| 2024-07-16 | CVE-2024-21145 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). | 4.8 |
| 2023-02-17 | CVE-2023-0482 | Creation of Temporary File With Insecure Permissions vulnerability in multiple products
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
| 2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
| 2022-08-29 | CVE-2022-36033 | Cross-site Scripting vulnerability in multiple products
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. | 6.1 |
| 2022-08-23 | CVE-2022-35278 | Cross-site Scripting vulnerability in multiple products
In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 6.1 |
| 2022-05-24 | CVE-2021-3597 | Race Condition vulnerability in multiple products
A flaw was found in undertow. | 5.9 |
| 2022-05-24 | CVE-2021-3629 | Resource Exhaustion vulnerability in multiple products
A flaw was found in Undertow. | 5.9 |
| 2022-05-06 | CVE-2022-24823 | Netty is an open-source, asynchronous event-driven network application framework. | 5.5 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-01-26 | CVE-2021-22570 | NULL Pointer Dereference vulnerability in multiple products
Nullptr dereference when a null char is present in a proto symbol. | 5.5 |