From d08fb0161ec413e996fb44bb9cb2ee40a8e52772 Mon Sep 17 00:00:00 2001 From: Tim te Beek Date: Tue, 17 Dec 2024 19:29:28 +0100 Subject: [PATCH] Move security advisories to rewrite-java-security (#132) --- .github/workflows/advisories.yml | 64 - build.gradle.kts | 23 - lombok.config | 3 - .../dependencies/DependencyInsight.java | 95 - .../DependencyVulnerabilityCheck.java | 205 - .../UpgradeDependencyVersion.java | 59 - .../csharp/dependencies/package-info.java | 21 - .../table/VulnerabilityReport.java | 74 - .../dependencies/table/package-info.java | 21 - .../dependencies/trait/PackageReference.java | 90 - .../dependencies/trait/package-info.java | 21 - .../dependencies/DependencyLicenseCheck.java | 158 - .../DependencyVulnerabilityCheck.java | 463 - .../openrewrite/java/dependencies/Sbom.java | 294 - .../dependencies/SoftwareBillOfMaterials.java | 154 - .../java/dependencies/Vulnerability.java | 49 - .../dependencies/github/ParseAdvisories.java | 141 - .../github/advisories/Advisory.java | 32 - .../github/advisories/Affected.java | 30 - .../github/advisories/DatabaseSpecific.java | 29 - .../github/advisories/Package.java | 24 - .../dependencies/github/advisories/Range.java | 53 - .../dependencies/table/LicenseReport.java | 55 - .../table/VulnerabilityReport.java | 82 - .../resources/META-INF/rewrite/category.yml | 21 - src/main/resources/advisories-maven.csv | 8298 ----------------- src/main/resources/advisories-nuget.csv | 2348 ----- .../GHSA-2cv5-qvq3-6276.json | 65 - .../GHSA-2gpr-j5vj-wvh2.json | 62 - .../dependencies/DependencyInsightTest.java | 191 - .../DependencyVulnerabilityCheckTest.java | 208 - .../UpgradeDependencyVersionTest.java | 80 - .../trait/PackageReferenceTest.java | 58 - .../DependencyLicenseCheckTest.java | 63 - .../DependencyVulnerabilityCheckTest.java | 360 - .../SoftwareBillOfMaterialsTest.java | 167 - .../github/ParseAdvisoriesTest.java | 38 - 37 files changed, 14199 deletions(-) delete mode 100644 .github/workflows/advisories.yml delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/DependencyInsight.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheck.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersion.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/package-info.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/table/VulnerabilityReport.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/table/package-info.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/trait/PackageReference.java delete mode 100644 src/main/java/org/openrewrite/csharp/dependencies/trait/package-info.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/DependencyLicenseCheck.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/Sbom.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterials.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/Vulnerability.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/ParseAdvisories.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/advisories/Advisory.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/advisories/Affected.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/advisories/DatabaseSpecific.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/advisories/Package.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/github/advisories/Range.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/table/LicenseReport.java delete mode 100644 src/main/java/org/openrewrite/java/dependencies/table/VulnerabilityReport.java delete mode 100644 src/main/resources/META-INF/rewrite/category.yml delete mode 100644 src/main/resources/advisories-maven.csv delete mode 100644 src/main/resources/advisories-nuget.csv delete mode 100644 src/test/advisories/github-reviewed/2023/07/GHSA-2cv5-qvq3-6276/GHSA-2cv5-qvq3-6276.json delete mode 100644 src/test/advisories/github-reviewed/2023/07/GHSA-2gpr-j5vj-wvh2/GHSA-2gpr-j5vj-wvh2.json delete mode 100644 src/test/java/org/openrewrite/csharp/dependencies/DependencyInsightTest.java delete mode 100644 src/test/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheckTest.java delete mode 100644 src/test/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersionTest.java delete mode 100644 src/test/java/org/openrewrite/csharp/dependencies/trait/PackageReferenceTest.java delete mode 100644 src/test/java/org/openrewrite/java/dependencies/DependencyLicenseCheckTest.java delete mode 100644 src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java delete mode 100644 src/test/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterialsTest.java delete mode 100644 src/test/java/org/openrewrite/java/dependencies/github/ParseAdvisoriesTest.java diff --git a/.github/workflows/advisories.yml b/.github/workflows/advisories.yml deleted file mode 100644 index 2013df1..0000000 --- a/.github/workflows/advisories.yml +++ /dev/null @@ -1,64 +0,0 @@ ---- -name: Update the GitHub advisories CSV - -on: - workflow_dispatch: {} - schedule: - - cron: 0 11 * * MON - -jobs: - update-advisories: - if: github.event_name != 'schedule' || github.repository_owner == 'openrewrite' - runs-on: ubuntu-latest - steps: - # Checkout and build parser - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - uses: actions/setup-java@v4 - with: - cache: 'gradle' - distribution: 'temurin' - java-version: '17' - - # Update advisories - - name: Checkout advisory-database - uses: actions/checkout@v4 - with: - repository: github/advisory-database - path: advisory-database - - # Commit and push Maven advisories here - - name: configure-git-user - run: | - git config --global user.email "team@moderne.io" - git config --global user.name "team-moderne[bot]" - - name: Create commit message - run: | - echo "MSG=[Auto] GitHub advisories as of $(date +'%Y-%m-%dT%H%M')" >> $GITHUB_ENV - - name: Commit and push Maven dependency vulnerabilities to rewrite-java-dependencies - run: | - ./gradlew parseGithubAdvisoryDatabase --args="./advisory-database Maven src/main/resources/advisories-maven.csv" - sort --output=src/main/resources/advisories-maven.csv src/main/resources/advisories-maven.csv - git diff-index --quiet HEAD src/main/resources/advisories-maven.csv || (git commit --message "${{ env.MSG }} for Maven" src/main/resources/advisories-maven.csv && git push origin main) - - name: Commit and push Nuget dependency vulnerabilities to rewrite-java-dependencies - run: | - ./gradlew parseGithubAdvisoryDatabase --args="./advisory-database Nuget src/main/resources/advisories-nuget.csv" - sort --output=src/main/resources/advisories-nuget.csv src/main/resources/advisories-nuget.csv - git diff-index --quiet HEAD src/main/resources/advisories-nuget.csv || (git commit --message "${{ env.MSG }} for NuGet" src/main/resources/advisories-nuget.csv && git push origin main) - - # Load SSH deploy-key - - uses: webfactory/ssh-agent@v0.9.0 - with: - ssh-private-key: ${{ secrets.REWRITE_NODEJS_DEPLOY_KEY }} - - # Commit and push NPM advisories to rewrite-nodejs - - name: Commit and push Npm dependency vulnerabilities to rewrite-nodejs - run: | - git clone --depth 1 git@github.com:openrewrite/rewrite-nodejs.git - ./gradlew parseGithubAdvisoryDatabase --args="./advisory-database NPM rewrite-nodejs/src/main/resources/advisories-npm.csv" - cd rewrite-nodejs/ - sort --output=src/main/resources/advisories-npm.csv src/main/resources/advisories-npm.csv - git diff-index --quiet HEAD src/main/resources/advisories-npm.csv || (git commit --message "${{ env.MSG }} for NPM" src/main/resources/advisories-npm.csv && git push origin main) - diff --git a/build.gradle.kts b/build.gradle.kts index ecf20df..bc7705f 100644 --- a/build.gradle.kts +++ b/build.gradle.kts @@ -5,19 +5,6 @@ plugins { group = "org.openrewrite.recipe" description = "A rewrite module automating Java dependency management." -repositories { - maven { - url = uri("https://repo.gradle.org/gradle/libs-releases/") - content { - excludeVersionByRegex(".+", ".+", ".+-rc-?[0-9]*") - } - } - // Needed to pick up snapshot versions of rewrite - maven { - url = uri("https://oss.sonatype.org/content/repositories/snapshots/") - } -} - val rewriteVersion = rewriteRecipe.rewriteVersion.get() dependencies { implementation(platform("org.openrewrite:rewrite-bom:$rewriteVersion")) @@ -38,16 +25,6 @@ dependencies { testRuntimeOnly("ch.qos.logback:logback-classic:1.2.+") } -tasks { - // ./gradlew parseGithubAdvisoryDatabase --args="./advisory-database Maven src/main/resources/advisories-maven.csv" - val parseGithubAdvisoryDatabase by registering(JavaExec::class) { - group = "generate" - description = "Parse github/advisories-database and generate a CSV file." - mainClass = "org.openrewrite.java.dependencies.github.ParseAdvisories" - classpath = sourceSets.getByName("main").runtimeClasspath - } -} - tasks { // ./gradlew parseDefinitionMigrations --args="./oga-maven-plugin src/main/resources/migrations.csv" val parseDefinitionMigrations by registering(JavaExec::class) { diff --git a/lombok.config b/lombok.config index edd70b0..ddf5bff 100755 --- a/lombok.config +++ b/lombok.config @@ -1,6 +1,3 @@ # https://projectlombok.org/features/configuration config.stopBubbling = true -lombok.addNullAnnotations = CUSTOM:org.openrewrite.internal.lang.NonNull:org.openrewrite.internal.lang.Nullable -lombok.copyableAnnotations += org.openrewrite.internal.lang.Nullable -lombok.copyableAnnotations += org.openrewrite.internal.lang.NonNull lombok.anyConstructor.addConstructorProperties=true diff --git a/src/main/java/org/openrewrite/csharp/dependencies/DependencyInsight.java b/src/main/java/org/openrewrite/csharp/dependencies/DependencyInsight.java deleted file mode 100644 index 0cb401c..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/DependencyInsight.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import lombok.EqualsAndHashCode; -import lombok.Value; -import org.jspecify.annotations.Nullable; -import org.openrewrite.*; -import org.openrewrite.csharp.dependencies.trait.PackageReference; -import org.openrewrite.internal.StringUtils; -import org.openrewrite.marker.SearchResult; -import org.openrewrite.maven.table.DependenciesInUse; -import org.openrewrite.semver.Semver; - -@Value -@EqualsAndHashCode(callSuper = false) -public class DependencyInsight extends Recipe { - transient DependenciesInUse dependenciesInUse = new DependenciesInUse(this); - - @Option(displayName = "Package pattern", - description = "Package glob pattern used to match dependencies.", - example = "Microsoft*", - required = false) - @Nullable - String packagePattern; - - @Option(displayName = "Version", - description = "Match only dependencies with the specified version. " + - "Node-style [version selectors](https://docs.openrewrite.org/reference/dependency-version-selectors) may be used. " + - "All versions are searched by default.", - example = "1.x", - required = false) - @Nullable - String version; - - @Override - public String getDisplayName() { - return "Dependency insight for C#"; - } - - @Override - public String getDescription() { - return "Finds dependencies in `*.csproj` and `packages.config`."; - } - - @Override - public Validated validate() { - Validated v = super.validate(); - if (version != null) { - v = v.and(Semver.validate(version, null)); - } - return v; - } - - @Override - public TreeVisitor getVisitor() { - return new PackageReference.Matcher().asVisitor((ref, ctx) -> { - if (packagePattern != null && - !StringUtils.matchesGlob(ref.getInclude(), packagePattern)) { - return ref.getTree(); - } - - if (version != null && - !Semver.validate(version, null).getValue().isValid(null, ref.getVersion())) { - return ref.getTree(); - } - - dependenciesInUse.insertRow(ctx, new DependenciesInUse.Row( - null, - null, - null, - ref.getInclude(), - ref.getVersion(), - null, - null, - 0 - )); - return SearchResult.found(ref.getTree(), - String.format("%s:%s", ref.getInclude(), ref.getVersion())); - }); - } -} diff --git a/src/main/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheck.java b/src/main/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheck.java deleted file mode 100644 index 496f83e..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheck.java +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import com.fasterxml.jackson.databind.MappingIterator; -import com.fasterxml.jackson.dataformat.csv.CsvMapper; -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; -import lombok.EqualsAndHashCode; -import lombok.Value; -import org.jspecify.annotations.Nullable; -import org.openrewrite.ExecutionContext; -import org.openrewrite.Option; -import org.openrewrite.ScanningRecipe; -import org.openrewrite.TreeVisitor; -import org.openrewrite.csharp.dependencies.table.VulnerabilityReport; -import org.openrewrite.csharp.dependencies.trait.PackageReference; -import org.openrewrite.internal.StringUtils; -import org.openrewrite.java.dependencies.Vulnerability; -import org.openrewrite.java.dependencies.internal.StaticVersionComparator; -import org.openrewrite.java.dependencies.internal.Version; -import org.openrewrite.java.dependencies.internal.VersionParser; -import org.openrewrite.marker.SearchResult; -import org.openrewrite.semver.LatestPatch; -import org.openrewrite.xml.tree.Xml; - -import java.io.IOException; -import java.io.InputStream; -import java.util.*; - -import static java.util.Collections.emptySet; -import static java.util.stream.Collectors.joining; -import static java.util.stream.Collectors.partitioningBy; - -@Value -@EqualsAndHashCode(callSuper = false) -public class DependencyVulnerabilityCheck extends ScanningRecipe { - transient VersionParser versionParser = new VersionParser(); - transient VulnerabilityReport report = new VulnerabilityReport(this); - - @Option(displayName = "Add search markers", - description = "Report each vulnerability as search result markers. " + - "When enabled you can see which dependencies are bringing in vulnerable transitives in the diff view. " + - "By default these markers are omitted, making it easier to see version upgrades within the diff.", - required = false) - @Nullable - Boolean addMarkers; - - @Override - public String getDisplayName() { - return "Find and fix vulnerable Nuget dependencies"; - } - - @Override - public String getDescription() { - //language=markdown - return "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. " + - "This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. " + - "This recipe **only** upgrades to the latest **patch** version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. " + - "Vulnerability information comes from the [GitHub Security Advisory Database](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database), " + - "which aggregates vulnerability data from several public databases, including the [National Vulnerability Database](https://nvd.nist.gov/) maintained by the United States government. " + - "Dependencies following [Semantic Versioning](https://semver.org/) will see their _patch_ version updated where applicable."; - } - - @Value - public static class Accumulator { - Map> db; - Map> vulnerabilities; - - @Value - static class NameVersion { - /** - * The name of the package as specified in the package.json. - */ - String name; - - /** - * The resolved version actually in use, which may be different from the version specified in the package.json. - */ - String version; - } - } - - @Override - public Accumulator getInitialValue(ExecutionContext ctx) { - CsvMapper csvMapper = new CsvMapper(); - csvMapper.registerModule(new JavaTimeModule()); - Map> db = new HashMap<>(); - - try (InputStream resourceAsStream = DependencyVulnerabilityCheck.class.getResourceAsStream("/advisories-nuget.csv"); - MappingIterator vs = csvMapper.readerWithSchemaFor(Vulnerability.class).readValues(resourceAsStream)) { - while (vs.hasNextValue()) { - Vulnerability v = vs.nextValue(); - db.computeIfAbsent(v.getGroupArtifact(), g -> new ArrayList<>()).add(v); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - - return new Accumulator(db, new HashMap<>()); - } - - @Override - public TreeVisitor getScanner(Accumulator acc) { - return new PackageReference.Matcher().asVisitor((ref, ctx) -> { - String dependencyName = ref.getInclude(); - for (Vulnerability v : acc.db.getOrDefault(dependencyName, Collections.emptyList())) { - String dependencyVersion = ref.getVersion(); - if (isVulnerable(dependencyVersion, v)) { - // Add all vulnerable dependencies to the accumulator - acc.vulnerabilities - .computeIfAbsent(new Accumulator.NameVersion(dependencyName, dependencyVersion), nv -> new LinkedHashSet<>()) - .add(v); - - // Insert a row into the report for each vulnerability - report.insertRow(ctx, new VulnerabilityReport.Row( - v.getCve(), - dependencyName, - dependencyVersion, - v.getFixedVersion(), - isFixWithPatchVersionUpdateOnly(dependencyVersion, v), - v.getSummary(), - v.getSeverity().toString(), - 0, - v.getCwes() - )); - } - } - return ref.getTree(); - }); - } - - - private static final Comparator vc = new StaticVersionComparator(); - - private boolean isVulnerable(String dependencyVersion, Vulnerability v) { - Version actual = versionParser.transform(dependencyVersion); - if (vc.compare(actual, versionParser.transform(v.getIntroducedVersion())) < 0) { - return false; - } - String fixedVersion = v.getFixedVersion(); - if (StringUtils.isBlank(fixedVersion)) { - return true; - } - return vc.compare(actual, versionParser.transform(fixedVersion)) < 0; - } - - private static final LatestPatch latestPatch = new LatestPatch(null); - - private static boolean isFixWithPatchVersionUpdateOnly(String dependencyVersion, Vulnerability v) { - return !StringUtils.isBlank(v.getFixedVersion()) && - latestPatch.isValid(dependencyVersion, v.getFixedVersion()) && - latestPatch.compare(dependencyVersion, dependencyVersion, v.getFixedVersion()) < 0; - } - - @Override - public TreeVisitor getVisitor(Accumulator acc) { - return new PackageReference.Matcher().asVisitor((ref, ctx) -> { - Xml.Tag tag = ref.getTree(); - - // Partition vulnerabilities into those that can be fixed with a patch version update and those that can't - String dependencyVersion = ref.getVersion(); - Map> vulnerabilities = acc.vulnerabilities - .getOrDefault(new Accumulator.NameVersion(ref.getInclude(), ref.getVersion()), emptySet()) - .stream().collect(partitioningBy(v -> isFixWithPatchVersionUpdateOnly(dependencyVersion, v))); - - // Bump to highest fixed patch version - String highestFixedPatchVersion = vulnerabilities.get(true).stream() - .max(Comparator.comparing(v -> versionParser.transform(v.getFixedVersion()), vc)) - .map(Vulnerability::getFixedVersion) - .orElse(null); - if (highestFixedPatchVersion != null) { - tag = ref.withVersion(highestFixedPatchVersion); - } - - // Add marker of vulnerabilities not patched - List remainingVulnerabilities = vulnerabilities.get(false); - if (Boolean.TRUE.equals(addMarkers) && !remainingVulnerabilities.isEmpty()) { - tag = SearchResult.found(tag, - "This dependency has the following vulnerabilities:\n" + - remainingVulnerabilities.stream() - .map(v -> String.format("%s (%s severity%s) - %s", - v.getCve(), - v.getSeverity(), - StringUtils.isBlank(v.getFixedVersion()) ? "" : ", fixed in " + v.getFixedVersion(), - v.getSummary())) - .collect(joining("\n"))); - } - - return tag; - }); - } -} diff --git a/src/main/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersion.java b/src/main/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersion.java deleted file mode 100644 index 161e57f..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersion.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import lombok.EqualsAndHashCode; -import lombok.Value; -import org.openrewrite.ExecutionContext; -import org.openrewrite.Option; -import org.openrewrite.Recipe; -import org.openrewrite.TreeVisitor; -import org.openrewrite.csharp.dependencies.trait.PackageReference; -import org.openrewrite.internal.StringUtils; - -@Value -@EqualsAndHashCode(callSuper = false) -public class UpgradeDependencyVersion extends Recipe { - @Option(displayName = "Package pattern", - description = "Package glob pattern used to match dependencies.", - example = "Microsoft*") - String packagePattern; - - @Option(displayName = "New version", - description = "An exact version number.", - example = "12.3") - String newVersion; - - @Override - public String getDisplayName() { - return "Upgrade C# dependency versions"; - } - - @Override - public String getDescription() { - return "Upgrades dependencies in `*.csproj` and `packages.config`."; - } - - @Override - public TreeVisitor getVisitor() { - return new PackageReference.Matcher().asVisitor((ref, ctx) -> { - if (StringUtils.matchesGlob(ref.getInclude(), packagePattern)) { - return ref.withVersion(newVersion); - } - return ref.getTree(); - }); - } -} diff --git a/src/main/java/org/openrewrite/csharp/dependencies/package-info.java b/src/main/java/org/openrewrite/csharp/dependencies/package-info.java deleted file mode 100644 index 0338143..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -@NullMarked -@NonNullFields -package org.openrewrite.csharp.dependencies; - -import org.jspecify.annotations.NullMarked; -import org.openrewrite.internal.lang.NonNullFields; diff --git a/src/main/java/org/openrewrite/csharp/dependencies/table/VulnerabilityReport.java b/src/main/java/org/openrewrite/csharp/dependencies/table/VulnerabilityReport.java deleted file mode 100644 index 1615dad..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/table/VulnerabilityReport.java +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies.table; - -import com.fasterxml.jackson.annotation.JsonIgnoreType; -import lombok.Value; -import org.openrewrite.Column; -import org.openrewrite.DataTable; -import org.openrewrite.Recipe; - -@JsonIgnoreType -public class VulnerabilityReport extends DataTable { - - public VulnerabilityReport(Recipe recipe) { - super(recipe, - "Vulnerability report", - "A vulnerability report that includes detailed information about the affected artifact and the corresponding CVEs."); - } - - @Value - public static class Row { - @Column(displayName = "CVE", - description = "The CVE number.") - String cve; - - @Column(displayName = "Package name", - description = "The package name.") - String packageName; - - @Column(displayName = "Version", - description = "The resolved version.") - String version; - - @Column(displayName = "Fixed in version", - description = "The minimum version that is no longer vulnerable.") - String fixedVersion; - - @Column(displayName = "Fixable with version update only", - //language=markdown - description = "Whether the vulnerability is likely to be fixed by increasing the dependency version only, " + - "with no code modifications required. This is a heuristic which assumes that the dependency " + - "is accurately versioned according to [semver](https://semver.org/).") - boolean fixWithVersionUpdateOnly; - - @Column(displayName = "Summary", - description = "The summary of the CVE.") - String summary; - - @Column(displayName = "Base score", - description = "The calculated base score.") - String severity; - - @Column(displayName = "Depth", - description = "Zero for direct dependencies.") - Integer depth; - - @Column(displayName = "CWEs", - description = "Common Weakness Enumeration (CWE) identifiers; semicolon separated.") - String CWEs; - } -} diff --git a/src/main/java/org/openrewrite/csharp/dependencies/table/package-info.java b/src/main/java/org/openrewrite/csharp/dependencies/table/package-info.java deleted file mode 100644 index 0128509..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/table/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -@NullMarked -@NonNullFields -package org.openrewrite.csharp.dependencies.table; - -import org.jspecify.annotations.NullMarked; -import org.openrewrite.internal.lang.NonNullFields; diff --git a/src/main/java/org/openrewrite/csharp/dependencies/trait/PackageReference.java b/src/main/java/org/openrewrite/csharp/dependencies/trait/PackageReference.java deleted file mode 100644 index e98609d..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/trait/PackageReference.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies.trait; - -import lombok.Value; -import org.openrewrite.Cursor; -import org.openrewrite.InMemoryExecutionContext; -import org.openrewrite.trait.SimpleTraitMatcher; -import org.openrewrite.trait.Trait; -import org.openrewrite.xml.ChangeTagAttribute; -import org.openrewrite.xml.XPathMatcher; -import org.openrewrite.xml.tree.Xml; - -import java.util.List; -import java.util.Map; -import java.util.Objects; - -import static java.util.stream.Collectors.toMap; - -@Value -public class PackageReference implements Trait { - - Cursor cursor; - - String include; - String version; - - public Xml.Tag withVersion(String newVersion) { - Xml.Tag tag = getTree(); - if (!Objects.equals(this.version, newVersion)) { - InMemoryExecutionContext ctx = new InMemoryExecutionContext(); - tag = (Xml.Tag) new ChangeTagAttribute("//PackageReference", "Version", newVersion, this.version, null) - .getVisitor().visitNonNull(tag, ctx); - tag = (Xml.Tag) new ChangeTagAttribute("//package", "version", newVersion, this.version, null) - .getVisitor().visitNonNull(tag, ctx); - } - return tag; - } - - public static class Matcher extends SimpleTraitMatcher { - XPathMatcher packageReference = new XPathMatcher("//PackageReference"); - XPathMatcher packageConfig = new XPathMatcher("/packages/package"); - - @Override - protected PackageReference test(Cursor cursor) { - Object value = cursor.getValue(); - if (value instanceof Xml.Tag) { - Xml.Tag tag = (Xml.Tag) value; - if (packageReference.matches(cursor)) { - Map attrs = asMap(tag.getAttributes()); - String include = attrs.get("Include"); - // XXX Floating versions: https://learn.microsoft.com/en-us/nuget/concepts/dependency-resolution#floating-versions - String version = attrs.get("Version"); - // XXX Condition https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#adding-a-packagereference-condition - // XXX Assets https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#controlling-dependency-assets - // XXX Locking dependencies https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files#locking-dependencies - if (include != null && version != null) { - return new PackageReference(cursor, include, version); - } - } else if (packageConfig.matches(cursor)) { - Map attrs = asMap(tag.getAttributes()); - String id = attrs.get("id"); - String version = attrs.get("version"); - // XXX Parse `allowedVersions`, `developmentDependency` and `targetFramework` - if (id != null && version != null) { - return new PackageReference(cursor, id, version); - } - } - } - return null; - } - - private static Map asMap(List attributes) { - return attributes.stream().collect(toMap(attr -> attr.getKey().getName(), attr -> attr.getValue().getValue())); - } - } -} diff --git a/src/main/java/org/openrewrite/csharp/dependencies/trait/package-info.java b/src/main/java/org/openrewrite/csharp/dependencies/trait/package-info.java deleted file mode 100644 index 72d683f..0000000 --- a/src/main/java/org/openrewrite/csharp/dependencies/trait/package-info.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -@NullMarked -@NonNullFields -package org.openrewrite.csharp.dependencies.trait; - -import org.jspecify.annotations.NullMarked; -import org.openrewrite.internal.lang.NonNullFields; diff --git a/src/main/java/org/openrewrite/java/dependencies/DependencyLicenseCheck.java b/src/main/java/org/openrewrite/java/dependencies/DependencyLicenseCheck.java deleted file mode 100644 index e31a380..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/DependencyLicenseCheck.java +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import lombok.EqualsAndHashCode; -import lombok.Value; -import org.jspecify.annotations.Nullable; -import org.openrewrite.*; -import org.openrewrite.gradle.marker.GradleDependencyConfiguration; -import org.openrewrite.gradle.marker.GradleProject; -import org.openrewrite.groovy.GroovyIsoVisitor; -import org.openrewrite.groovy.GroovyVisitor; -import org.openrewrite.groovy.tree.G; -import org.openrewrite.internal.StringUtils; -import org.openrewrite.java.dependencies.table.LicenseReport; -import org.openrewrite.maven.MavenIsoVisitor; -import org.openrewrite.maven.MavenVisitor; -import org.openrewrite.maven.tree.*; -import org.openrewrite.xml.tree.Xml; - -import java.util.*; - -import static java.util.Collections.emptyList; - -@Value -@EqualsAndHashCode(callSuper = false) -public class DependencyLicenseCheck extends ScanningRecipe>> { - transient LicenseReport report = new LicenseReport(this); - - @Option(displayName = "Scope", - description = "Match dependencies with the specified scope", - valid = {"compile", "test", "runtime", "provided"}, - example = "compile") - String scope; - - @Option(displayName = "Add markers", - description = "Report each license transitively used by a dependency in search results.", - required = false) - @Nullable - Boolean addMarkers; - - @Override - public String getDisplayName() { - return "Find licenses in use in third-party dependencies"; - } - - @Override - public String getDescription() { - return "Locates and reports on all licenses in use."; - } - - @Override - public Validated validate() { - return super.validate().and(Validated.test("scope", "scope is a valid Maven scope", scope, s -> { - try { - Scope.fromName(s); - return true; - } catch (Throwable t) { - return false; - } - })); - } - - @Override - public Map> getInitialValue(ExecutionContext ctx) { - return new HashMap<>(); - } - - @Override - public TreeVisitor getScanner(Map> acc) { - return new TreeVisitor() { - @Override - public @Nullable Tree visit(@Nullable Tree tree, ExecutionContext ctx) { - Scope scope = Scope.fromName(DependencyLicenseCheck.this.scope); - scanMaven(acc, scope).visit(tree, ctx); - scanGradleGroovy(acc, scope).visit(tree, ctx); - return tree; - } - }; - } - - @Override - public Collection generate(Map> acc, ExecutionContext ctx) { - for (Map.Entry> licensesByGav : acc.entrySet()) { - ResolvedGroupArtifactVersion gav = licensesByGav.getKey(); - for (License license : licensesByGav.getValue()) { - report.insertRow(ctx, new LicenseReport.Row( - gav.getGroupId(), - gav.getArtifactId(), - gav.getVersion(), - license.getName(), - license.getType().toString() - )); - } - } - return emptyList(); - } - - private MavenVisitor scanMaven( - Map> licenses, Scope aScope) { - return new MavenIsoVisitor() { - @Override - public Xml.Document visitDocument(Xml.Document document, ExecutionContext ctx) { - List scopeDependencies = getResolutionResult().getDependencies().get(aScope); - if (scopeDependencies != null) { - for (ResolvedDependency resolvedDependency : scopeDependencies) { - analyzeDependency(resolvedDependency, licenses); - } - } - return super.visitDocument(document, ctx); - } - }; - } - - private GroovyVisitor scanGradleGroovy( - Map> licenses, Scope aScope) { - return new GroovyIsoVisitor() { - @Override - public G.CompilationUnit visitCompilationUnit(G.CompilationUnit cu, ExecutionContext ctx) { - cu.getMarkers().findFirst(GradleProject.class).ifPresent(gradleProject -> { - for (GradleDependencyConfiguration configuration : gradleProject.getConfigurations()) { - // FIXME limit by scope - for (ResolvedDependency resolvedDependency : configuration.getResolved()) { - if (!StringUtils.isBlank(resolvedDependency.getVersion())) { - analyzeDependency(resolvedDependency, licenses); - } - } - } - }); - return super.visitCompilationUnit(cu, ctx); - } - }; - } - - private void analyzeDependency( - ResolvedDependency resolvedDependency, Map> licenses) { - if (!resolvedDependency.getLicenses().isEmpty()) { - licenses.computeIfAbsent(resolvedDependency.getGav(), gav -> new LinkedHashSet<>()) - .addAll(resolvedDependency.getLicenses()); - } else { - licenses.computeIfAbsent(resolvedDependency.getGav(), gav -> new LinkedHashSet<>()) - .add(new License("", License.Type.Unknown)); - } - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java b/src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java deleted file mode 100644 index 4a16828..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheck.java +++ /dev/null @@ -1,463 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import com.fasterxml.jackson.databind.MappingIterator; -import com.fasterxml.jackson.dataformat.csv.CsvMapper; -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; -import lombok.*; -import lombok.experimental.NonFinal; -import org.jspecify.annotations.Nullable; -import org.openrewrite.*; -import org.openrewrite.gradle.marker.GradleDependencyConfiguration; -import org.openrewrite.gradle.marker.GradleProject; -import org.openrewrite.groovy.GroovyIsoVisitor; -import org.openrewrite.groovy.GroovyVisitor; -import org.openrewrite.groovy.tree.G; -import org.openrewrite.internal.StringUtils; -import org.openrewrite.java.dependencies.internal.StaticVersionComparator; -import org.openrewrite.java.dependencies.internal.Version; -import org.openrewrite.java.dependencies.internal.VersionParser; -import org.openrewrite.java.dependencies.table.VulnerabilityReport; -import org.openrewrite.java.marker.JavaProject; -import org.openrewrite.marker.CommitMessage; -import org.openrewrite.maven.*; -import org.openrewrite.maven.internal.MavenPomDownloader; -import org.openrewrite.maven.table.MavenMetadataFailures; -import org.openrewrite.maven.tree.*; -import org.openrewrite.semver.LatestPatch; -import org.openrewrite.xml.tree.Xml; - -import java.io.IOException; -import java.io.InputStream; -import java.util.*; -import java.util.function.Function; -import java.util.stream.Collectors; - -@Value -@EqualsAndHashCode(callSuper = false) -public class DependencyVulnerabilityCheck extends ScanningRecipe { - transient MavenMetadataFailures metadataFailures = new MavenMetadataFailures(this); - transient VersionParser versionParser = new VersionParser(); - transient VulnerabilityReport report = new VulnerabilityReport(this); - - @Option(displayName = "Scope", - description = "Match dependencies with the specified scope. Default is `compile`.", - valid = {"compile", "test", "runtime", "provided"}, - example = "compile", - required = false) - @Nullable - String scope; - - @Option(displayName = "Override transitives", - description = "When enabled transitive dependencies with vulnerabilities will have their versions overridden. " + - "By default only direct dependencies have their version numbers upgraded.", - example = "false", - required = false) - @Nullable - Boolean overrideTransitive; - - @Override - public String getDisplayName() { - return "Find and fix vulnerable dependencies"; - } - - @Override - public String getDescription() { - //language=markdown - return "This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. " + - "This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. " + - "This recipe **only** upgrades to the latest **patch** version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. " + - "Vulnerability information comes from the [GitHub Security Advisory Database](https://docs.github.com/en/code-security/security-advisories/global-security-advisories/about-the-github-advisory-database), " + - "which aggregates vulnerability data from several public databases, including the [National Vulnerability Database](https://nvd.nist.gov/) maintained by the United States government. " + - "Dependencies following [Semantic Versioning](https://semver.org/) will see their _patch_ version updated where applicable."; - } - - @Override - public Validated validate() { - return super.validate().and(Validated.test("scope", "scope is a valid Maven scope", scope, s -> { - try { - Scope.fromName(s); - return true; - } catch (Throwable t) { - return false; - } - })); - } - - @Getter - @RequiredArgsConstructor - public static class Accumulator { - final Map> db; - final Scope scope; - final org.openrewrite.java.dependencies.UpgradeDependencyVersion.Accumulator dependencyAcc; - final AddManagedDependency.Scanned transitiveAcc; - - - Map projectToVulnerabilities = new LinkedHashMap<>(); - - public void repositoriesFrom(SourceFile s) { - s.getMarkers().findFirst(MavenResolutionResult.class) - .ifPresent(mrr -> repositories.addAll(mrr.getPom().getRepositories())); - s.getMarkers().findFirst(GradleProject.class) - .ifPresent(gradleProject -> repositories.addAll(gradleProject.getMavenRepositories())); - } - - private Set repositories = new LinkedHashSet<>(); - - @Nullable - private List allRepositories = null; - public List getRepositories() { - if (allRepositories == null) { - allRepositories = new ArrayList<>(repositories); - } - return allRepositories; - } - - @Nullable - private Map> upgradeableVulnerabilities = null; - - public Map> upgradeableVulnerabilities() { - if (upgradeableVulnerabilities == null) { - upgradeableVulnerabilities = new LinkedHashMap<>(); - for (Vulnerabilities vuln : projectToVulnerabilities.values()) { - for (Map.Entry> resolvedGroupArtifactVersionSetEntry : vuln.getGavToVulnerabilities().entrySet()) { - ResolvedGroupArtifactVersion gav = resolvedGroupArtifactVersionSetEntry.getKey(); - Set vulnerabilities = resolvedGroupArtifactVersionSetEntry.getValue(); - upgradeableVulnerabilities.compute(gav, (k, upgradeableSoFar) -> { - Set newUpgradableVulnerabilities = vulnerabilities.stream() - .filter(it -> StringUtils.isNotEmpty(it.vulnerability.getFixedVersion())) - .filter(it -> new LatestPatch(null) - .isValid(gav.getVersion(), it.vulnerability.getFixedVersion())) - .collect(Collectors.toCollection(LinkedHashSet::new)); - if (newUpgradableVulnerabilities.isEmpty()) { - return upgradeableSoFar; - } - if (upgradeableSoFar == null) { - upgradeableSoFar = newUpgradableVulnerabilities; - } else { - upgradeableSoFar.addAll(newUpgradableVulnerabilities); - } - - return upgradeableSoFar; - }); - - } - } - } - return upgradeableVulnerabilities; - } - } - - @Value - public static class Vulnerabilities { - Map> gavToVulnerabilities; - - public @Nullable Set computeIfAbsent(ResolvedGroupArtifactVersion gav, Function> mappingFunction) { - return gavToVulnerabilities.computeIfAbsent(gav, mappingFunction); - } - } - - @Override - public Accumulator getInitialValue(ExecutionContext ctx) { - Scope parsedScope = Scope.fromName(scope); - CsvMapper csvMapper = new CsvMapper(); - csvMapper.registerModule(new JavaTimeModule()); - Map> db = new HashMap<>(); - - try (InputStream resourceAsStream = DependencyVulnerabilityCheck.class.getResourceAsStream("/advisories-maven.csv"); - MappingIterator vs = csvMapper.readerWithSchemaFor(Vulnerability.class).readValues(resourceAsStream)) { - vs.forEachRemaining(v -> { - String[] ga = v.getGroupArtifact().split(":"); - db.computeIfAbsent(new GroupArtifact(ga[0], ga[1]), g -> new ArrayList<>()).add(v); - }); - } catch (IOException e) { - throw new RuntimeException(e); - } - - return new Accumulator(db, parsedScope, - new UpgradeDependencyVersion("", "", "", null, null, null) - .getInitialValue(ctx), - new UpgradeTransitiveDependencyVersion("", "", "", null, null, null, null, null, null, null, true) - .getInitialValue(ctx)); - } - - @Override - public TreeVisitor getScanner(Accumulator acc) { - return new TreeVisitor() { - @Override - public @Nullable Tree visit(@Nullable Tree tree, ExecutionContext ctx) { - if (!(tree instanceof SourceFile)) { - return tree; - } - acc.repositoriesFrom((SourceFile) tree); - scanMaven(acc.getDb(), acc.getProjectToVulnerabilities(), acc.getScope()).visitNonNull(tree, ctx); - scanGradleGroovy(acc.getDb(), acc.getProjectToVulnerabilities(), acc.getScope()).visitNonNull(tree, ctx); - new org.openrewrite.java.dependencies.UpgradeDependencyVersion("", "", "", null, null, null) - .getScanner(acc.getDependencyAcc()) - .visit(tree, ctx); - new org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion("", "", "", null, null, null, null, null, null, null, true) - .getScanner(acc.getTransitiveAcc()) - .visit(tree, ctx); - return tree; - } - }; - } - - @Override - public Collection generate(Accumulator acc, ExecutionContext ctx) { - for (Map.Entry projectToVulnerabilities : acc.getProjectToVulnerabilities().entrySet()) { - String projectName = projectToVulnerabilities.getKey(); - for (Map.Entry> vulnerabilitiesByGav : projectToVulnerabilities.getValue().getGavToVulnerabilities().entrySet()) { - for (MinimumDepthVulnerability vDepth : vulnerabilitiesByGav.getValue()) { - Vulnerability v = vDepth.getVulnerability(); - ResolvedGroupArtifactVersion gav = vulnerabilitiesByGav.getKey(); - boolean fixWithVersionUpdateOnly = new LatestPatch(null).isValid(gav.getVersion(), v.getFixedVersion()); - report.insertRow(ctx, new VulnerabilityReport.Row( - projectName, - v.getCve(), - gav.getGroupId(), - gav.getArtifactId(), - gav.getVersion(), - v.getFixedVersion(), - fixWithVersionUpdateOnly, - v.getSummary(), - v.getSeverity().toString(), - vDepth.getMinDepth(), - v.getCwes() - )); - } - } - } - return Collections.emptyList(); - } - - @Override - public TreeVisitor getVisitor(Accumulator acc) { - return new TreeVisitor() { - @Override - public @Nullable Tree visit(@Nullable Tree tree, ExecutionContext ctx) { - if (tree == null) { - return null; - } - Tree t = tree; - Map> upgradeableVulnerabilities = - acc.upgradeableVulnerabilities(); - for (Map.Entry> gavToUpgradeableVulnerabilities : upgradeableVulnerabilities.entrySet()) { - ResolvedGroupArtifactVersion gav = gavToUpgradeableVulnerabilities.getKey(); - Set vulnerabilities = gavToUpgradeableVulnerabilities.getValue(); - String versionToRequest = versionToRequest(vulnerabilities, acc.getRepositories(), ctx); - Tree t2 = new UpgradeDependencyVersion(gav.getGroupId(), gav.getArtifactId(), versionToRequest, null, overrideTransitive, null) - .getVisitor(acc.getDependencyAcc()) - .visitNonNull(t, ctx); - String because = null; - if (t2 == t && overrideTransitive != null && overrideTransitive) { - because = because(vulnerabilities); - t2 = new UpgradeTransitiveDependencyVersion(gav.getGroupId(), gav.getArtifactId(), versionToRequest, scope, null, null, null, because, null, null, true) - .getVisitor(acc.getTransitiveAcc()) - .visitNonNull(t2, ctx); - } - t = t2; - - if (t != tree) { - if (because == null) { - because = because(vulnerabilities); - } - CommitMessage.message(t2, DependencyVulnerabilityCheck.this, because); - } - } - return t; - } - }; - } - - /** - * Of the vulnerabilities with valid upgrade paths, take the highest fixed version. - * See if the highest fixed version can be resolved from the available repositories. - * Sometimes a fix version in the database will slightly inaccurate, such as missing a suffix (milestone, timestamp, etc.). - * If the fix version from the database cannot be validated to exist, leave discovery up to upgrade dependency - * recipes by falling back to "latest.patch". - */ - private String versionToRequest(Set vulnerabilities, List repositories, ExecutionContext ctx) { - Comparator vc = new StaticVersionComparator(); - Vulnerability highestFix = vulnerabilities.stream() - .max(Comparator.comparing( - it -> versionParser.transform(stripExtraneousVersionSuffix(it.getVulnerability().getFixedVersion())), - vc)) - .map(MinimumDepthVulnerability::getVulnerability) - .orElse(null); - if (highestFix != null) { - String[] groupArtifact = highestFix.getGroupArtifact().split(":"); - String groupId = groupArtifact[0]; - String artifactId = groupArtifact[1]; - - try { - MavenMetadata metadata = metadataFailures.insertRows(ctx, () -> new MavenPomDownloader(ctx).downloadMetadata( - new GroupArtifact(groupId, artifactId), null, repositories)); - List versions = metadata.getVersioning().getVersions(); - if (versions.contains(highestFix.getFixedVersion())) { - return highestFix.getFixedVersion(); - } - } catch (MavenDownloadingException e) { - return "latest.patch"; - } - } - return "latest.patch"; - } - - private static @Nullable String because(Collection reasons) { - String because = reasons.stream() - .map(MinimumDepthVulnerability::getVulnerability) - .map(Vulnerability::getCve) - .filter(StringUtils::isNotEmpty) - .distinct() - .collect(Collectors.joining(", ")); - return StringUtils.isBlank(because) ? null : because; - } - - private MavenVisitor scanMaven( - Map> db, - Map projectToVulnerabilities, - Scope aScope) { - return new MavenIsoVisitor() { - @Override - public Xml.Document visitDocument(Xml.Document document, ExecutionContext ctx) { - List scopeDependencies = getResolutionResult().getDependencies().get(aScope); - if (scopeDependencies != null) { - String projectName = projectName(document); - for (ResolvedDependency resolvedDependency : scopeDependencies) { - analyzeDependency(db, - projectToVulnerabilities.computeIfAbsent(projectName, p -> new Vulnerabilities(new LinkedHashMap<>())), - resolvedDependency); - } - } - return document; - } - }; - } - - private static String projectName(Tree t) { - return t.getMarkers().findFirst(JavaProject.class) - .map(JavaProject::getProjectName) - .orElse(""); - } - - private static boolean scopeExcludesConfiguration(GradleDependencyConfiguration configuration, Scope scope) { - switch (scope) { - case Test: - return !configuration.getName().contains("test"); - case Compile: - case Runtime: - return configuration.getName().contains("test"); - case Provided: - return !configuration.getName().contains("provided") && !configuration.getName().contains("compileOnly"); - default: - return false; - } - } - - private GroovyVisitor scanGradleGroovy( - Map> db, - Map projectToVulnerabilities, - Scope aScope) { - return new GroovyIsoVisitor() { - @Override - public G.CompilationUnit visitCompilationUnit(G.CompilationUnit cu, ExecutionContext ctx) { - cu.getMarkers().findFirst(GradleProject.class).ifPresent(gradleProject -> { - String projectName = projectName(cu); - for (GradleDependencyConfiguration configuration : gradleProject.getConfigurations()) { - if (scopeExcludesConfiguration(configuration, aScope)) { - continue; - } - for (ResolvedDependency resolvedDependency : configuration.getResolved()) { - if (!StringUtils.isBlank(resolvedDependency.getVersion())) { - analyzeDependency(db, - projectToVulnerabilities.computeIfAbsent(projectName, p -> new Vulnerabilities(new LinkedHashMap<>())), - resolvedDependency); - } - } - } - }); - return cu; - } - }; - } - - private void analyzeDependency( - Map> db, - Vulnerabilities vulnerabilities, - ResolvedDependency resolvedDependency) { - List vs = db.get(new GroupArtifact(resolvedDependency.getGroupId(), resolvedDependency.getArtifactId())); - if (vs != null) { - Set gavVs = null; - Comparator vc = new StaticVersionComparator(); - - nextVulnerability: - for (Vulnerability v : vs) { - // Some dependencies have a ".RELEASE" suffix. - // For example spring-security-core had a .RELEASE suffix for versions >=2.0.5 and <5.4.0. No suffixes since then - // The vulnerability database is inconsistent about whether the ".RELEASE" is included in the fixed version - // This inconsistency complicates comparisons because "5.3.0" != "5.3.0.RELEASE" - // This inconsistency complicates dependency upgrade since we don't know which version number format to request - // Therefore ignore the suffix during comparison but record it so that version upgrades can try both with and without the suffix - // The edge case of ".RELEASE" being introduced into a version scheme between patch versions is possible but hopefully rare - boolean isLessThanFixed = StringUtils.isBlank(v.getFixedVersion()); - if (!isLessThanFixed && - vc.compare( - versionParser.transform(stripExtraneousVersionSuffix(v.getFixedVersion())), - versionParser.transform(stripExtraneousVersionSuffix(resolvedDependency.getVersion()))) > 0) { - isLessThanFixed = true; - } - - if (isLessThanFixed && - vc.compare( - versionParser.transform(stripExtraneousVersionSuffix(v.getIntroducedVersion())), - versionParser.transform(stripExtraneousVersionSuffix(resolvedDependency.getVersion()))) <= 0) { - if (gavVs == null) { - gavVs = vulnerabilities.computeIfAbsent(resolvedDependency.getGav(), ga -> new TreeSet<>( - Comparator.comparing((MinimumDepthVulnerability vDep) -> vDep.getVulnerability().getSeverity()).reversed() - .thenComparing((MinimumDepthVulnerability vDep) -> vDep.getVulnerability().getCve()))); - } - - for (MinimumDepthVulnerability vDep : gavVs) { - if (vDep.getVulnerability().equals(v)) { - vDep.minDepth = Math.min(vDep.minDepth, resolvedDependency.getDepth()); - continue nextVulnerability; - } - } - - gavVs.add(new MinimumDepthVulnerability(resolvedDependency.getDepth(), v)); - } - } - } - } - - - @Value - public static class MinimumDepthVulnerability { - @NonFinal - int minDepth; - - Vulnerability vulnerability; - } - - private static String stripExtraneousVersionSuffix(String version) { - if (version.endsWith(".RELEASE")) { - return version.substring(0, version.length() - ".RELEASE".length()); - } - return version; - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/Sbom.java b/src/main/java/org/openrewrite/java/dependencies/Sbom.java deleted file mode 100644 index 16c06cc..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/Sbom.java +++ /dev/null @@ -1,294 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import com.fasterxml.jackson.annotation.*; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; -import lombok.Builder; -import lombok.Value; -import org.jspecify.annotations.Nullable; -import org.openrewrite.gradle.marker.GradleDependencyConfiguration; -import org.openrewrite.gradle.marker.GradleProject; -import org.openrewrite.marker.Marker; -import org.openrewrite.maven.tree.MavenResolutionResult; -import org.openrewrite.maven.tree.ResolvedDependency; -import org.openrewrite.maven.tree.Scope; - -import java.util.*; -import java.util.stream.Collectors; - -import static java.util.Collections.singletonList; - -/** - * A CycloneDX 1.6 Software Bill of Materials (SBOM). - */ -@Value -public class Sbom { - - public static Sbom.@Nullable Bom sbomFrom(Marker m) { - if(m instanceof MavenResolutionResult) { - return sbomFrom((MavenResolutionResult) m); - } else if(m instanceof GradleProject) { - return sbomFrom((GradleProject) m); - } - return null; - } - - - public static Sbom.Bom sbomFrom(MavenResolutionResult mrr) { - return Bom.builder() - .version(mrr.getPom().getVersion()) - .metadata(Metadata.builder() - .tools(singletonList(Tool.builder() - .vendor("OpenRewrite by Moderne") - .name("OpenRewrite CycloneDX") - .version("8.32.0") - .build())) - .component(componentFrom(mrr)) - .build()) - .components(componentsFrom(mrr)) - .dependencies(dependenciesFrom(mrr)) - .build(); - } - - public static Sbom.Bom sbomFrom(GradleProject gp) { - return Bom.builder() - .version(gp.getVersion()) - .metadata(Metadata.builder() - .tools(singletonList(Tool.builder() - .vendor("OpenRewrite by Moderne") - .name("OpenRewrite CycloneDX") - .version("8.32.0") - .build())) - .component(componentFrom(gp)) - .build()) - .components(componentsFrom(gp)) - .dependencies(dependenciesFrom(gp)) - .build(); - } - - private static Sbom.Component componentFrom(MavenResolutionResult mrr) { - String groupId = mrr.getPom().getGroupId(); - String artifactId = mrr.getPom().getArtifactId(); - String version = mrr.getPom().getVersion(); - String bomRef = bomRefFrom(groupId, artifactId, version); - return Component.builder() - .bomRef(bomRef) - .group(groupId) - .name(artifactId) - .version(version) - .purl(bomRef) - .build(); - } - private static Sbom.Component componentFrom(GradleProject gp) { - String groupId = gp.getGroup(); - String artifactId = gp.getName(); - String version = gp.getVersion(); - String bomRef = bomRefFrom(groupId, artifactId, version); - return Component.builder() - .bomRef(bomRef) - .group(groupId) - .name(artifactId) - .version(version) - .purl(bomRef) - .build(); - } - - private static String bomRefFrom(@Nullable String groupId, String artifactId, @Nullable String version) { - return String.format("pkg:maven/%s/%s@%s", - groupId == null ? "" : groupId, - artifactId, - version == null ? "" : version); - } - - private static List componentsFrom(MavenResolutionResult mrr) { - List compileDependencies = mrr.getDependencies().getOrDefault(Scope.Runtime, Collections.emptyList()); - List providedDependencies = mrr.getDependencies().getOrDefault(Scope.Provided, Collections.emptyList()); - return componentsFrom(compileDependencies, providedDependencies); - } - - private static List componentsFrom(GradleProject gp) { - List compileDependencies = Optional.ofNullable(gp.getConfiguration("runtimeClasspath")) - .map(GradleDependencyConfiguration::getDirectResolved) - .orElseGet(Collections::emptyList); - List providedDependencies = Optional.ofNullable(gp.getConfiguration("compileOnly")) - .map(GradleDependencyConfiguration::getDirectResolved) - .orElseGet(Collections::emptyList); - return componentsFrom(compileDependencies, providedDependencies); - } - - private static List componentsFrom(List compileDependencies, List providedDependencies) { - List components = new ArrayList<>(compileDependencies.size() + providedDependencies.size()); - Set seen = new HashSet<>(); - for (ResolvedDependency dep : compileDependencies) { - String bomRef = bomRefFrom(dep.getGroupId(), dep.getArtifactId(), dep.getVersion()); - seen.add(bomRef); - components.add(Component.builder() - .bomRef(bomRef) - .group(dep.getGroupId()) - .name(dep.getArtifactId()) - .version(dep.getVersion()) - .scope("required") - .licenses(dep.getLicenses().stream() - .map(l -> License.builder() - .name(l.getName()) - .build()) - .collect(Collectors.toList())) - .purl(bomRef) - .build()); - } - for (ResolvedDependency dep : providedDependencies) { - String bomRef = bomRefFrom(dep.getGroupId(), dep.getArtifactId(), dep.getVersion()); - // Provided is a superset of Compile - // Only add "optional" components for things not already recorded as "required" - if (seen.add(bomRef)) { - components.add(Component.builder() - .bomRef(bomRef) - .group(dep.getGroupId()) - .name(dep.getArtifactId()) - .version(dep.getVersion()) - .scope("optional") - .purl(bomRef) - .build()); - } - } - - return components; - } - - private static List dependenciesFrom(MavenResolutionResult mrr) { - List compileDependencies = mrr.getDependencies().getOrDefault(Scope.Runtime, Collections.emptyList()); - List providedDependencies = mrr.getDependencies().getOrDefault(Scope.Provided, Collections.emptyList()); - return dependenciesFrom(compileDependencies, providedDependencies); - } - - private static List dependenciesFrom(GradleProject gp) { - List compileDependencies = Optional.ofNullable(gp.getConfiguration("runtimeClasspath")) - .map(GradleDependencyConfiguration::getDirectResolved) - .orElseGet(Collections::emptyList); - List providedDependencies = Optional.ofNullable(gp.getConfiguration("compileOnly")) - .map(GradleDependencyConfiguration::getDirectResolved) - .orElseGet(Collections::emptyList); - return dependenciesFrom(compileDependencies, providedDependencies); - } - - private static List dependenciesFrom(List compileDependencies, List providedDependencies) { - List dependencies = new ArrayList<>(compileDependencies.size() + providedDependencies.size()); - - Set seen = new HashSet<>(); - for (ResolvedDependency dep : compileDependencies) { - Dependency dependency = dependencyFrom(dep); - if (seen.add(dependency)) { - dependencies.add(dependency); - } - } - for (ResolvedDependency dep : providedDependencies) { - Dependency dependency = dependencyFrom(dep); - if (seen.add(dependency)) { - dependencies.add(dependencyFrom(dep)); - } - } - return dependencies; - } - - private static Dependency dependencyFrom(ResolvedDependency dep) { - return Dependency.builder() - .ref(bomRefFrom(dep.getGroupId(), dep.getArtifactId(), dep.getVersion())) - .dependencies(dep.getDependencies().stream() - .map(Sbom::dependencyFrom) - .collect(Collectors.toList())) - .build(); - } - - @Builder - @Value - @JacksonXmlRootElement(localName = "bom") - @JsonPropertyOrder({"xmlns", "version"}) - public static class Bom { - @JacksonXmlProperty(isAttribute = true) - String xmlns = "http://cyclonedx.org/schema/bom/1.6"; - - @JacksonXmlProperty(isAttribute = true) - String version; - - Metadata metadata; - @JacksonXmlElementWrapper(localName = "components") - @JacksonXmlProperty(localName = "component") - List components; - - @JacksonXmlElementWrapper(localName = "dependencies") - @JacksonXmlProperty(localName = "dependency") - List dependencies; - } - - @Builder - @Value - public static class Metadata { - @JacksonXmlElementWrapper(localName = "tools") - @JacksonXmlProperty(localName = "tool") - List tools; - Component component; - } - - @Builder - @Value - public static class Tool { - String vendor; - String name; - String version; - } - - @Builder - @Value - @JsonPropertyOrder({"xmlns", "type", "group", "name", "version", "version"}) - public static class Component { - @JacksonXmlProperty(isAttribute = true, localName = "bom-ref") - String bomRef; - - @JacksonXmlProperty(isAttribute = true) - @Nullable - String type; - - String group; - String name; - String version; - @Nullable - String scope; - @JacksonXmlElementWrapper(localName = "licenses") - @JacksonXmlProperty(localName = "license") - List licenses; - String purl; - } - - @Builder - @Value - public static class License { - String id; - String name; - } - - @Builder - @Value - public static class Dependency { - @JacksonXmlProperty(isAttribute = true) - String ref; - @JacksonXmlElementWrapper(useWrapping = false) - @JacksonXmlProperty(localName = "dependency") - List dependencies; - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterials.java b/src/main/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterials.java deleted file mode 100644 index faf674b..