12.2.1.4.0

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-13	CVE-2021-35516	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache netapp oracle CWE-770	7.5
2021-07-13	CVE-2021-35517	Allocation of Resources Without Limits or Throttling vulnerability in multiple products When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache netapp oracle CWE-770	7.5
2021-07-13	CVE-2021-36090	When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. network low complexity apache oracle netapp	7.5
2021-05-28	CVE-2021-29505	Deserialization of Untrusted Data vulnerability in multiple products XStream is software for serializing Java objects to XML and back again. network low complexity xstream-project debian fedoraproject netapp oracle CWE-502	8.8
2021-04-13	CVE-2021-29425	Path Traversal vulnerability in multiple products In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. network high complexity apache debian oracle netapp CWE-22	4.8
2021-03-31	CVE-2021-28657	Infinite Loop vulnerability in multiple products A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. local low complexity apache oracle CWE-835	5.5
2021-03-23	CVE-2021-21351	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-434 critical	9.1
2021-03-23	CVE-2021-21350	Unrestricted Upload of File with Dangerous Type vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-434 critical	9.8
2021-03-23	CVE-2021-21349	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	8.6
2021-03-23	CVE-2021-21348	Resource Exhaustion vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-400	7.5