CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-22963

all versions

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

9.8CRITICAL

CVE-2022-22947

all versions

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate

10.0CRITICAL

CVE-2022-23308

all versions

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2022-24407

all versions

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement

8.8HIGH

CVE-2022-23219

all versions

The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its ho

9.8CRITICAL

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-3572

all versions

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use th

5.7MEDIUM

CVE-2021-43396

all versions

In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' cha

7.5HIGH

CVE-2021-22947

all versions

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

all versions

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-36160

all versions

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affe

7.5HIGH

CVE-2021-34798

all versions

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

7.5HIGH

CVE-2021-38604

all versions

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data

7.5HIGH

CVE-2021-22901

all versions

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

all versions

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

all versions

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2021-33560

all versions

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-c

7.5HIGH

CVE-2021-3517

all versions

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a

8.6HIGH

CVE-2021-3518

all versions

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2021-3537

all versions

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2021-3448

all versions

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsma

4.0MEDIUM

CVE-2020-14343

all versions

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution w

9.8CRITICAL

CVE-2020-36242

all versions

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values co

9.1CRITICAL

CVE-2021-3177

all versions

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in ce

9.8CRITICAL

CVE-2020-25659

all versions

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PK

5.9MEDIUM

CVE-2020-1971

all versions

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar

5.9MEDIUM

CVE-2020-27619

all versions

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

9.8CRITICAL

CVE-2020-26137

all versions

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and

6.5MEDIUM

CVE-2020-7733

all versions

The package ua-parser-js before 0.7.22 are vulnerable to Regular Expression Denial of Service (ReDoS) via the regex for Redmi Phon

7.5HIGH

CVE-2019-20916

all versions

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Dis

7.5HIGH

CVE-2020-24977

all versions

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The

6.5MEDIUM

CVE-2020-7017

all versions

In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS flaw. An attacker who is able to

6.7MEDIUM

CVE-2020-7016

all versions

Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attacker can construct a URL that w

4.8MEDIUM

CVE-2020-1747

all versions

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution

9.8CRITICAL

CVE-2019-15606

all versions

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value

9.8CRITICAL

CVE-2019-15604

all versions

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

7.5HIGH

CVE-2019-16792

all versions

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a d

7.1HIGH

CVE-2020-7595

all versions

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5HIGH

CVE-2019-20388

all versions

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5HIGH

CVE-2019-16789

all versions

In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker t

7.1HIGH

CVE-2019-16786

all versions

Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was

7.1HIGH

CVE-2019-16785

all versions

Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-l

7.1HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10746

all versions

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be trick

9.8CRITICAL

CVE-2018-15686

all versions

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via Notify

7.8HIGH