CVE-2023-21971

all versions

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are

5.3MEDIUM

CVE-2023-21824

all versions

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component:

4.4MEDIUM

CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-0322

all versions

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kern

5.5MEDIUM

CVE-2021-4203

all versions

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen

6.8MEDIUM

CVE-2021-4157

all versions

An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirro

8.0HIGH

CVE-2021-4197

all versions

An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way

7.8HIGH

CVE-2022-1011

all versions

A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a loc

7.8HIGH

CVE-2022-0002

all versions

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potential

6.5MEDIUM

CVE-2022-0001

all versions

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to

6.5MEDIUM

CVE-2020-36518

all versions

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5HIGH

CVE-2021-3737

all versions

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who

7.5HIGH

CVE-2022-22946

all versions

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted ce

5.5MEDIUM

CVE-2021-3744

all versions

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allo

5.5MEDIUM

CVE-2021-3743

all versions

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check

7.1HIGH

CVE-2022-22947

all versions

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate

10.0CRITICAL

CVE-2021-4002

all versions

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice us

4.4MEDIUM

CVE-2021-3772

all versions

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks

6.5MEDIUM

CVE-2022-23308

all versions

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2022-24329

all versions

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

5.3MEDIUM

CVE-2022-25636

all versions

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-o

7.8HIGH

CVE-2021-20322

all versions

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was fo

7.4HIGH

CVE-2021-3773

all versions

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in t

9.8CRITICAL

CVE-2021-3752

all versions

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and discon

7.1HIGH

CVE-2022-0286

all versions

A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.

5.5MEDIUM

CVE-2021-4083

all versions

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way u

7.0HIGH

CVE-2022-23219

all versions

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its ho

9.8CRITICAL

CVE-2021-45486

all versions

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is v

3.5LOW

CVE-2021-45485

all versions

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain us

7.5HIGH

CVE-2021-43818

all versions

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets c

8.2HIGH

CVE-2021-43797

all versions

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protoco

6.5MEDIUM

CVE-2021-43527

all versions

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded D

9.8CRITICAL

CVE-2021-43976

all versions

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can con

4.6MEDIUM

CVE-2021-43396

all versions

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' cha

7.5HIGH

CVE-2021-43389

all versions

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr func

5.5MEDIUM

CVE-2020-27820

all versions

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing devic

4.7MEDIUM

CVE-2021-42739

all versions

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c a

6.7MEDIUM

CVE-2021-37137

all versions

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also

7.5HIGH

CVE-2021-37136

all versions

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th

7.5HIGH

CVE-2021-22947

all versions

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

all versions

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-39152

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39150

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39140

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

6.5MEDIUM

CVE-2021-39154

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39153

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39151

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39149

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39148

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39147

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39146

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39145

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39144

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39141

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39139

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-21781

all versions

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest ve

3.3LOW

CVE-2021-38604

all versions

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data

7.5HIGH

CVE-2021-37159

all versions

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the N

6.4MEDIUM

CVE-2021-34429

all versions

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to acce

5.3MEDIUM

CVE-2021-36374

all versions

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36373

all versions

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead

5.5MEDIUM

CVE-2021-3612

all versions

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the w

7.8HIGH

CVE-2021-22901

all versions

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

all versions

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

all versions

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2021-33560

all versions

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-c

7.5HIGH

CVE-2021-22118

all versions

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-3426

all versions

There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent us

5.7MEDIUM

CVE-2021-29921

all versions

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in s

9.8CRITICAL

CVE-2021-23337

all versions

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2HIGH

CVE-2020-17527

all versions

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59

7.5HIGH

CVE-2020-4788

all versions

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L

4.7MEDIUM

CVE-2020-0404

all versions

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lea

5.5MEDIUM

CVE-2020-9484

all versions

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attack

7.0HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM