CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-2351

all versions

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-35043

all versions

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was

6.1MEDIUM

CVE-2021-36090

all versions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35517

all versions

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35516

all versions

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

7.5HIGH

CVE-2021-35515

all versions

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

7.5HIGH

CVE-2020-6950

all versions

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con paramet

6.5MEDIUM

CVE-2021-29425

all versions

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2021-21351

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability m

5.4MEDIUM

CVE-2021-21350

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21349

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21348

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21347

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21346

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21345

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.8MEDIUM

CVE-2021-21344

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21343

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21342

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21341

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability whi

7.5HIGH

CVE-2020-13936

>= 2.3.0 and <= 2.4.1

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the sa

8.8HIGH

CVE-2020-9281

all versions

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inje

6.1MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM