| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-07-21 | CVE-2021-2351 | Session Fixation vulnerability in Oracle products
Vulnerability in the Advanced Networking Option component of Oracle Database Server. | 8.3 |
| 2021-07-14 | CVE-2021-36373 | When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-07-14 | CVE-2021-36374 | When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. | 5.5 |
| 2021-05-27 | CVE-2021-22118 | Exposure of Resource to Wrong Sphere vulnerability in multiple products
In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data. | 7.8 |
| 2020-10-01 | CVE-2020-11979 | As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. | 7.5 |
| 2020-09-19 | CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 |
| 2020-05-14 | CVE-2020-1945 | Exposure of Resource to Wrong Sphere vulnerability in multiple products
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. | 6.3 |
| 2020-04-27 | CVE-2020-9488 | Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. | 3.7 |
| 2020-01-17 | CVE-2020-5397 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. | 5.3 |