CVE-2021-36374

all versions

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36373

all versions

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead

5.5MEDIUM

CVE-2020-11987

all versions

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi

8.2HIGH

CVE-2021-1994

all versions

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that

9.8CRITICAL

CVE-2019-17566

all versions

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By

7.5HIGH

CVE-2020-11979

all versions

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u

7.5HIGH

CVE-2020-11998

all versions

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer,

9.8CRITICAL

CVE-2020-11994

all versions

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

7.5HIGH

CVE-2020-1941

all versions

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

6.1MEDIUM

CVE-2020-1945

all versions

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.

6.3MEDIUM

CVE-2019-12415

all versions

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially cra

5.5MEDIUM

CVE-2019-2904

all versions

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that

9.8CRITICAL

CVE-2019-0188

all versions

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vuln

7.5HIGH

CVE-2019-0222

all versions

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unrespons

7.5HIGH

CVE-2018-3246

all versions

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported ve

7.5HIGH

CVE-2018-11775

all versions

TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable t

7.4HIGH

CVE-2018-1000613

all versions

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-47

9.8CRITICAL

CVE-2018-1000180

all versions

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair genera

7.5HIGH

CVE-2018-8013

all versions

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream

9.8CRITICAL

CVE-2018-1258

all versions

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when

8.8HIGH

CVE-2017-10048

all versions

Vulnerability in the Oracle Enterprise Repository component of Oracle Fusion Middleware (subcomponent: Web Interface). Supported v

8.2HIGH