CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-22963

all versions

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

9.8CRITICAL

CVE-2020-36518

all versions

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5HIGH

CVE-2022-22946

all versions

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted ce

5.5MEDIUM

CVE-2022-22947

all versions

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate

10.0CRITICAL

CVE-2022-24407

all versions

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement

8.8HIGH

CVE-2022-23221

all versions

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNO

9.8CRITICAL

CVE-2021-22569

all versions

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be proce

7.5HIGH

CVE-2021-22060

all versions

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide

4.3MEDIUM

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-41973

all versions

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder

6.5MEDIUM

CVE-2021-22096

all versions

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide

4.3MEDIUM

CVE-2021-2471

all versions

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8

5.9MEDIUM

CVE-2021-22947

all versions

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

all versions

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-3712

all versions

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string dat

7.4HIGH

CVE-2021-30129

all versions

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issu

6.5MEDIUM

CVE-2020-14340

all versions

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between g

5.9MEDIUM

CVE-2021-21409

all versions

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor

5.9MEDIUM

CVE-2021-20289

all versions

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as pa

5.3MEDIUM

CVE-2020-25638

all versions

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the J

7.4HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10086

all versions

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker

7.3HIGH