CVE-2021-43859

>= 8.0.0 and <= 8.1.0

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote att

7.5HIGH

CVE-2021-40690

>= 8.0.0 and <= 8.1.0

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureVali

7.5HIGH

CVE-2021-2351

>= 8.0.0 and <= 8.2.3

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-36374

>= 8.0.0 and <= 8.1.0

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36090

>= 8.0.0 and <= 8.2.3

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35517

>= 8.0.0 and <= 8.2.3

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35516

>= 8.0.0 and <= 8.2.3

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

7.5HIGH

CVE-2021-35515

>= 8.0.0 and <= 8.2.3

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

7.5HIGH

CVE-2021-22118

>= 8.0.0 and <= 8.1.0

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-29425

>= 8.0.0 and <= 8.1.0

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2021-22696

>= 8.0.0 and <= 8.1.0

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth

7.5HIGH

CVE-2020-17530

all versions

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :

9.8CRITICAL

CVE-2020-1971

>= 8.0.0 and <= 8.1.0

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar

5.9MEDIUM

CVE-2020-11971

>= 8.0.0 and <= 8.1.0

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users

7.5HIGH