CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-23632

all versions

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS

7.4HIGH

CVE-2022-23307

all versions

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a compon

8.8HIGH

CVE-2022-23305

all versions

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted a

9.8CRITICAL

CVE-2022-23302

all versions

JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the

8.8HIGH

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-4104

all versions

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config

7.5HIGH

CVE-2021-39152

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39150

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39140

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

6.5MEDIUM

CVE-2021-39154

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39153

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39151

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39149

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39148

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39147

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39146

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39145

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39144

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39141

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-39139

all versions

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote

8.5HIGH

CVE-2021-36374

all versions

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36373

all versions

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead

5.5MEDIUM

CVE-2021-36090

all versions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-29505

all versions

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may al

7.5HIGH

CVE-2021-22118

all versions

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-21351

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability m

5.4MEDIUM

CVE-2021-21350

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21349

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21348

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21347

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21346

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

6.1MEDIUM

CVE-2021-21345

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.8MEDIUM

CVE-2021-21344

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21343

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21342

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability w

5.3MEDIUM

CVE-2021-21341

all versions

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability whi

7.5HIGH

CVE-2021-22112

all versions

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions c

8.8HIGH

CVE-2020-36183

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36182

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36180

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36179

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad

8.1HIGH

CVE-2020-36189

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36188

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36187

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36186

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36185

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36184

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36181

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35728

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-35491

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35490

all versions

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-25649

all versions

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab

7.5HIGH

CVE-2020-11979

all versions

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u

7.5HIGH

CVE-2020-5421

all versions

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

6.5MEDIUM

CVE-2020-24750

all versions

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-24616

all versions

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.

8.1HIGH

CVE-2020-10683

all versions

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H

9.8CRITICAL

CVE-2020-9488

all versions

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in

3.7LOW

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-17091

all versions

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaSe

6.1MEDIUM

CVE-2019-3740

all versions

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities du

6.5MEDIUM

CVE-2019-3738

all versions

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remo

6.5MEDIUM

CVE-2019-10086

all versions

In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker

7.3HIGH

CVE-2019-10173

all versions

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the sec

9.8CRITICAL

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2018-15756

all versions

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t

7.5HIGH

CVE-2018-11040

all versions

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications

7.5HIGH

CVE-2018-11039

all versions

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica

5.9MEDIUM

CVE-2018-1257

all versions

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application

6.5MEDIUM

CVE-2018-2571

all versions

Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcompon

5.4MEDIUM

CVE-2018-2570

all versions

Vulnerability in the Oracle Communications Unified Inventory Management component of Oracle Communications Applications (subcompon

6.3MEDIUM