| 2022-04-21 | CVE-2022-22969 | <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. | 6.5 |
| 2021-12-09 | CVE-2021-43797 | HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
| 2021-04-13 | CVE-2021-29425 | Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | 4.8 |
| 2021-03-30 | CVE-2021-21409 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-02-15 | CVE-2020-28500 | Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions. | 5.3 |
| 2021-02-08 | CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.5 |
| 2020-09-19 | CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 |
| 2019-11-08 | CVE-2019-10219 | Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator. | 6.1 |
| 2019-09-09 | CVE-2019-16168 | Divide By Zero vulnerability in multiple products
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." | 6.5 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |