CVE-2021-3572
- EPSS 1.69%
- Veröffentlicht 10.11.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 06:21:52
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrit...
CVE-2021-41184
- EPSS 44.52%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 04.11.2025 16:15:43
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string v...
CVE-2021-41183
- EPSS 7.95%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:25:42
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The v...
CVE-2021-41182
- EPSS 42.23%
- Veröffentlicht 26.10.2021 15:15:10
- Zuletzt bearbeitet 21.11.2024 06:25:41
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any str...
CVE-2021-40690
- EPSS 10.45%
- Veröffentlicht 19.09.2021 18:15:07
- Zuletzt bearbeitet 21.11.2024 06:24:34
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacke...
CVE-2021-2351
- EPSS 2.5%
- Veröffentlicht 21.07.2021 15:15:21
- Zuletzt bearbeitet 21.11.2024 06:02:56
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...
CVE-2021-36373
- EPSS 2.51%
- Veröffentlicht 14.07.2021 07:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:37
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prio...
CVE-2021-36374
- EPSS 2.62%
- Veröffentlicht 14.07.2021 07:15:08
- Zuletzt bearbeitet 21.11.2024 06:13:38
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. ...
CVE-2021-33037
- EPSS 75.35%
- Veröffentlicht 12.07.2021 15:15:08
- Zuletzt bearbeitet 21.11.2024 06:08:10
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specific...
CVE-2021-29425
- EPSS 10.61%
- Veröffentlicht 13.04.2021 07:15:12
- Zuletzt bearbeitet 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...