CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-22963

all versions

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

9.8CRITICAL

CVE-2020-36518

all versions

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5HIGH

CVE-2022-22947

all versions

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gate

10.0CRITICAL

CVE-2022-23308

all versions

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

7.5HIGH

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-43797

all versions

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protoco

6.5MEDIUM

CVE-2021-43527

all versions

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded D

9.8CRITICAL

CVE-2021-2471

all versions

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8

5.9MEDIUM

CVE-2021-37136

all versions

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th

7.5HIGH

CVE-2021-22947

all versions

When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, t

5.9MEDIUM

CVE-2021-22946

all versions

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (

7.5HIGH

CVE-2021-37750

all versions

The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereferen

6.5MEDIUM

CVE-2021-22901

all versions

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3

8.1HIGH

CVE-2021-22898

all versions

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS

3.1LOW

CVE-2021-22897

all versions

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIP

5.3MEDIUM

CVE-2021-33560

all versions

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-c

7.5HIGH

CVE-2021-29921

all versions

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in s

9.8CRITICAL

CVE-2020-13949

all versions

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation,

7.5HIGH

CVE-2020-29582

all versions

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to

5.3MEDIUM

CVE-2021-21275

all versions

The MediaWiki "Report" extension has a Cross-Site Request Forgery (CSRF) vulnerability. Before fixed version, there was no protect

5.3MEDIUM

CVE-2020-8554

all versions

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs fie

6.3MEDIUM

CVE-2020-28052

all versions

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa

8.1HIGH

CVE-2020-8908

all versions

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potent

3.3LOW

CVE-2019-20330

all versions

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.

9.8CRITICAL

CVE-2019-0210

all versions

In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with i

7.5HIGH

CVE-2019-0205

all versions

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific

7.5HIGH

CVE-2019-17531

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith

9.8CRITICAL

CVE-2019-16943

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith

9.8CRITICAL

CVE-2019-16942

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (eith

9.8CRITICAL