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterials.java +++ /dev/null @@ -1,154 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.SerializationFeature; -import com.fasterxml.jackson.dataformat.xml.XmlMapper; -import lombok.EqualsAndHashCode; -import lombok.Value; -import org.intellij.lang.annotations.Language; -import org.openrewrite.*; -import org.openrewrite.gradle.marker.GradleProject; -import org.openrewrite.marker.Marker; -import org.openrewrite.maven.tree.MavenResolutionResult; -import org.openrewrite.xml.SemanticallyEqual; -import org.openrewrite.xml.XmlParser; -import org.openrewrite.xml.XmlVisitor; -import org.openrewrite.xml.tree.Xml; - -import java.nio.file.Path; -import java.nio.file.Paths; -import java.util.*; - -@Value -@EqualsAndHashCode(callSuper = false) -public class SoftwareBillOfMaterials extends ScanningRecipe { - - @Override - public String getDisplayName() { - return "Software bill of materials"; - } - - @Override - public String getDescription() { - //language=markdown - return "Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies " + - "used in a project, including transitive dependencies. The produced SBOM is in the [CycloneDX](https://cyclonedx.org/) XML format. " + - "Supports Gradle and Maven. " + - "Places a file named sbom.xml adjacent to the Gradle or Maven build file."; - } - - @Override - public Set getTags() { - return Collections.singleton("CycloneDX"); - } - - public static class Accumulator { - Set existingSboms = new LinkedHashSet<>(); - Set sbomPaths = new LinkedHashSet<>(); - Map sbomPathToDependencyMarker = new HashMap<>(); - } - - private static final XmlMapper xmlMapper = (XmlMapper) new XmlMapper() - .setSerializationInclusion(JsonInclude.Include.NON_EMPTY) - .setSerializationInclusion(JsonInclude.Include.NON_ABSENT) - .enable(SerializationFeature.INDENT_OUTPUT); - - @Override - public Accumulator getInitialValue(ExecutionContext ctx) { - return new Accumulator(); - } - - @Override - public TreeVisitor getScanner(Accumulator acc) { - //noinspection NullableProblems - return new TreeVisitor() { - @Override - public Tree visit(Tree tree, ExecutionContext ctx) { - SourceFile s = (SourceFile) tree; - if (s.getSourcePath().toString().endsWith("sbom.xml")) { - acc.existingSboms.add(s.getSourcePath()); - return tree; - } - s.getMarkers().getMarkers() - .stream() - .filter(marker -> marker instanceof GradleProject || marker instanceof MavenResolutionResult) - .forEach(e -> { - String sbomPathString = PathUtils.separatorsToUnix(s.getSourcePath().toString()); - sbomPathString = sbomPathString.substring(0, sbomPathString.lastIndexOf("/") + 1) + "sbom.xml"; - Path sbomPath = Paths.get(sbomPathString); - acc.sbomPaths.add(sbomPath); - acc.sbomPathToDependencyMarker.put(sbomPath, e); - }); - return tree; - } - }; - } - - @Override - public Collection generate(Accumulator acc, Collection generatedInThisCycle, ExecutionContext ctx) { - Set newSbomPaths = new LinkedHashSet<>(acc.sbomPaths); - newSbomPaths.removeAll(acc.existingSboms); - List newSboms = new ArrayList<>(); - XmlParser xmlParser = XmlParser.builder().build(); - for (Path sbomPath : newSbomPaths) { - xmlParser.parse(ctx, "") - .map(it -> (Xml.Document) it.withSourcePath(sbomPath)) - .findAny() - .ifPresent(newSboms::add); - } - return newSboms; - } - - @Override - public TreeVisitor getVisitor(Accumulator acc) { - return new XmlVisitor() { - @Override - public Xml visitDocument(Xml.Document document, ExecutionContext ctx) { - if (!acc.sbomPaths.contains(document.getSourcePath())) { - return document; - } - Marker marker = acc.sbomPathToDependencyMarker.get(document.getSourcePath()); - if (marker != null) { - Sbom.Bom sbom = Sbom.sbomFrom(marker); - try { - @Language("xml") - String rawSbom = "\n" + - xmlMapper.writeValueAsString(sbom) - .replaceAll("\r", "") + "\n"; - XmlParser xmlParser = XmlParser.builder().build(); - //noinspection OptionalGetWithoutIsPresent - Xml.Document d = xmlParser.parse(rawSbom) - .map(it -> it.withSourcePath(document.getSourcePath()) - .withId(document.getId())) - .map(Xml.Document.class::cast) - .findAny() - .get(); - if (SemanticallyEqual.areEqual(document, d)) { - return document; - } - return d; - } catch (JsonProcessingException e) { - throw new RuntimeException(e); - } - } - return document; - } - }; - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/Vulnerability.java b/src/main/java/org/openrewrite/java/dependencies/Vulnerability.java deleted file mode 100644 index 63d748d..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/Vulnerability.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import com.fasterxml.jackson.annotation.JsonPropertyOrder; -import lombok.EqualsAndHashCode; -import lombok.Value; - -import java.time.ZonedDateTime; - -@Value -@EqualsAndHashCode(onlyExplicitlyIncluded = true) -@JsonPropertyOrder({"cve", "publishedAt", "summary", "groupArtifact", "introducedVersion", "fixedVersion", "severity", "cwes"}) -public class Vulnerability { - @EqualsAndHashCode.Include - String cve; - - ZonedDateTime publishedAt; - String summary; - String groupArtifact; - @EqualsAndHashCode.Include - String introducedVersion; - String fixedVersion; - Severity severity; - /** - * Common Weakness Enumerations are semicolon separated. - */ - String cwes; - - public enum Severity { - LOW, - MODERATE, - HIGH, - CRITICAL - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/ParseAdvisories.java b/src/main/java/org/openrewrite/java/dependencies/github/ParseAdvisories.java deleted file mode 100644 index 3fdf7ad..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/ParseAdvisories.java +++ /dev/null @@ -1,141 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github; - -import com.fasterxml.jackson.core.JsonGenerator; -import com.fasterxml.jackson.databind.*; -import com.fasterxml.jackson.dataformat.csv.CsvFactory; -import com.fasterxml.jackson.dataformat.csv.CsvMapper; -import com.fasterxml.jackson.dataformat.csv.CsvSchema; -import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule; -import org.openrewrite.java.dependencies.Vulnerability; -import org.openrewrite.java.dependencies.github.advisories.Advisory; -import org.openrewrite.java.dependencies.github.advisories.Affected; -import org.openrewrite.java.dependencies.github.advisories.Range; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.nio.file.FileVisitResult; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.SimpleFileVisitor; -import java.nio.file.attribute.BasicFileAttributes; -import java.util.List; - -import static java.util.Collections.emptySet; - -public class ParseAdvisories { - public static void main(String[] args) throws IOException { - if (args.length != 3) { - System.err.println("Usage: ParseAdvisories "); - System.exit(1); - } - File advisoriesRepo = new File(args[0]); - if (!advisoriesRepo.isDirectory() || !advisoriesRepo.canRead()) { - System.err.println("Advisories repo " + advisoriesRepo + " not readable"); - System.exit(1); - } - String ecosystem = args[1]; - File advisoriesCsv = new File(args[2]); - if (!advisoriesCsv.createNewFile() && !advisoriesCsv.canWrite()) { - System.err.println("Advisories CSV " + advisoriesCsv + " not writable"); - System.exit(1); - } - - parseAdvisories(advisoriesRepo, ecosystem, advisoriesCsv); - } - - static void parseAdvisories(File advisoriesRepoInput, String ecosystem, File advisoriesCsvOutput) throws IOException { - try (FileOutputStream fos = new FileOutputStream(advisoriesCsvOutput)) { - Files.walkFileTree(advisoriesRepoInput.toPath(), emptySet(), 16, new MavenAdvisoriesVisitor(ecosystem, fos)); - } - } - - private static final class MavenAdvisoriesVisitor extends SimpleFileVisitor { - private final String ecosystem; - private final FileOutputStream fos; - private final ObjectMapper reader; - private final ObjectWriter writer; - - public MavenAdvisoriesVisitor(String ecosystem, FileOutputStream fos) { - this.ecosystem = ecosystem; - this.fos = fos; - this.reader = getObjectMapper(); - this.writer = getObjectWriter(); - } - - private Path current; - - @Override - public FileVisitResult visitFile(Path path, BasicFileAttributes attrs) throws IOException { - if (path.getFileName().toString().endsWith(".json")) { - - Path parent = path.getParent().getParent(); - if (current == null || !current.equals(parent)) { - current = parent; - System.out.println("Parsing " + current); - } - - Advisory advisory = reader.readValue(path.toFile(), Advisory.class); - for (Affected affected : advisory.getAffected()) { - if (affected.getPkg().getEcosystem().equalsIgnoreCase(ecosystem) && - affected.getRanges() != null && - !affected.getRanges().isEmpty()) { - Range range = affected.getRanges().iterator().next(); - String cve = advisory.getAliases().isEmpty() ? - advisory.getId() : - advisory.getAliases().iterator().next(); - List cweIds = advisory.getDatabaseSpecific().getCweIds(); - String cwes = cweIds == null || cweIds.isEmpty() ? null : String.join(";", cweIds); - Vulnerability vulnerability = new Vulnerability( - cve, - advisory.getPublished(), - advisory.getSummary(), - affected.getPkg().getName(), - range.getIntroduced(), - range.getFixed(), - Vulnerability.Severity.valueOf(advisory.getDatabaseSpecific().getSeverity()), - cwes - ); - writer.writeValue(fos, vulnerability); - } - } - } - return FileVisitResult.CONTINUE; - } - - private static ObjectMapper getObjectMapper() { - return new ObjectMapper() - .setPropertyNamingStrategy(PropertyNamingStrategies.SNAKE_CASE) - .disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES) - .registerModule(new JavaTimeModule()); - } - - private static ObjectWriter getObjectWriter() { - CsvFactory factory = new CsvFactory(); - factory.configure(JsonGenerator.Feature.AUTO_CLOSE_TARGET, false); - CsvMapper csvMapper = (CsvMapper) CsvMapper.builder(factory) - .disable(MapperFeature.SORT_PROPERTIES_ALPHABETICALLY) - .disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS) - .build() - .registerModule(new JavaTimeModule()); - CsvSchema schema = csvMapper.schemaFor(Vulnerability.class); - return csvMapper.writer(schema); - } - } - -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Advisory.java b/src/main/java/org/openrewrite/java/dependencies/github/advisories/Advisory.java deleted file mode 100644 index 000dbe7..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Advisory.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github.advisories; - -import lombok.Value; - -import java.time.ZonedDateTime; -import java.util.List; - -@Value -public class Advisory { - String id; - ZonedDateTime published; - List affected; - List aliases; - String summary; - - DatabaseSpecific databaseSpecific; -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Affected.java b/src/main/java/org/openrewrite/java/dependencies/github/advisories/Affected.java deleted file mode 100644 index 63eeb70..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Affected.java +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github.advisories; - -import com.fasterxml.jackson.annotation.JsonProperty; -import lombok.Value; - -import java.util.List; - -@Value -public class Affected { - - @JsonProperty("package") - Package pkg; - - List ranges; -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/advisories/DatabaseSpecific.java b/src/main/java/org/openrewrite/java/dependencies/github/advisories/DatabaseSpecific.java deleted file mode 100644 index 9169168..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/advisories/DatabaseSpecific.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github.advisories; - -import lombok.Value; -import org.jspecify.annotations.Nullable; - -import java.util.List; - -@Value -public class DatabaseSpecific { - @Nullable - String severity; - - List cweIds; -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Package.java b/src/main/java/org/openrewrite/java/dependencies/github/advisories/Package.java deleted file mode 100644 index 413874c..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Package.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github.advisories; - -import lombok.Value; - -@Value -public class Package { - String ecosystem; - String name; -} diff --git a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Range.java b/src/main/java/org/openrewrite/java/dependencies/github/advisories/Range.java deleted file mode 100644 index eb9190f..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/github/advisories/Range.java +++ /dev/null @@ -1,53 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github.advisories; - -import lombok.Value; -import org.jspecify.annotations.Nullable; - -import java.util.List; - -@Value -public class Range { - List events; - - public @Nullable String getIntroduced() { - for (Event event : events) { - if (event.getIntroduced() != null) { - return event.getIntroduced(); - } - } - return null; - } - - public @Nullable String getFixed() { - for (Event event : events) { - if (event.getFixed() != null) { - return event.getFixed(); - } - } - return null; - } - - @Value - public static class Event { - @Nullable - String introduced; - - @Nullable - String fixed; - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/table/LicenseReport.java b/src/main/java/org/openrewrite/java/dependencies/table/LicenseReport.java deleted file mode 100644 index 4ddbe02..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/table/LicenseReport.