CVE-2022-21404
- EPSS 1.07%
- Veröffentlicht 19.04.2022 21:15:14
- Zuletzt bearbeitet 21.11.2024 06:44:37
Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). Supported versions that are affected are 1.4.10 and 2.0.0-RC1. Difficult to exploit vulnerability allows unauthenticated attacker with network access vi...
CVE-2021-43797
- EPSS 0.18%
- Veröffentlicht 09.12.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:29:48
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / en...
CVE-2021-37136
- EPSS 0.23%
- Veröffentlicht 19.10.2021 15:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:42
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an...
CVE-2021-29425
- EPSS 0.48%
- Veröffentlicht 13.04.2021 07:15:12
- Zuletzt bearbeitet 21.11.2024 06:01:04
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...
CVE-2021-21409
- EPSS 4.98%
- Veröffentlicht 30.03.2021 15:15:14
- Zuletzt bearbeitet 21.11.2024 05:48:17
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerabi...