1.14.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-06	CVE-2021-33880	Information Exposure Through Discrepancy vulnerability in multiple products The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). network high complexity websockets-project oracle CWE-203	5.9
2021-06-03	CVE-2020-28469	Resource Exhaustion vulnerability in multiple products This affects the package glob-parent before 5.1.2. network low complexity gulpjs oracle CWE-400	7.5
2021-06-02	CVE-2020-14340	A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. network high complexity redhat oracle	5.9
2021-06-02	CVE-2021-3520	There's a flaw in lz4. network low complexity lz4-project netapp oracle splunk critical	9.8
2021-05-27	CVE-2021-22118	Exposure of Resource to Wrong Sphere vulnerability in multiple products In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. local low complexity vmware oracle netapp CWE-668	7.8
2021-05-26	CVE-2021-28170	Expression Language Injection vulnerability in multiple products In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. network low complexity eclipse quarkus oracle CWE-917	5.3
2021-04-13	CVE-2021-29425	Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. network high complexity apache debian oracle netapp CWE-22	4.8
2021-04-01	CVE-2021-28165	Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. network low complexity eclipse oracle jenkins netapp CWE-755	7.5
2021-03-30	CVE-2021-21409	Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. network high complexity netty debian netapp oracle quarkus	5.9
2021-03-10	CVE-2020-13936	An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. network low complexity apache debian oracle	8.8