CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2021-37714

>= 17.0 and <= 19.0

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vu

7.5HIGH

CVE-2021-30129

all versions

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issu

6.5MEDIUM

CVE-2021-31812

all versions

In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFB

5.5MEDIUM

CVE-2021-31811

all versions

In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apa

5.5MEDIUM

CVE-2021-22118

>= 16.0 and <= 19.0

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-27906

all versions

A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version

5.5MEDIUM

CVE-2021-27807

all versions

A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22

5.5MEDIUM

CVE-2021-23337

all versions

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

7.2HIGH

CVE-2020-28500

all versions

Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd

5.3MEDIUM

CVE-2021-2057

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

6.3MEDIUM

CVE-2020-36183

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36182

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36180

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36179

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oad

8.1HIGH

CVE-2020-36189

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36188

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-36187

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36186

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36185

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36184

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-36181

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-35728

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com

8.1HIGH

CVE-2020-35491

>= 16.0 and <= 19.0

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org

8.1HIGH

CVE-2020-8908

>= 16.0 and <= 19.0

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potent

3.3LOW

CVE-2020-13956

>= 16.0 and <= 19.0

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed

5.3MEDIUM

CVE-2020-25638

all versions

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the J

7.4HIGH

CVE-2020-14732

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

3.1LOW

CVE-2020-14731

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

3.1LOW

CVE-2020-5421

>= 16.0 and <= 19.0

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

6.5MEDIUM

CVE-2020-5413

>= 16.0 and <= 19.0

Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is config

9.8CRITICAL

CVE-2020-14710

all versions

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security).

5.4MEDIUM

CVE-2020-14709

all versions

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). Supp

7.1HIGH

CVE-2020-14708

all versions

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). S

4.3MEDIUM

CVE-2020-10683

all versions

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H

9.8CRITICAL

CVE-2020-11022

all versions

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery

6.9MEDIUM

CVE-2020-9488

all versions

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in

3.7LOW

CVE-2020-2953

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

9.8CRITICAL

CVE-2020-2650

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

6.5MEDIUM

CVE-2020-2649

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

3.3LOW

CVE-2020-2648

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

6.2MEDIUM

CVE-2020-2567

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

4.8MEDIUM

CVE-2019-10219

>= 16.0 and <= 19.0

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-2884

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

5.9MEDIUM

CVE-2019-2883

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (componen

4.6MEDIUM

CVE-2019-17267

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.E

9.8CRITICAL

CVE-2019-16335

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDa

9.8CRITICAL

CVE-2019-14540

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariCo

9.8CRITICAL

CVE-2019-14439

all versions

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is ena

7.5HIGH

CVE-2019-14379

all versions

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.

9.8CRITICAL

CVE-2018-3316

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcom

7.6HIGH

CVE-2018-3315

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcom

8.2HIGH

CVE-2018-11307

all versions

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class

9.8CRITICAL

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2019-3772

all versions

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupport

9.8CRITICAL

CVE-2018-14718

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-3053

all versions

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation component of Oracle Retail Applications (subcom

6.4MEDIUM