CVE-2023-21971

all versions

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are

5.3MEDIUM

CVE-2023-21824

all versions

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications (component:

4.4MEDIUM

CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-22963

all versions

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

9.8CRITICAL

CVE-2022-0322

all versions

A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kern

5.5MEDIUM

CVE-2021-4203

all versions

A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen

6.8MEDIUM

CVE-2022-0002

all versions

Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potential

6.5MEDIUM

CVE-2022-0001

all versions

Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to

6.5MEDIUM

CVE-2021-3737

all versions

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who

7.5HIGH

CVE-2021-3744

all versions

A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allo

5.5MEDIUM

CVE-2021-3743

all versions

An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check

7.1HIGH

CVE-2021-4002

all versions

A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice us

4.4MEDIUM

CVE-2021-3772

all versions

A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks

6.5MEDIUM

CVE-2022-25636

all versions

net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-o

7.8HIGH

CVE-2021-20322

all versions

A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was fo

7.4HIGH

CVE-2021-3773

all versions

A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in t

9.8CRITICAL

CVE-2021-3752

all versions

A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and discon

7.1HIGH

CVE-2022-0286

all versions

A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service.

5.5MEDIUM

CVE-2022-23181

all versions

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.

7.0HIGH

CVE-2021-4083

all versions

A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way u

7.0HIGH

CVE-2021-42392

all versions

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the

9.8CRITICAL

CVE-2021-22569

all versions

An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be proce

7.5HIGH

CVE-2021-45486

all versions

In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is v

3.5LOW

CVE-2021-45485

all versions

In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain us

7.5HIGH

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-34141

all versions

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect

5.3MEDIUM

CVE-2021-43818

all versions

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets c

8.2HIGH

CVE-2021-43797

all versions

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protoco

6.5MEDIUM

CVE-2021-43976

all versions

In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can con

4.6MEDIUM

CVE-2021-3572

all versions

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use th

5.7MEDIUM

CVE-2021-43389

all versions

An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr func

5.5MEDIUM

CVE-2020-27820

all versions

A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing devic

4.7MEDIUM

CVE-2021-35574

all versions

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The support

7.5HIGH

CVE-2021-2471

all versions

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8

5.9MEDIUM

CVE-2021-42739

all versions

The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c a

6.7MEDIUM

CVE-2021-37136

all versions

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects th

7.5HIGH

CVE-2021-38153

all versions

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make

5.9MEDIUM

CVE-2021-3807

all versions

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

7.5HIGH

CVE-2021-23440

all versions

This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-

7.3HIGH

CVE-2021-39152

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39150

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39140

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

6.5MEDIUM

CVE-2021-39154

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39153

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39151

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39149

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39148

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39147

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39146

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39145

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39144

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39141

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39139

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-21781

all versions

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest ve

3.3LOW

CVE-2021-32827

all versions

MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that

6.1MEDIUM

CVE-2021-37159

all versions

hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the N

6.4MEDIUM

CVE-2021-33037

all versions

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding reque

5.3MEDIUM

CVE-2021-30640

all versions

A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or

6.5MEDIUM

CVE-2021-3612

all versions

An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the w

7.8HIGH

CVE-2021-22119

all versions

Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptib

7.5HIGH

CVE-2021-28169

all versions

For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded

5.3MEDIUM

CVE-2021-33880

all versions

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authenticat

5.9MEDIUM

CVE-2020-28469

all versions

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing pa

5.3MEDIUM

CVE-2021-3520

all versions

There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer

9.8CRITICAL

CVE-2020-14340

all versions

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between g

5.9MEDIUM

CVE-2021-22118

all versions

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-28170

all versions

In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressi

5.3MEDIUM

CVE-2021-3200

all versions

Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver testcase_read(Pool pool, FILE fp, const char testcase, Que

3.3LOW

CVE-2021-28168

all versions

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due t

6.2MEDIUM

CVE-2021-29425

all versions

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2021-28165

all versions

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a

7.5HIGH

CVE-2021-21409

all versions

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor

5.9MEDIUM

CVE-2020-13936

all versions

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the sa

8.8HIGH

CVE-2021-21295

all versions

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high perfor

5.9MEDIUM

CVE-2021-25329

all versions

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0

7.0HIGH

CVE-2021-25122

all versions

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61

7.5HIGH

CVE-2021-27568

all versions

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a f

5.9MEDIUM

CVE-2021-23841

all versions

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and seria

5.9MEDIUM

CVE-2021-23840

all versions

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the

7.5HIGH

CVE-2021-23337

all versions

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2HIGH

CVE-2020-28500

all versions

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd

5.3MEDIUM

CVE-2020-13949

all versions

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation,

7.5HIGH

CVE-2020-29582

all versions

In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. An attacker was able to

5.3MEDIUM

CVE-2020-8554

all versions

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs fie

6.3MEDIUM

CVE-2020-36183

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36182

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36180

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36179

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad

8.1HIGH

CVE-2020-36189

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36188

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36187

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36186

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36185

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36184

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36181

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35728

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-35491

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35490

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-29363

all versions

An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol us

7.5HIGH

CVE-2020-8286

all versions

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the O

7.5HIGH

CVE-2020-8285

all versions

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match pa

7.5HIGH

CVE-2020-8284

all versions

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and p

3.7LOW

CVE-2020-8231

all versions

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5HIGH

CVE-2020-17527

all versions

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59

7.5HIGH

CVE-2020-4788

all versions

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L

4.7MEDIUM

CVE-2020-28196

all versions

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message

7.5HIGH

CVE-2020-15250

all versions

In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryFolder contains a local information disclosure vulnerability.

4.4MEDIUM

CVE-2020-0404

all versions

In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lea

5.5MEDIUM

CVE-2019-20916

all versions

The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Dis

7.5HIGH

CVE-2020-24553

all versions

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Ty

6.1MEDIUM

CVE-2020-15824

all versions

In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. Fixed version is 1.4.0) there is a scrip

8.8HIGH

CVE-2020-16135

all versions

libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL.

5.9MEDIUM

CVE-2020-8203

all versions

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

7.4HIGH

CVE-2020-13935

all versions

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8

7.5HIGH

CVE-2020-15358

all versions

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because o

5.5MEDIUM

CVE-2020-14155

all versions

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

5.3MEDIUM

CVE-2020-13434

all versions

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

5.5MEDIUM

CVE-2020-9484

all versions

When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attack

7.0HIGH

CVE-2020-5398

all versions

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an applica

7.5HIGH

CVE-2019-12399

all versions

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config pro

7.5HIGH

CVE-2019-18276

all versions

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effe

7.8HIGH

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10086

all versions

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker

7.3HIGH

CVE-2019-3799

all versions

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older un

6.5MEDIUM

CVE-2017-9735

all versions

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obt

7.5HIGH