CVE-2022-21404
- EPSS 1.07%
- Published 19.04.2022 21:15:14
- Last modified 21.11.2024 06:44:37
Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...
CVE-2021-43797
- EPSS 0.18%
- Published 09.12.2021 19:15:07
- Last modified 21.11.2024 06:29:48
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / en...
CVE-2021-37136
- EPSS 0.23%
- Published 19.10.2021 15:15:07
- Last modified 21.11.2024 06:14:42
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an...
CVE-2021-29425
- EPSS 0.48%
- Published 13.04.2021 07:15:12
- Last modified 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...
CVE-2021-21409
- EPSS 4.98%
- Published 30.03.2021 15:15:14
- Last modified 21.11.2024 05:48:17
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...