59
[SECURITY] [DLA 3393-1] protobuf security update
2023-04-18 07:12:21
redhat
redhat
(RHSA-2022:1345) Moderate: Red Hat AMQ Streams 2.1.0 release and security update
2022-04-13 11:23:09
(RHSA-2022:7896) Moderate: Red Hat Integration Debezium 1.9.7 security update
2022-11-09 13:46:18
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
2022-10-06 12:24:42
ubuntu
ubuntu
Protocol Buffers vulnerabilities
2023-03-13 00:00:00

0.018 Low

EPSS

Percentile

88.2%

JSON
Related for RHSA-2022:4623
osv24cvelist9debiancve7redhatcve9alpinelinux4openvas16cve9ubuntucve7prion9nessus28nvd9f52cgr2ibm23wolfi2github6veracode6githubexploit1cbl_mariner2atlassian2cnvd1suse3fedora1debian5redhat11ubuntu1