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.table; - -import com.fasterxml.jackson.annotation.JsonIgnoreType; -import lombok.Value; -import org.openrewrite.Column; -import org.openrewrite.DataTable; -import org.openrewrite.Recipe; - -@JsonIgnoreType -public class LicenseReport extends DataTable { - - public LicenseReport(Recipe recipe) { - super(recipe, - "License report", - "Contains a license report of third-party dependencies."); - } - - @Value - public static class Row { - @Column(displayName = "Group", - description = "The first part of a dependency coordinate `com.google.guava:guava:VERSION`.") - String groupId; - - @Column(displayName = "Artifact", - description = "The second part of a dependency coordinate `com.google.guava:guava:VERSION`.") - String artifactId; - - @Column(displayName = "Version", - description = "The resolved version.") - String version; - - @Column(displayName = "License name", - description = "The actual name of the license as written in the third-party dependency.") - String licenseName; - - @Column(displayName = "License type", - description = "The license in use, based on the category of license inferred from the name.") - String licenseType; - } -} diff --git a/src/main/java/org/openrewrite/java/dependencies/table/VulnerabilityReport.java b/src/main/java/org/openrewrite/java/dependencies/table/VulnerabilityReport.java deleted file mode 100644 index 5abee02..0000000 --- a/src/main/java/org/openrewrite/java/dependencies/table/VulnerabilityReport.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.table; - -import com.fasterxml.jackson.annotation.JsonIgnoreType; -import lombok.Value; -import org.openrewrite.Column; -import org.openrewrite.DataTable; -import org.openrewrite.Recipe; - -@JsonIgnoreType -public class VulnerabilityReport extends DataTable { - - public VulnerabilityReport(Recipe recipe) { - super(recipe, - "Vulnerability report", - "A vulnerability report that includes detailed information about the affected artifact and the corresponding CVEs."); - } - - @Value - public static class Row { - @Column(displayName = "Project", - description = "The name of the project / module taking the dependency. Relevant in repositories with multiple modules.") - String projectName; - - @Column(displayName = "CVE", - description = "The CVE number.") - String cve; - - @Column(displayName = "Group", - description = "The first part of a dependency coordinate `com.google.guava:guava:VERSION`.") - String groupId; - - @Column(displayName = "Artifact", - description = "The second part of a dependency coordinate `com.google.guava:guava:VERSION`.") - String artifactId; - - @Column(displayName = "Version", - description = "The resolved version.") - String version; - - @Column(displayName = "Fixed in version", - description = "The minimum version that is no longer vulnerable.") - String fixedVersion; - - @Column(displayName = "Fixable with version update only", - //language=markdown - description = "Whether the vulnerability is likely to be fixed by increasing the dependency version only, " + - "with no code modifications required. This is a heuristic which assumes that the dependency " + - "is accurately versioned according to [semver](https://semver.org/).") - boolean fixWithVersionUpdateOnly; - - @Column(displayName = "Summary", - description = "The summary of the CVE.") - String summary; - - @Column(displayName = "Base score", - description = "The calculated base score.") - String severity; - - @Column(displayName = "Depth", - description = "Zero for direct dependencies.") - Integer depth; - - @Column(displayName = "CWEs", - description = "Common Weakness Enumeration (CWE) identifiers; semicolon separated.") - String CWEs; - } -} diff --git a/src/main/resources/META-INF/rewrite/category.yml b/src/main/resources/META-INF/rewrite/category.yml deleted file mode 100644 index 151c44c..0000000 --- a/src/main/resources/META-INF/rewrite/category.yml +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright 2023 the original author or authors. -#

-# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -#

-# https://www.apache.org/licenses/LICENSE-2.0 -#

-# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - ---- -type: specs.openrewrite.org/v1beta/category -name: C# -packageName: org.openrewrite.csharp -description: Recipes for C# codebases. diff --git a/src/main/resources/advisories-maven.csv b/src/main/resources/advisories-maven.csv deleted file mode 100644 index 6e37c51..0000000 --- a/src/main/resources/advisories-maven.csv +++ /dev/null @@ -1,8298 +0,0 @@ -CVE-2000-0759,2022-04-30T18:14:15Z,"Jakarta Apache Tomcat Reveals Physical Paths",org.apache.tomcat:tomcat,0,,MODERATE,CWE-200 -CVE-2000-1210,2022-04-30T18:15:08Z,"Apache Tomcat Directory Traversal",org.apache.tomcat:tomcat,0,,MODERATE,CWE-22 -CVE-2001-0590,2022-04-30T18:16:22Z,"Apache Tomcat Allows Source Disclosure","org.apache.tomcat:tomcat-servlet-api",0,3.2.2,MODERATE,CWE-200 -CVE-2001-0829,2022-04-30T18:16:47Z,"Apache Tomcat allows webmasters to insert xss into error messages",org.apache.tomcat:tomcat,0,,MODERATE,CWE-80 -CVE-2002-0493,2022-04-30T18:19:20Z,"Apache Tomcat may be started without proper security settings",org.apache.tomcat:tomcat,0,4.0b7,HIGH,CWE-276 -CVE-2002-0935,2022-04-30T18:20:13Z,"Apache Tomcat DoS Via Requests Including Null Characters",org.apache.tomcat:tomcat,0,4.1.3-beta,MODERATE,CWE-400 -CVE-2002-1148,2022-04-30T18:20:37Z,"Apache Tomcat Source Code Disclosure",org.apache.tomcat:tomcat,4.0.0,4.0.5,MODERATE,CWE-200 -CVE-2002-1148,2022-04-30T18:20:37Z,"Apache Tomcat Source Code Disclosure",org.apache.tomcat:tomcat,4.1.0,4.1.12,MODERATE,CWE-200 -CVE-2002-1394,2022-04-30T18:21:05Z,"Apache Tomcat Source Code Disclosure",org.apache.tomcat:tomcat,0,4.0.6,HIGH,CWE-200 -CVE-2002-1533,2022-04-30T18:21:21Z,"Jetty Javascript Inclusion Vulnerability",org.mortbay.jetty:jetty,0,4.1.1,MODERATE,CWE-80 -CVE-2002-1567,2022-04-30T18:21:25Z,"Apache Tomcat XSS Vulnerability",org.apache.tomcat:tomcat,4.1.0,4.1.29,MODERATE,CWE-79 -CVE-2002-2006,2022-04-30T18:22:18Z,"Apache Tomcat Default Installation Reveals Sensitive Information",org.apache.tomcat:tomcat,3.0,3.3a,LOW, -CVE-2002-2006,2022-04-30T18:22:18Z,"Apache Tomcat Default Installation Reveals Sensitive Information",org.apache.tomcat:tomcat,4.0.0,4.1.0,LOW, -CVE-2002-2272,2022-04-30T18:22:50Z,"Apache Tomcat DoS via Malicious Get Request",org.apache.tomcat:tomcat,4.0.0,,HIGH,CWE-119 -CVE-2003-0042,2022-04-29T01:25:43Z,"Jakarta Tomcat Directory Listing vulnerability",org.apache.tomcat:tomcat,0,3.3.1a,MODERATE,CWE-22 -CVE-2003-0044,2022-04-29T01:25:44Z,"Jakarta Tomcat cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,3.0,3.3.2,MODERATE,CWE-79 -CVE-2003-0045,2022-04-29T01:25:43Z,"Jakarta Tomcat Denial of Service vulnerability",org.apache.tomcat:tomcat,0,3.3.1a,MODERATE,CWE-400 -CVE-2003-0866,2022-04-29T01:27:08Z,"Apache Tomcat Denial of Service vulnerability in the Catalina package",org.apache.tomcat:tomcat,4.0,4.1.0,MODERATE,CWE-400 -CVE-2004-2381,2022-04-29T03:01:19Z,"Jetty HTTP Server Denial of Service vulnerability",org.mortbay.jetty:jetty,0,4.2.19,MODERATE,CWE-400 -CVE-2004-2650,2022-04-29T03:01:51Z,"Apache James Denial of Service","org.apache.james:james-server",0,2.2.0,MODERATE,CWE-400 -CVE-2005-2090,2022-05-01T02:04:54Z,"Tomcat Vulnerable to Web Cache Poisoning",org.apache.tomcat:tomcat,4.0.0,,MODERATE, -CVE-2005-2090,2022-05-01T02:04:54Z,"Tomcat Vulnerable to Web Cache Poisoning",org.apache.tomcat:tomcat,5.0.0,,MODERATE, -CVE-2005-3164,2022-05-01T02:15:08Z,"Apache Tomcat AJP Connector Information Leak",org.apache.tomcat:tomcat,4.0.1,,LOW,CWE-200 -CVE-2005-3164,2022-05-01T02:15:08Z,"Apache Tomcat AJP Connector Information Leak",org.apache.tomcat:tomcat,4.1.0,,LOW,CWE-200 -CVE-2005-3745,2022-05-01T02:20:38Z,"Apache Struts Cross-site scripting Vulnerability","org.apache.struts:struts-core",0,,MODERATE,CWE-80 -CVE-2005-3747,2022-05-01T02:20:38Z,"Mortbay Jetty Discloses JSP Source Code",org.mortbay.jetty:jetty,0,5.1.6,MODERATE,CWE-200 -CVE-2005-4703,2022-05-01T02:29:50Z,"Apache Tomcat Discloses MS-DOS Pathname",org.apache.tomcat:tomcat,0,,MODERATE,CWE-200 -CVE-2005-4836,2022-05-01T02:31:23Z,"Apache Tomcat allows remote attackers to read JSP source files",org.apache.tomcat:tomcat,4.1.15,,HIGH,CWE-200 -CVE-2005-4849,2022-05-01T02:31:27Z,"Apache Derby exposes user and password attributes",org.apache.derby:derby,0,10.1.2.1,MODERATE,CWE-200 -CVE-2006-0254,2022-05-01T06:38:20Z,"Apache Geronimo console 1.0 vulnerable to cross-site scripting","geronimo:geronimo-console-standard",0,1.1,MODERATE,CWE-79 -CVE-2006-1546,2022-05-01T06:50:42Z,"Apache Struts vulnerable to Improper Input Validation",struts:struts,0,1.2.9,HIGH,CWE-20 -CVE-2006-1547,2022-05-01T06:50:42Z,"Improper Input Validation in Apache Struts",struts:struts,0,1.2.9,HIGH,CWE-20 -CVE-2006-1548,2022-05-01T06:50:42Z,"Cross-site scripting in Apache Struts",struts:struts,0,1.2.9,LOW,CWE-79 -CVE-2006-2758,2022-05-01T07:02:10Z,"Jetty Directory Traversal Vulnerability",org.mortbay.jetty:jetty,0,,MODERATE,CWE-22 -CVE-2006-2759,2022-05-01T07:02:10Z,"Improper Input Validation in Mortbay Jetty ",org.mortbay.jetty:jetty,0,6.0.0,MODERATE,CWE-20 -CVE-2006-3936,2022-05-01T07:13:46Z,"Alkacon OpenCms Exposes JSP Source Code",org.opencms:opencms-core,0,6.2.2,MODERATE,CWE-200 -CVE-2006-6969,2022-05-01T07:43:29Z,"Jetty Uses Predictable Session Identifiers","org.eclipse.jetty:jetty-server",0,4.2.27,MODERATE,CWE-330 -CVE-2006-6969,2022-05-01T07:43:29Z,"Jetty Uses Predictable Session Identifiers","org.eclipse.jetty:jetty-server",5.1.0,5.1.12,MODERATE,CWE-330 -CVE-2006-6969,2022-05-01T07:43:29Z,"Jetty Uses Predictable Session Identifiers","org.eclipse.jetty:jetty-server",6.0.0,6.0.2,MODERATE,CWE-330 -CVE-2006-6969,2022-05-01T07:43:29Z,"Jetty Uses Predictable Session Identifiers","org.eclipse.jetty:jetty-server",6.1.0pre1,6.1.0pre3,MODERATE,CWE-330 -CVE-2006-7195,2022-05-01T07:45:38Z,"Apache Tomcat XSS Vulnerability",org.apache.tomcat:tomcat,5.0.0,,MODERATE,CWE-79;CWE-80 -CVE-2006-7195,2022-05-01T07:45:38Z,"Apache Tomcat XSS Vulnerability",org.apache.tomcat:tomcat,5.5.0,5.5.18,MODERATE,CWE-79;CWE-80 -CVE-2006-7196,2022-05-01T07:45:38Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,4.0.0,4.0.7,MODERATE,CWE-79 -CVE-2006-7196,2022-05-01T07:45:38Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,4.1.32,MODERATE,CWE-79 -CVE-2006-7196,2022-05-01T07:45:38Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,5.0.0,5.0.31,MODERATE,CWE-79 -CVE-2006-7196,2022-05-01T07:45:38Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.16,MODERATE,CWE-79 -CVE-2006-7197,2022-05-01T07:45:38Z,"Apache Tomcat Buffer Over-Read",org.apache.tomcat:tomcat,0,,HIGH,CWE-126 -CVE-2006-7217,2022-05-01T07:45:41Z,"Apache Derby SQL Injection",org.apache.derby:derby,0,10.2.1.6,MODERATE,CWE-89 -CVE-2006-7223,2022-05-01T07:45:42Z,"XWiki Remote Code Execution","org.xwiki.platform:xwiki-platform-oldcore",0.9.543,1.0B1,MODERATE, -CVE-2007-0184,2022-05-01T17:42:17Z,"Incorrect Authorization in Getahead Direct Web Remoting","org.directwebremoting:dwr",0,1.1.4,HIGH,CWE-863 -CVE-2007-0185,2022-05-01T17:42:17Z,"Direct Web Remoting vulnerable to Denial of Service","org.directwebremoting:dwr",0,1.1.4,HIGH, -CVE-2007-0450,2022-05-01T17:44:16Z,"Apache Tomcat Directory Traversal",org.apache.tomcat:tomcat,5.0,5.5.22,MODERATE,CWE-22 -CVE-2007-0450,2022-05-01T17:44:16Z,"Apache Tomcat Directory Traversal",org.apache.tomcat:tomcat,6.0,6.0.10,MODERATE,CWE-22 -CVE-2007-1358,2022-05-01T17:52:51Z,"Apache Tomcat XSS In Accept-Language Headers",org.apache.tomcat:tomcat,4.0.0,,LOW,CWE-79 -CVE-2007-1358,2022-05-01T17:52:51Z,"Apache Tomcat XSS In Accept-Language Headers",org.apache.tomcat:tomcat,4.1.0,,LOW,CWE-79 -CVE-2007-2449,2022-05-01T18:03:36Z,"Apache Tomcat XSS Vulnerabilities in Examples Web Application",org.apache.tomcat:tomcat,4.0.0,,MODERATE, -CVE-2007-2449,2022-05-01T18:03:36Z,"Apache Tomcat XSS Vulnerabilities in Examples Web Application",org.apache.tomcat:tomcat,5.0.0,,MODERATE, -CVE-2007-2449,2022-05-01T18:03:36Z,"Apache Tomcat XSS Vulnerabilities in Examples Web Application",org.apache.tomcat:tomcat,5.5.0,,MODERATE, -CVE-2007-2449,2022-05-01T18:03:36Z,"Apache Tomcat XSS Vulnerabilities in Examples Web Application",org.apache.tomcat:tomcat,6.0.0,,MODERATE, -CVE-2007-2450,2022-05-01T18:03:36Z,"Apache Tomcat vulnerable to Cross-site Scripting",org.apache.tomcat:tomcat,4.0.0,,LOW,CWE-79 -CVE-2007-2450,2022-05-01T18:03:36Z,"Apache Tomcat vulnerable to Cross-site Scripting",org.apache.tomcat:tomcat,4.1.0,4.1.37,LOW,CWE-79 -CVE-2007-2450,2022-05-01T18:03:36Z,"Apache Tomcat vulnerable to Cross-site Scripting",org.apache.tomcat:tomcat,5.0.0,,LOW,CWE-79 -CVE-2007-2450,2022-05-01T18:03:36Z,"Apache Tomcat vulnerable to Cross-site Scripting",org.apache.tomcat:tomcat,5.5.0,5.5.25,LOW,CWE-79 -CVE-2007-2450,2022-05-01T18:03:36Z,"Apache Tomcat vulnerable to Cross-site Scripting",org.apache.tomcat:tomcat,6.0.0,6.0.14,LOW,CWE-79 -CVE-2007-3382,2022-05-01T18:13:14Z,"Apache Tomcat treats single quotes as delimiters in cookies",org.apache.tomcat:tomcat,3.3.0,,MODERATE,CWE-200 -CVE-2007-3382,2022-05-01T18:13:14Z,"Apache Tomcat treats single quotes as delimiters in cookies",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-200 -CVE-2007-3382,2022-05-01T18:13:14Z,"Apache Tomcat treats single quotes as delimiters in cookies",org.apache.tomcat:tomcat,5.0.0,,MODERATE,CWE-200 -CVE-2007-3382,2022-05-01T18:13:14Z,"Apache Tomcat treats single quotes as delimiters in cookies",org.apache.tomcat:tomcat,5.5.0,,MODERATE,CWE-200 -CVE-2007-3382,2022-05-01T18:13:14Z,"Apache Tomcat treats single quotes as delimiters in cookies",org.apache.tomcat:tomcat,6.0.0,,MODERATE,CWE-200 -CVE-2007-3383,2022-05-01T18:13:14Z,"Apache Tomcat SendMailServlet XSS",org.apache.tomcat:tomcat,4.0.0,,MODERATE,CWE-80 -CVE-2007-3383,2022-05-01T18:13:14Z,"Apache Tomcat SendMailServlet XSS",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-80 -CVE-2007-3384,2022-05-01T18:13:15Z,"Apache Tomcat's CookieExample Vulnerable to XSS",org.apache.tomcat:tomcat,3.3.0,,MODERATE,CWE-80 -CVE-2007-3385,2022-05-01T18:13:14Z,"Apache Tomcat Mishandles Character Sequence in Cookies",org.apache.tomcat:tomcat,3.3.0,,MODERATE,CWE-200 -CVE-2007-3385,2022-05-01T18:13:14Z,"Apache Tomcat Mishandles Character Sequence in Cookies",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-200 -CVE-2007-3385,2022-05-01T18:13:14Z,"Apache Tomcat Mishandles Character Sequence in Cookies",org.apache.tomcat:tomcat,5.0.0,,MODERATE,CWE-200 -CVE-2007-3385,2022-05-01T18:13:14Z,"Apache Tomcat Mishandles Character Sequence in Cookies",org.apache.tomcat:tomcat,5.5.0,,MODERATE,CWE-200 -CVE-2007-3385,2022-05-01T18:13:14Z,"Apache Tomcat Mishandles Character Sequence in Cookies",org.apache.tomcat:tomcat,6.0.0,,MODERATE,CWE-200 -CVE-2007-4556,2022-05-01T18:24:47Z,"OpenSymphony XWork vulnerable to improper input validation",opensymphony:xwork,0,1.2.3,MODERATE,CWE-20 -CVE-2007-4556,2022-05-01T18:24:47Z,"OpenSymphony XWork