Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:1006
HistoryMar 08, 2023 - 2:51 p.m.

(RHSA-2023:1006) Important: Red Hat build of Quarkus 2.7.7 release and security update

2023-03-0814:51:11
access.redhat.com
57
red hat quarkus 2.7.7
security update
cve fixes
information disclosure
sql injection
remote code execution
denial of service

0.972 High

EPSS

Percentile

99.8%

JSON

This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug
fixes, and enhancements. For more information, see the release notes page listed
in the References section.

Security Fix(es):

*CVE-2023-0044 quarkus-vertx-http: a cross-site attack may be initiated which might lead to the Information Disclosure [quarkus-2]

*CVE-2022-41946 jdbc-postgresql: postgresql-jdbc: PreparedStatement.setText(int, InputStream) will create a temporary file if the InputStream is larger than 2k [quarkus-2]

*CVE-2022-31197 postgresql: SQL Injection in ResultSet.refreshRow() with malicious column names [quarkus-2.7]

*CVE-2022-42004 jackson-databind: use of deeply nested arrays [quarkus-2.7]

*CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS [quarkus-2.7]

*CVE-2022-42889 commons-text: apache-commons-text: variable interpolation RCE [quarkus-2.7]

*CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [quarkus-2]

*CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element’s hash values raising a stack overflow [quarkus-2.7]

*CVE-2022-3171 protobuf-java: timeout in parser leads to DoS [quarkus-2]

