CVE-2021-2351

all versions

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-35043

all versions

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was

6.1MEDIUM

CVE-2021-36374

>= 11.0 and <= 11.3.1

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36373

>= 11.0 and <= 11.3.1

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead

5.5MEDIUM

CVE-2021-36090

all versions

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35517

all versions

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-35516

all versions

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out

7.5HIGH

CVE-2021-35515

all versions

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infi

7.5HIGH

CVE-2021-22118

>= 11.0 and <= 11.3.1

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-29425

all versions

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2020-11987

>= 11.0 and <= 11.3.1

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By usi

8.2HIGH

CVE-2021-22112

all versions

Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions c

8.8HIGH

CVE-2020-36183

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36182

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36180

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36179

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad

8.1HIGH

CVE-2020-36189

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36188

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36187

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36186

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36185

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36184

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36181

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35728

>= 11.1.0 and <= 11.3.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-17521

>= 11.0 and <= 11.3.1

Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of

5.5MEDIUM

CVE-2020-25649

>= 11.1.0 and <= 11.3.0

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerab

7.5HIGH

CVE-2020-5421

>= 11.1.0 and <= 11.3.0

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

6.5MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-17195

>= 11.0 and <= 11.3.1

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an applica

9.8CRITICAL

CVE-2018-1258

all versions

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when

8.8HIGH

CVE-2017-5645

all versions

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot

9.8CRITICAL