CVE-2022-23307

all versions

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon

8.8HIGH

CVE-2022-23305

all versions

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a

9.8CRITICAL

CVE-2022-23302

all versions

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the

8.8HIGH

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-2351

all versions

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2020-6950

all versions

Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con paramet

6.5MEDIUM

CVE-2021-22118

all versions

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2020-13936

all versions

An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the sa

8.8HIGH

CVE-2019-17571

>= 7.3.2 and <= 7.3.6

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to re

9.8CRITICAL

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-2904

>= 7.3.2 and <= 7.3.6

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that

9.8CRITICAL

CVE-2019-17091

all versions

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaSe

6.1MEDIUM

CVE-2019-3740

all versions

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities du

6.5MEDIUM

CVE-2019-3739

all versions

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities durin

6.5MEDIUM

CVE-2019-3738

all versions

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remo

6.5MEDIUM

CVE-2019-10086

all versions

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker

7.3HIGH

CVE-2019-2729

>= 7.3.2 and <= 7.3.6

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions

9.8CRITICAL

CVE-2019-0227

all versions

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur

7.5HIGH

CVE-2018-8032

all versions

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1MEDIUM

CVE-2018-11040

>= 7.3.2 and <= 7.3.6

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications

7.5HIGH

CVE-2018-11039

>= 7.3.2 and <= 7.3.6

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica

5.9MEDIUM

CVE-2018-1258

>= 7.3.2 and <= 7.3.6

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when

8.8HIGH

CVE-2017-5645

>= 7.3.2 and <= 7.3.6

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot

9.8CRITICAL