Related

redhat 9
nessus 46
ibm 48
gentoo 1
openvas 19
mageia 1
debian 6
osv 19
fedora 3
cvelist 3
cve 2
github 2
amazon 1
oraclelinux 3
suse 2
debiancve 3
nvd 3
cgr 1
prion 3
veracode 4
ubuntucve 3
redhatcve 3
alpinelinux 2
wolfi 1
almalinux 3
broadcom 1
atlassian 3
githubexploit 1
freebsd 1
rocky 1
cnvd 1
redhat
redhat
(RHSA-2022:9032) Important: Red Hat build of Eclipse Vert.x 4.3.4 security update
2022-12-15 12:38:08
(RHSA-2022:9023) Important: Red Hat build of Quarkus 2.13.5 release and security update
2022-12-14 13:13:39
(RHSA-2023:1177) Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update
2023-03-09 10:45:20
nessus
nessus
Oracle Primavera Gateway (Jan 2023 CPU)
2023-01-20 00:00:00
GLSA-202210-21 : FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
SUSE SLED15 / SLES15 Security Update : jackson-databind (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
ibm
ibm
Security Bulletin: IBM Tivoli Netcool/OMNIbus Probe and Integrations Library are affected by vulnerabilities in FasterXML jackson-databind (CVE-2022-42004, CVE-2022-42003)
2022-12-14 01:45:31
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to denial of service due to FasterXML jackson-databind (CVE-2022-42003, CVE-2022-42004)
2023-02-09 18:02:05
Security Bulletin: There are several vulnerabilities in jackson-databind used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-42003, CVE-2022-42004)
2023-05-02 21:10:24
gentoo
gentoo
FasterXML jackson-databind: Multiple vulnerabilities
2022-10-31 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3995-1)
2022-11-16 00:00:00
Mageia: Security Advisory (MGASA-2024-0069)
2024-03-18 00:00:00
Debian: Security Advisory (DSA-5283-1)
2022-11-18 00:00:00
mageia
mageia
Updated jackson-databind packages fix security vulnerabilities
2024-03-16 19:28:17
debian
debian
[SECURITY] [DLA 3207-1] jackson-databind security update
2022-11-27 18:53:52
[SECURITY] [DSA 5283-1] jackson-databind security update
2022-11-17 11:17:07
[SECURITY] [DLA 3140-1] libpgjava security update
2022-10-08 01:00:06
osv
osv
jackson-databind - security update
2022-11-27 00:00:00
jackson-databind - security update
2022-11-17 00:00:00
BIT-postgresql-jdbc-driver-2022-31197
2024-03-06 11:02:11
fedora
fedora
[SECURITY] Fedora 36 Update: postgresql-jdbc-42.3.1-4.fc36
2022-10-05 01:01:52
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.26-1.fc35
2022-10-05 01:04:52
[SECURITY] Fedora 37 Update: postgresql-jdbc-42.4.3-1.fc37
2023-01-13 01:32:00
cvelist
cvelist
CVE-2022-31197 SQL Injection in ResultSet.refreshRow() with malicious column names in pgjdbc
2022-08-03 00:00:00
CVE-2022-41966 XStream Denial of Service via stack overflow
2022-12-27 23:07:54
CVE-2022-41946 TemporaryFolder on unix-like systems does not limit access to created files in pgjdbc
2022-11-23 00:00:00
cve
cve
CVE-2022-31197
2022-08-03 19:15:08
CVE-2022-41966
2022-12-28 00:15:14
github
github
XStream can cause Denial of Service via stack overflow
2022-12-29 01:48:08
PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names
2022-08-06 05:51:38
amazon
amazon
Important: xstream
2023-03-30 18:56:00
oraclelinux
oraclelinux
postgresql-jdbc security update
2023-01-24 00:00:00
postgresql-jdbc security update
2023-05-15 00:00:00
postgresql-jdbc security update
2023-05-24 00:00:00
suse
suse
Security update for postgresql-jdbc (important)
2022-10-18 00:00:00
Security update for postgresql-jdbc (important)
2022-10-06 00:00:00
debiancve
debiancve
CVE-2022-31197
2022-08-03 19:15:08
CVE-2022-41966
2022-12-28 00:15:14
CVE-2022-41946
2022-11-23 20:15:10
nvd
nvd
CVE-2022-31197
2022-08-03 19:15:08
CVE-2022-41946
2022-11-23 20:15:10
CVE-2022-41966
2022-12-28 00:15:14
cgr
cgr
CVE-2022-31197 vulnerabilities
2024-05-19 03:07:16
prion
prion
Stack overflow
2022-12-28 00:15:00
Sql injection
2022-08-03 19:15:00
Code injection
2022-10-02 05:15:00
veracode
veracode
Denial Of Service(DoS)
2022-12-28 07:50:53
SQL Injection
2022-08-03 22:36:24
Information Disclosure
2022-11-24 07:01:27
ubuntucve
ubuntucve
CVE-2022-41966
2022-12-28 00:00:00
CVE-2022-41946
2022-11-23 00:00:00
CVE-2022-31197
2022-08-03 00:00:00
redhatcve
redhatcve
CVE-2022-41946
2022-12-14 14:35:37
CVE-2022-31197
2022-09-23 18:18:48
CVE-2022-41966
2023-02-16 11:56:06
alpinelinux
alpinelinux
CVE-2022-31197
2022-08-03 19:15:08
CVE-2022-41946
2022-11-23 20:15:10
wolfi
wolfi
CVE-2022-31197 vulnerabilities
2024-05-29 03:07:31
almalinux
almalinux
Moderate: postgresql-jdbc security update
2023-01-23 00:00:00
Moderate: postgresql-jdbc security update
2023-05-09 00:00:00
Moderate: postgresql-jdbc security update
2023-05-16 00:00:00
broadcom
broadcom
Vulnerable postgresql component found in SANnav RPM package
2023-08-29 00:00:00
atlassian
atlassian
Upgrade Postgres for CVE-2022-41946
2023-03-23 22:26:31
DoS (Denial of Service) com.fasterxml.jackson.core:jackson-databind Dependency in Crowd Data Center and Server
2024-04-09 01:54:04
Deserialization com.fasterxml.jackson.core:jackson-databind in Jira Software Data Center and Server
2023-11-12 13:45:26
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Xstream Project Xstream
2023-01-06 02:37:07
freebsd
freebsd
puppetdb -- Potential SQL injection
2022-08-03 00:00:00
rocky
rocky
postgresql-jdbc security update
2023-01-23 14:30:09
cnvd
cnvd
PostgreSQL JDBC Drive Information Disclosure Vulnerability
2022-11-25 00:00:00

0.972 High

EPSS

Percentile

99.8%

JSON
Related for RHSA-2023:1006
redhat9nessus46ibm48gentoo1openvas19mageia1debian6osv19fedora3cvelist3cve2github2amazon1oraclelinux3suse2debiancve3nvd3cgr1prion3veracode4ubuntucve3redhatcve3alpinelinux2wolfi1almalinux3broadcom1atlassian3githubexploit1freebsd1rocky1cnvd1