| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-26336 |
20 |
|
|
2022-03-04 |
2022-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. |
|
2 |
CVE-2022-25647 |
502 |
|
|
2022-05-01 |
2022-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. |
|
3 |
CVE-2022-24891 |
79 |
|
XSS |
2022-04-27 |
2023-02-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. |
|
4 |
CVE-2022-24823 |
668 |
|
|
2022-05-06 |
2022-12-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user. |
|
5 |
CVE-2022-23457 |
22 |
|
Dir. Trav. Bypass |
2022-04-25 |
2023-02-23 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this. |
|
6 |
CVE-2022-22978 |
863 |
|
Bypass |
2022-05-19 |
2023-02-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass |
|
7 |
CVE-2022-22976 |
190 |
|
Overflow |
2022-05-19 |
2023-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. |
|
8 |
CVE-2022-22970 |
770 |
|
|
2022-05-12 |
2022-10-07 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. |
|
9 |
CVE-2022-22968 |
178 |
|
|
2022-04-14 |
2022-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. |
|
10 |
CVE-2022-2764 |
|
|
DoS |
2022-09-01 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. |
|
11 |
CVE-2022-1319 |
252 |
|
|
2022-08-31 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. |
|
12 |
CVE-2022-1259 |
400 |
|
DoS |
2022-08-31 |
2022-11-07 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. |
|
13 |
CVE-2021-44228 |
20 |
|
Exec Code |
2021-12-10 |
2023-02-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
|
14 |
CVE-2021-36090 |
|
|
DoS |
2021-07-13 |
2023-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. |
|
15 |
CVE-2021-35517 |
770 |
|
DoS |
2021-07-13 |
2023-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. |
|
16 |
CVE-2021-35516 |
770 |
|
DoS |
2021-07-13 |
2023-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. |
|
17 |
CVE-2021-35515 |
835 |
|
DoS |
2021-07-13 |
2023-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. |
|
18 |
CVE-2021-35043 |
79 |
|
XSS |
2021-07-19 |
2022-10-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. |
|
19 |
CVE-2021-34428 |
613 |
|
|
2021-06-22 |
2022-05-12 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. |
|
20 |
CVE-2021-29425 |
22 |
|
Dir. Trav. |
2021-04-13 |
2022-10-27 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. |
|
21 |
CVE-2021-28169 |
|
|
|
2021-06-09 |
2022-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to `/concat?/%2557EB-INF/web.xml` can retrieve the web.xml file. This can reveal sensitive information regarding the implementation of a web application. |
|
22 |
CVE-2021-23337 |
94 |
|
|
2021-02-15 |
2022-09-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. |
|
23 |
CVE-2021-22096 |
|
|
|
2021-10-28 |
2022-04-28 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. |
|
24 |
CVE-2021-21290 |
378 |
|
|
2021-02-08 |
2022-05-12 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user. |
|
25 |
CVE-2021-20220 |
444 |
|
XSS +Info |
2021-02-23 |
2022-02-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A flaw was found in Undertow. A regression in the fix for CVE-2020-10687 was found. HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own. The highest threat from this vulnerability is to data confidentiality and integrity. |
|
26 |
CVE-2021-20190 |
502 |
|
|
2021-01-19 |
2022-06-03 |
8.3 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Complete |
|
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
|
27 |
CVE-2021-3629 |
400 |
|
DoS |
2022-05-24 |
2023-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. |
|
28 |
CVE-2021-3597 |
362 |
|
DoS |
2022-05-24 |
2022-11-10 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. |
|
29 |
CVE-2020-36518 |
787 |
|
DoS Overflow |
2022-03-11 |
2022-11-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. |
|
30 |
CVE-2020-25711 |
862 |
|
|
2020-12-03 |
2022-11-10 |
4.9 |
None |
Remote |
Medium |
??? |
None |
Partial |
Partial |
|
A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. |
|
31 |
CVE-2020-25689 |
401 |
|
DoS |
2020-11-02 |
2023-02-12 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. |
|
32 |
CVE-2020-24616 |
502 |
|
|
2020-08-25 |
2022-05-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). |
|
33 |
CVE-2020-13956 |
|
|
|
2020-12-02 |
2022-05-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. |
|
34 |
CVE-2020-10719 |
444 |
|
|
2020-05-26 |
2022-02-21 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling. |
|
35 |
CVE-2020-8908 |
732 |
|
|
2020-12-10 |
2022-05-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. |
|
36 |
CVE-2020-2574 |
|
|
|
2020-01-15 |
2022-08-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
|
37 |
CVE-2019-19343 |
404 |
|
DoS |
2021-03-23 |
2022-05-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. |
|
38 |
CVE-2019-14888 |
|
|
DoS |
2020-01-23 |
2022-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL. |
|
39 |
CVE-2019-13990 |
611 |
|
|
2019-07-26 |
2023-03-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
|
40 |
CVE-2019-10219 |
79 |
|
XSS |
2019-11-08 |
2022-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. |
|
41 |
CVE-2019-10212 |
532 |
|
|
2019-10-02 |
2022-02-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files. |
|
42 |
CVE-2019-10184 |
862 |
|
+Info |
2019-07-25 |
2022-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api. |
|
43 |
CVE-2019-10174 |
470 |
|
|
2019-11-25 |
2022-02-20 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application. |
|
44 |
CVE-2019-3888 |
532 |
|
|
2019-06-12 |
2022-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange) |