vulnerable to improper input validation",opensymphony:xwork,2.0.0,2.0.4,MODERATE,CWE-20 -CVE-2007-4724,2022-05-01T18:26:30Z,"Apache Tomcat Example Application CSRF and XSS Vulnerabilities",org.apache.tomcat:tomcat,0,,MODERATE,CWE-352 -CVE-2007-5333,2022-05-01T18:32:19Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,4.1.37,MODERATE,CWE-200 -CVE-2007-5333,2022-05-01T18:32:19Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.26,MODERATE,CWE-200 -CVE-2007-5333,2022-05-01T18:32:19Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.15,MODERATE,CWE-200 -CVE-2007-5342,2022-05-01T18:32:22Z,"JULI logging component in Apache Tomcat does not restrict certain permissions for web applications","org.apache.tomcat:tomcat-juli",5.5.9,,MODERATE,CWE-284 -CVE-2007-5342,2022-05-01T18:32:22Z,"JULI logging component in Apache Tomcat does not restrict certain permissions for web applications","org.apache.tomcat:tomcat-juli",6.0.0,,MODERATE,CWE-284 -CVE-2007-5461,2022-05-01T18:33:34Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,4.0.0,,LOW,CWE-22 -CVE-2007-5461,2022-05-01T18:33:34Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,5.5.0,,LOW,CWE-22 -CVE-2007-5461,2022-05-01T18:33:34Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,6.0.0,,LOW,CWE-22 -CVE-2007-5613,2022-05-01T18:35:00Z,"Mortbay Jetty vulnerable to Cross-site scripting",org.mortbay.jetty:jetty,0,6.1.6,MODERATE,CWE-79 -CVE-2007-5614,2022-05-01T18:35:01Z,"Improper Authentication in Mortbay Jetty",org.mortbay.jetty:jetty,0,6.1.6,HIGH,CWE-287 -CVE-2007-5615,2022-05-01T18:35:01Z,"Mortbay Jetty CRLF Injection Vulnerability",org.mortbay.jetty:jetty,0,6.1.6rc0,MODERATE,CWE-94 -CVE-2007-6286,2022-05-01T18:41:17Z,"Apache Tomcat Does Not Properly Handle Empty Requests",org.apache.tomcat:tomcat,5.5.11,,MODERATE,CWE-200 -CVE-2007-6286,2022-05-01T18:41:17Z,"Apache Tomcat Does Not Properly Handle Empty Requests",org.apache.tomcat:tomcat,6.0.0,,MODERATE,CWE-200 -CVE-2007-6382,2022-05-01T18:42:25Z,"Robocode Arbitrary Code Execution","net.sf.robocode:robocode.core",0,1.5.1,MODERATE,CWE-94 -CVE-2007-6672,2022-05-01T18:45:22Z,"Mortbay Jetty Double Slash URI Information Disclosure Vulnerability",org.mortbay.jetty:jetty,6.1.5,6.1.7,MODERATE,CWE-22 -CVE-2007-6721,2022-05-01T18:45:52Z,"Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability","bouncycastle:bcprov-jdk14",0,1.38,HIGH,CWE-203 -CVE-2007-6721,2022-05-01T18:45:52Z,"Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability","bouncycastle:bcprov-jdk15",0,1.38,HIGH,CWE-203 -CVE-2007-6721,2022-05-01T18:45:52Z,"Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability","bouncycastle:bcprov-jdk16",0,1.38,HIGH,CWE-203 -CVE-2007-6726,2022-05-01T18:45:52Z,"Apache Struts Dojo Plugin XSS Vulnerability","org.apache.struts:struts2-dojo-plugin",0.4.1,0.4.3,MODERATE,CWE-79 -CVE-2008-0002,2022-05-01T23:27:14Z,"Apache Tomcat Sensitive Information Disclosure",org.apache.tomcat:tomcat,6.0.0,6.0.16,MODERATE,CWE-200 -CVE-2008-1232,2022-05-01T23:37:49Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,4.1.0,4.1.38,MODERATE,CWE-79 -CVE-2008-1232,2022-05-01T23:37:49Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,5.5.0,5.5.27,MODERATE,CWE-79 -CVE-2008-1232,2022-05-01T23:37:49Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,6.0.0,6.0.17,MODERATE,CWE-79 -CVE-2008-1285,2022-05-01T23:38:35Z,"Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)",com.sun.faces:jsf-api,0,1.2.08,MODERATE,CWE-79 -CVE-2008-1728,2022-05-01T23:42:48Z,"Ignite Realtime Openfire allows remote authenticated users to cause a denial of service","org.igniterealtime.openfire:openfire",0,3.5.0,MODERATE, -CVE-2008-1728,2022-05-01T23:42:48Z,"Ignite Realtime Openfire allows remote authenticated users to cause a denial of service","org.igniterealtime.openfire:parent",0,3.5.0,MODERATE, -CVE-2008-1947,2022-05-01T23:45:13Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability","org.apache.tomcat.embed:tomcat-embed-core",5.5.9,5.5.27,MODERATE,CWE-79 -CVE-2008-1947,2022-05-01T23:45:13Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability","org.apache.tomcat.embed:tomcat-embed-core",6.0.0,6.0.18,MODERATE,CWE-79 -CVE-2008-1947,2022-05-01T23:45:13Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,5.5.9,5.5.27,MODERATE,CWE-79 -CVE-2008-1947,2022-05-01T23:45:13Z,"Apache Tomcat Cross-site scripting (XSS) vulnerability",org.apache.tomcat:tomcat,6.0.0,6.0.18,MODERATE,CWE-79 -CVE-2008-2025,2022-05-01T23:46:00Z,"Apache Struts Cross-site Scripting vulnerability",struts:struts,0,1.2.9-162.31.1,MODERATE,CWE-79 -CVE-2008-2370,2022-05-01T23:49:31Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,4.1.0,4.1.38,MODERATE,CWE-22 -CVE-2008-2370,2022-05-01T23:49:31Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,5.5.0,5.5.27,MODERATE,CWE-22 -CVE-2008-2370,2022-05-01T23:49:31Z,"Apache Tomcat Path Traversal Vulnerability",org.apache.tomcat:tomcat,6.0.0,6.0.18,MODERATE,CWE-22 -CVE-2008-2938,2022-05-01T23:55:04Z,"Apache Tomcat Directory Traversal vulnerability",org.apache.tomcat:tomcat,4.1.0,4.1.39,MODERATE,CWE-22 -CVE-2008-2938,2022-05-01T23:55:04Z,"Apache Tomcat Directory Traversal vulnerability",org.apache.tomcat:tomcat,5.5.0,5.5.27,MODERATE,CWE-22 -CVE-2008-2938,2022-05-01T23:55:04Z,"Apache Tomcat Directory Traversal vulnerability",org.apache.tomcat:tomcat,6.0.0,6.0.18,MODERATE,CWE-22 -CVE-2008-4308,2022-05-02T00:08:50Z,"Apache Tomcat information disclosure vulnerability",org.apache.tomcat:tomcat,4.1.32,4.1.35,LOW,CWE-200 -CVE-2008-4308,2022-05-02T00:08:50Z,"Apache Tomcat information disclosure vulnerability",org.apache.tomcat:tomcat,5.5.10,5.5.21,LOW,CWE-200 -CVE-2008-5515,2022-05-14T01:17:23Z,"Directory Traversal in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,4.1.40,MODERATE,CWE-22 -CVE-2008-5515,2022-05-14T01:17:23Z,"Directory Traversal in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.28,MODERATE,CWE-22 -CVE-2008-5515,2022-05-14T01:17:23Z,"Directory Traversal in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.20,MODERATE,CWE-22 -CVE-2008-5518,2022-05-14T02:40:10Z,"Apache Geronimo Application Server multiple directory traversal vulnerabilities","org.apache.geronimo.plugins:console",2.1.0,2.1.4,HIGH,CWE-22 -CVE-2008-5720,2022-05-17T02:17:15Z,"Mayaa Cross-site Scripting vulnerability ","com.github.seasarorg.mayaa:mayaa",0,1.1.23,MODERATE,CWE-79 -CVE-2008-6504,2022-05-17T02:11:15Z,"Improper Input Validation in OpenSymphony XWork",com.opensymphony:xwork,0,2.0.6,MODERATE,CWE-20 -CVE-2008-6504,2022-05-17T02:11:15Z,"Improper Input Validation in OpenSymphony XWork",com.opensymphony:xwork,2.1.0,2.1.2,MODERATE,CWE-20 -CVE-2008-6505,2022-05-17T05:52:21Z,"Apache Struts directory traversal vulnerability","org.apache.struts:struts2-core",2.0.0,2.0.12,MODERATE,CWE-22 -CVE-2008-6505,2022-05-17T05:52:21Z,"Apache Struts directory traversal vulnerability","org.apache.struts:struts2-core",2.1.0,2.1.3,MODERATE,CWE-22 -CVE-2008-6682,2022-05-17T05:52:45Z,"Apache Struts is vulnerable to Cross-site Scripting","org.apache.struts:struts2-core",2.0.0,2.0.11.1,MODERATE,CWE-79 -CVE-2008-6682,2022-05-17T05:52:45Z,"Apache Struts is vulnerable to Cross-site Scripting","org.apache.struts:struts2-core",2.1.0,2.1.1,MODERATE,CWE-79 -CVE-2008-7227,2022-05-17T05:51:58Z,"PartialBufferOutputStream2 flush issues","org.geoserver.web:gs-web-app",0,1.6.1,MODERATE,CWE-119 -CVE-2008-7227,2022-05-17T05:51:58Z,"PartialBufferOutputStream2 flush issues",org.geoserver:gs-main,0,1.6.1,MODERATE,CWE-119 -CVE-2009-0026,2022-05-02T03:12:28Z,"Apache Jackrabbit contains Cross-site Scripting","org.apache.jackrabbit:jackrabbit",0,1.5.2,MODERATE,CWE-79 -CVE-2009-0033,2022-05-02T03:12:29Z,"Apache Tomcat Denial of Service via Malformed Request Headers",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-20;CWE-400 -CVE-2009-0033,2022-05-02T03:12:29Z,"Apache Tomcat Denial of Service via Malformed Request Headers",org.apache.tomcat:tomcat,5.5.0,,MODERATE,CWE-20;CWE-400 -CVE-2009-0033,2022-05-02T03:12:29Z,"Apache Tomcat Denial of Service via Malformed Request Headers",org.apache.tomcat:tomcat,6.0.0,,MODERATE,CWE-20;CWE-400 -CVE-2009-0038,2022-05-02T03:12:29Z,"Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities","org.apache.geronimo.plugins:console",2.1.0,2.1.4,MODERATE,CWE-79 -CVE-2009-0039,2022-05-02T03:12:31Z,"Apache Geronimo Application Server CSRF vulnerabilities","org.apache.geronimo.plugins:console",0,2.1.4,MODERATE,CWE-352 -CVE-2009-0217,2022-05-02T03:13:38Z,"Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation","org.apache.santuario:xmlsec",1.4.0,1.4.3,MODERATE, -CVE-2009-0580,2022-05-02T03:16:43Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,4.1.40,MODERATE,CWE-200 -CVE-2009-0580,2022-05-02T03:16:43Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,5.0.0,5.5.28,MODERATE,CWE-200 -CVE-2009-0580,2022-05-02T03:16:43Z,"Exposure of Sensitive Information in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.19,MODERATE,CWE-200 -CVE-2009-0781,2022-05-02T03:18:14Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-79 -CVE-2009-0781,2022-05-02T03:18:14Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,,MODERATE,CWE-79 -CVE-2009-0781,2022-05-02T03:18:14Z,"Cross-site scripting in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.20,MODERATE,CWE-79 -CVE-2009-0783,2022-05-02T03:18:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,4.1.0,,MODERATE,CWE-200 -CVE-2009-0783,2022-05-02T03:18:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,,MODERATE,CWE-200 -CVE-2009-0783,2022-05-02T03:18:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.20,MODERATE,CWE-200 -CVE-2009-1190,2022-05-02T03:22:35Z,"Spring Framework Inefficient Regular Expression Complexity","org.springframework:spring-core",1.1.0,3.0.0.RELEASE,MODERATE,CWE-1333 -CVE-2009-1275,2022-05-02T03:23:16Z,"Apache Tiles Vulnerable to XSS via EL Expression Injection","org.apache.tiles:tiles-core",2.1,2.1.2,MODERATE,CWE-87;CWE-917 -CVE-2009-1523,2022-05-02T03:26:04Z,"Directory traversal in Mort Bay Jetty",org.mortbay.jetty:jetty,0,6.1.17,MODERATE,CWE-22 -CVE-2009-1523,2022-05-02T03:26:04Z,"Directory traversal in Mort Bay Jetty",org.mortbay.jetty:jetty,7.0.0.M0,7.0.0.M2,MODERATE,CWE-22 -CVE-2009-1595,2022-05-02T03:26:40Z,"Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts","org.igniterealtime.openfire:parent",0,3.6.4,MODERATE,CWE-287 -CVE-2009-2625,2020-06-15T18:51:30Z,"Denial of service in Apache Xerces2",xerces:xercesImpl,0,2.10.0,MODERATE, -CVE-2009-2693,2022-05-02T03:37:48Z,"Apache Tomcat Directory Traversal vulnerability",org.apache.tomcat:tomcat,5.5.0,5.5.29,MODERATE,CWE-22 -CVE-2009-2693,2022-05-02T03:37:48Z,"Apache Tomcat Directory Traversal vulnerability",org.apache.tomcat:tomcat,6.0.0,6.0.24,MODERATE,CWE-22 -CVE-2009-2901,2022-05-02T03:39:47Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.29,MODERATE,CWE-287 -CVE-2009-2901,2022-05-02T03:39:47Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.24,MODERATE,CWE-287 -CVE-2009-2902,2022-05-02T03:39:48Z,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.29,MODERATE,CWE-22 -CVE-2009-2902,2022-05-02T03:39:48Z,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.24,MODERATE,CWE-22 -CVE-2009-3555,2022-05-02T03:46:22Z,"Apache Tomcat affected by vulnerability in TLS and SSL protocol",org.apache.tomcat:tomcat,5.0.0,5.5.33,MODERATE,CWE-295 -CVE-2009-3555,2022-05-02T03:46:22Z,"Apache Tomcat affected by vulnerability in TLS and SSL protocol",org.apache.tomcat:tomcat,6.0.0,6.0.32,MODERATE,CWE-295 -CVE-2009-3555,2022-05-02T03:46:22Z,"Apache Tomcat affected by vulnerability in TLS and SSL protocol",org.apache.tomcat:tomcat,7.0.0,7.0.10,MODERATE,CWE-295 -CVE-2009-4269,2022-05-02T03:53:13Z,"Use of Password Hash With Insufficient Computational Effort in Apache Derby",org.apache.derby:derby,0,10.6.1.0,MODERATE,CWE-916 -CVE-2009-4611,2022-05-02T03:56:13Z,"Improper input validation in Mort Bay Jetty",org.mortbay.jetty:jetty,6.0.0,6.1.23,HIGH,CWE-20 -CVE-2009-4611,2022-05-02T03:56:13Z,"Improper input validation in Mort Bay Jetty",org.mortbay.jetty:jetty,7.0.0,7.0.2,HIGH,CWE-20 -CVE-2010-0684,2022-05-02T06:14:45Z,"Cross-site scripting in Apache ActiveMQ","org.apache.activemq:activemq-parent",0,5.3.1,LOW,CWE-79 -CVE-2010-10006,2023-01-18T00:30:18Z,"Observable timing discrepancy in JOpenId",org.expressme:JOpenId,0,1.08,HIGH,CWE-203;CWE-208 -CVE-2010-1157,2022-05-02T06:19:37Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.30,MODERATE,CWE-200 -CVE-2010-1157,2022-05-02T06:19:37Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.28,MODERATE,CWE-200 -CVE-2010-1244,2022-05-02T06:20:35Z,"Cross-site request forgery in Apache ActiveMQ","org.apache.activemq:activemq-parent",0,5.3.1,MODERATE,CWE-352 -CVE-2010-1330,2022-05-02T06:21:36Z,"Cross-site Scripting in in JRuby",org.jruby:jruby-core,0,1.4.1,MODERATE,CWE-79 -CVE-2010-1587,2022-05-14T02:45:01Z,"Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler","org.apache.activemq:activemq-web-console",5.0.0,5.3.2,MODERATE,CWE-20 -CVE-2010-1622,2022-05-17T03:28:34Z,"Improper Control of Generation of Code ('Code Injection') in Spring Framework","org.springframework:spring",2.5.0,2.5.7,MODERATE,CWE-94 -CVE-2010-1622,2022-05-17T03:28:34Z,"Improper Control of Generation of Code ('Code Injection') in Spring Framework","org.springframework:spring",3.0.0,3.0.3,MODERATE,CWE-94 -CVE-2010-1632,2022-05-17T02:22:43Z,"Improper Input Validation in Apache Axis2","org.apache.axis2.wso2:axis2",0,1.5.2,HIGH,CWE-20 -CVE-2010-1870,2022-05-13T01:14:26Z,"Server side object manipulation in Apache Struts","org.apache.struts:struts2-core",0,2.2.1,MODERATE, -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.core:myfaces-impl",1.1.0,1.1.8,MODERATE,CWE-287 -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.core:myfaces-impl",1.2.0,1.2.9,MODERATE,CWE-287 -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.core:myfaces-impl",2.0.0,2.0.1,MODERATE,CWE-287 -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.shared:myfaces-shared-core",1.1.0,1.1.8,MODERATE,CWE-287 -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.shared:myfaces-shared-core",1.2.0,1.2.9,MODERATE,CWE-287 -CVE-2010-2057,2022-05-17T05:45:54Z,"Improper Authentication in Apache MyFaces","org.apache.myfaces.shared:myfaces-shared-core",2.0.0,2.0.1,MODERATE,CWE-287 -CVE-2010-2076,2022-05-13T01:09:23Z,"Improper Input Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.0.0,2.0.13,HIGH,CWE-20 -CVE-2010-2076,2022-05-13T01:09:23Z,"Improper Input Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.1.0,2.1.10,HIGH,CWE-20 -CVE-2010-2076,2022-05-13T01:09:23Z,"Improper Input Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.2.0,2.2.9,HIGH,CWE-20 -CVE-2010-2086,2022-05-17T05:50:42Z,"Apache MyFaces Cross-site Scripting vulnerability","org.apache.myfaces.core:myfaces-core-module",0,,MODERATE,CWE-79 -CVE-2010-2086,2022-05-17T05:50:42Z,"Apache MyFaces Cross-site Scripting vulnerability","org.apache.myfaces.core:myfaces-core-module",1.2.0,,MODERATE,CWE-79 -CVE-2010-2103,2022-05-14T02:44:30Z,"Improper Neutralization of Input During Web Page Generation in Apache Axis2","org.apache.axis2.wso2:axis2",1.4.1,1.6.0,MODERATE,CWE-79 -CVE-2010-2227,2022-05-14T01:17:03Z,"Apache Tomcat does not properly handle an invalid Transfer-Encoding header",org.apache.tomcat:tomcat,5.5.0,5.5.30,MODERATE,CWE-119 -CVE-2010-2227,2022-05-14T01:17:03Z,"Apache Tomcat does not properly handle an invalid Transfer-Encoding header",org.apache.tomcat:tomcat,6.0.0,6.0.28,MODERATE,CWE-119 -CVE-2010-2227,2022-05-14T01:17:03Z,"Apache Tomcat does not properly handle an invalid Transfer-Encoding header",org.apache.tomcat:tomcat,7.0.0,7.0.2,MODERATE,CWE-119 -CVE-2010-2232,2022-05-17T00:29:52Z,"Improper Access Control in Apache Derby",org.apache.derby:derby,10.1.2.1,10.4.2.0,HIGH,CWE-284 -CVE-2010-2274,2022-05-17T05:50:10Z,"Dojo Open Redirect vulnerability",org.dojotoolkit:dojo,1.0.0,1.0.3,MODERATE,CWE-601 -CVE-2010-2274,2022-05-17T05:50:10Z,"Dojo Open Redirect vulnerability",org.dojotoolkit:dojo,1.1.0,1.1.2,MODERATE,CWE-601 -CVE-2010-2274,2022-05-17T05:50:10Z,"Dojo Open Redirect vulnerability",org.dojotoolkit:dojo,1.2.0,1.2.4,MODERATE,CWE-601 -CVE-2010-2274,2022-05-17T05:50:10Z,"Dojo Open Redirect vulnerability",org.dojotoolkit:dojo,1.3.0,1.3.3,MODERATE,CWE-601 -CVE-2010-2274,2022-05-17T05:50:10Z,"Dojo Open Redirect vulnerability",org.dojotoolkit:dojo,1.4.0,1.4.2,MODERATE,CWE-601 -CVE-2010-3300,2021-08-13T15:22:24Z,"Padding oracle attacks",org.owasp.esapi:esapi,0,2.0GA,MODERATE,CWE-649 -CVE-2010-3700,2022-05-14T02:43:11Z,"Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security","org.acegisecurity:acegi-security",1.0.0,,MODERATE,CWE-288 -CVE-2010-3700,2022-05-14T02:43:11Z,"Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security","org.springframework.security:spring-security-core",2.0.0,2.0.6,MODERATE,CWE-288 -CVE-2010-3700,2022-05-14T02:43:11Z,"Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security","org.springframework.security:spring-security-core",3.0.0,3.0.4,MODERATE,CWE-288 -CVE-2010-3708,2022-05-17T05:45:03Z,"Drools Improper Input Validation vulnerability allows remote attackers to execute arbitrary code in JBoss EAP",org.drools:drools-core,0,4.0.7,HIGH,CWE-20 -CVE-2010-3718,2022-05-14T01:17:02Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.30,LOW,CWE-22 -CVE-2010-3718,2022-05-14T01:17:02Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.30,LOW,CWE-22 -CVE-2010-3718,2022-05-14T01:17:02Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.4,LOW,CWE-22 -CVE-2010-3863,2022-05-14T02:42:51Z,"Apache Shiro Path Traversal vulnerability","org.apache.shiro:shiro-root",0,1.1.0,MODERATE,CWE-22 -CVE-2010-4172,2022-05-14T02:42:46Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.12,,MODERATE,CWE-79 -CVE-2010-4172,2022-05-14T02:42:46Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.5,MODERATE,CWE-79 -CVE-2010-4312,2022-05-14T02:42:23Z,"Apache Tomcat has cookies without HTTPOnly flag in Set-Cookie header",org.apache.tomcat:tomcat,6.0.0,6.0.35,MODERATE,CWE-1004 -CVE-2010-4476,2022-05-14T02:16:07Z,"Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment",org.apache.tomcat:tomcat,5.5.0,5.5.33,MODERATE, -CVE-2010-4476,2022-05-14T02:16:07Z,"Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment",org.apache.tomcat:tomcat,6.0.0,6.0.32,MODERATE, -CVE-2010-4476,2022-05-14T02:16:07Z,"Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment",org.apache.tomcat:tomcat,7.0.0,7.0.7,MODERATE, -CVE-2010-5312,2017-10-24T18:33:38Z,"Cross-site Scripting in jquery-ui","org.webjars.npm:jquery-ui",1.7.0,1.10.0,MODERATE,CWE-79 -CVE-2010-5327,2022-05-17T03:05:00Z,"Shell command injection in Liferay Portal","com.liferay.portal:portal-impl",0,6.2.11,HIGH, -CVE-2010-5327,2022-05-17T03:05:00Z,"Shell command injection in Liferay Portal","com.liferay.portal:portal-service",0,6.2.11,HIGH, -CVE-2011-0013,2022-05-03T03:25:09Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.32,MODERATE,CWE-79 -CVE-2011-0013,2022-05-03T03:25:09Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.30,MODERATE,CWE-79 -CVE-2011-0013,2022-05-03T03:25:09Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.6,MODERATE,CWE-79 -CVE-2011-0534,2022-05-14T02:56:35Z,"Apache Tomcat does not enforce the maxHttpHeaderSize limit",org.apache.tomcat:tomcat,6.0.0,6.0.32,HIGH, -CVE-2011-0534,2022-05-14T02:56:35Z,"Apache Tomcat does not enforce the maxHttpHeaderSize limit",org.apache.tomcat:tomcat,7.0.0,7.0.8,HIGH, -CVE-2011-1088,2022-05-14T02:56:11Z,"Apache Tomcat allows remote attackers to bypass intended access restrictions",org.apache.tomcat:tomcat,7.0.0,7.0.10,MODERATE, -CVE-2011-1183,2022-05-14T02:56:10Z,"Access controll bypass in Apache Tomcat",org.apache.tomcat:tomcat,7.0.11,7.0.12,MODERATE, -CVE-2011-1184,2022-05-14T01:17:02Z,"Authentication Bypass in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.34,MODERATE, -CVE-2011-1184,2022-05-14T01:17:02Z,"Authentication Bypass in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE, -CVE-2011-1184,2022-05-14T01:17:02Z,"Authentication Bypass in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.12,MODERATE, -CVE-2011-1411,2022-05-17T05:02:41Z,"Improper Authentication in OpenSAML",org.opensaml:opensaml,2.4.0,2.4.3,MODERATE,CWE-287 -CVE-2011-1411,2022-05-17T05:02:41Z,"Improper Authentication in OpenSAML",org.opensaml:opensaml,2.5.0,2.5.1,MODERATE,CWE-287 -CVE-2011-1419,2022-05-17T02:00:34Z,"Apache Tomcat does not follow ServletSecurity annotations",org.apache.tomcat:tomcat,7.0,7.0.11,MODERATE,CWE-284 -CVE-2011-1475,2022-05-17T01:01:49Z,"Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users",org.apache.tomcat:tomcat,7.0.0,7.0.12,MODERATE,CWE-20 -CVE-2011-1483,2022-05-13T01:39:29Z,"JBossWS vulnerable to uncontrolled recursion","org.jboss.ws:jbossws-common",0,2.1.0.Final,LOW,CWE-400 -CVE-2011-1498,2022-05-17T05:39:03Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient","org.apache.httpcomponents:httpclient",4.0.0,4.1.1,MODERATE,CWE-200 -CVE-2011-1582,2022-05-14T02:55:47Z,"Access restriction bypass in Apache Tomcat",org.apache.tomcat:tomcat,7.0.12,7.0.14,MODERATE, -CVE-2011-1772,2022-05-17T05:35:28Z,"Cross-site Scripting in Apache Struts","org.apache.struts:struts2-core",0,2.2.3,LOW,CWE-79 -CVE-2011-2087,2022-05-17T05:41:08Z,"Apache Struts Multiple XSS Vulnerabilities","org.apache.struts:struts2-parent",0,2.2.3,MODERATE,CWE-79 -CVE-2011-2088,2022-05-14T02:55:17Z,"XWork in Apache Struts Reveals Sensitive Information","org.apache.struts.xwork:xwork-core",0,2.2.2,MODERATE,CWE-200 -CVE-2011-2204,2022-05-14T01:17:03Z,"Insertion of Sensitive Information into Log File in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.34,MODERATE,CWE-200;CWE-532 -CVE-2011-2204,2022-05-14T01:17:03Z,"Insertion of Sensitive Information into Log File in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE,CWE-200;CWE-532 -CVE-2011-2204,2022-05-14T01:17:03Z,"Insertion of Sensitive Information into Log File in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.19,MODERATE,CWE-200;CWE-532 -CVE-2011-2481,2022-05-17T02:44:28Z,"Apache Tomcat Allows Replacing of XML Parser",org.apache.tomcat:tomcat,7.0.0,7.0.17,MODERATE,CWE-200 -CVE-2011-2487,2022-04-22T00:24:28Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J","org.apache.ws.security:wss4j",0,1.6.5,MODERATE,CWE-327 -CVE-2011-2526,2022-05-14T01:17:03Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,0,5.5.34,MODERATE,CWE-20 -CVE-2011-2526,2022-05-14T01:17:03Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE,CWE-20 -CVE-2011-2526,2022-05-14T01:17:03Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.19,MODERATE,CWE-20 -CVE-2011-2730,2022-05-17T02:16:01Z,"Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework","org.springframework:spring-core",0,2.5.6.SEC03,HIGH, -CVE-2011-2730,2022-05-17T02:16:01Z,"Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework","org.springframework:spring-core",2.5.7.SR0,2.5.7.SR023,HIGH, -CVE-2011-2730,2022-05-17T02:16:01Z,"Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework","org.springframework:spring-core",3.0.0,3.0.6,HIGH, -CVE-2011-2731,2022-05-17T04:59:50Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security","org.springframework.security:spring-security-core",0,2.0.7,MODERATE,CWE-362 -CVE-2011-2731,2022-05-17T04:59:50Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Spring Security","org.springframework.security:spring-security-core",3.0.0,3.0.6,MODERATE,CWE-362 -CVE-2011-2732,2022-05-17T05:18:15Z,"Improper Control of Generation of Code in Spring Security","org.springframework.security:spring-security-core",0,2.0.7,MODERATE,CWE-94 -CVE-2011-2732,2022-05-17T05:18:15Z,"Improper Control of Generation of Code in Spring Security","org.springframework.security:spring-security-core",3.0.0,3.0.6,MODERATE,CWE-94 -CVE-2011-2894,2022-05-14T02:54:56Z,"Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data","org.springframework.security:spring-security-core",2.0.0,2.0.7,MODERATE,CWE-502 -CVE-2011-2894,2022-05-14T02:54:56Z,"Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data","org.springframework.security:spring-security-core",3.0.0,3.0.6,MODERATE,CWE-502 -CVE-2011-2894,2022-05-14T02:54:56Z,"Spring Framework and Spring Security vulnerable to Deserialization of Untrusted Data","org.springframework:spring-core",3.0.0,3.0.6,MODERATE,CWE-502 -CVE-2011-3190,2022-05-14T01:17:02Z,"Apache Tomcat Allows Remote Attackers to Spoof AJP Requests",org.apache.tomcat:tomcat,5.0.0,5.5.34,HIGH,CWE-287 -CVE-2011-3190,2022-05-14T01:17:02Z,"Apache Tomcat Allows Remote Attackers to Spoof AJP Requests",org.apache.tomcat:tomcat,6.0.0,6.0.34,HIGH,CWE-287 -CVE-2011-3190,2022-05-14T01:17:02Z,"Apache Tomcat Allows Remote Attackers to Spoof AJP Requests",org.apache.tomcat:tomcat,7.0.0,7.0.21,HIGH,CWE-287 -CVE-2011-3375,2022-05-17T05:33:28Z,"Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests",org.apache.tomcat:tomcat,6.0.30,6.0.35,MODERATE,CWE-200 -CVE-2011-3375,2022-05-17T05:33:28Z,"Apache Tomcat Exposes IP Addresses and HTTP Headers of Requests",org.apache.tomcat:tomcat,7.0,7.0.22,MODERATE,CWE-200 -CVE-2011-3923,2022-04-22T00:24:08Z,"Struts ParameterInterceptor vulnerability allows remote command execution","org.apache.struts:struts2-core",2.0.0,2.3.1.2,CRITICAL,CWE-732;CWE-94 -CVE-2011-4343,2022-05-17T00:29:01Z,"Apache MyFaces Vulnerable to EL Injection","org.apache.myfaces.core:myfaces-core-module",2.0.1,2.0.11,HIGH,CWE-200;CWE-917 -CVE-2011-4343,2022-05-17T00:29:01Z,"Apache MyFaces Vulnerable to EL Injection","org.apache.myfaces.core:myfaces-core-module",2.1.0,2.1.5,HIGH,CWE-200;CWE-917 -CVE-2011-4367,2022-05-13T01:24:34Z,"Apache MyFaces Vulnerable to Path Traversal","org.apache.myfaces.core:myfaces-impl",2.0.0,2.0.12,MODERATE,CWE-22 -CVE-2011-4367,2022-05-13T01:24:34Z,"Apache MyFaces Vulnerable to Path Traversal","org.apache.myfaces.core:myfaces-impl",2.1.0,2.1.6,MODERATE,CWE-22 -CVE-2011-4457,2022-05-17T05:36:48Z,"OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled","com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer",0,88,LOW,CWE-200 -CVE-2011-4461,2022-05-14T01:27:35Z,"Improper Input Validation in Jetty","org.eclipse.jetty:jetty-server",0,8.1.0.RC4,MODERATE,CWE-20 -CVE-2011-4858,2022-05-14T03:52:45Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.35,MODERATE,CWE-20 -CVE-2011-4858,2022-05-14T03:52:45Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.35,MODERATE,CWE-20 -CVE-2011-4858,2022-05-14T03:52:45Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.23,MODERATE,CWE-20 -CVE-2011-4905,2022-05-17T05:35:59Z,"Denial of Service in Apache ActiveMQ","org.apache.activemq:activemq-core",0,5.6.0,MODERATE, -CVE-2011-4969,2022-05-14T01:09:51Z,"jQuery vulnerable to Cross-Site Scripting (XSS)",org.webjars.npm:jquery,0,1.6.3,MODERATE,CWE-79 -CVE-2011-5034,2022-05-13T01:07:39Z,"Apache Geronimo Hash Collisions Cause DoS","org.apache.geronimo:geronimo",0,2.2.1,HIGH,CWE-400 -CVE-2011-5036,2022-05-17T04:59:13Z,"Rack Gem Subject to Denial of Service via Hash Collisions",org.jruby:jruby-parent,0,1.6.5.1,MODERATE,CWE-328;CWE-400 -CVE-2011-5062,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.34,MODERATE,CWE-287 -CVE-2011-5062,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE,CWE-287 -CVE-2011-5062,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.12,MODERATE,CWE-287 -CVE-2011-5063,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.34,MODERATE,CWE-287 -CVE-2011-5063,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE,CWE-287 -CVE-2011-5063,2022-05-14T01:17:03Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.12,MODERATE,CWE-287 -CVE-2011-5064,2022-05-14T01:17:03Z,"Use of Hard-coded Cryptographic Key in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.34,MODERATE,CWE-321 -CVE-2011-5064,2022-05-14T01:17:03Z,"Use of Hard-coded Cryptographic Key in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.33,MODERATE,CWE-321 -CVE-2011-5064,2022-05-14T01:17:03Z,"Use of Hard-coded Cryptographic Key in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.12,MODERATE,CWE-321 -CVE-2011-5245,2022-05-17T01:50:09Z,"Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy","org.jboss.resteasy:resteasy-jaxb-provider",0,2.3.2,MODERATE,CWE-200 -CVE-2012-0022,2022-05-04T00:27:43Z,"Denial of Service in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.35,MODERATE, -CVE-2012-0022,2022-05-04T00:27:43Z,"Denial of Service in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.34,MODERATE, -CVE-2012-0022,2022-05-04T00:27:43Z,"Denial of Service in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.23,MODERATE, -CVE-2012-0213,2022-05-04T00:28:50Z,"Denial of Service in Apache POI","org.apache.poi:poi-scratchpad",0,3.10-beta1,MODERATE,CWE-400 -CVE-2012-0213,2022-05-04T00:28:50Z,"Denial of Service in Apache POI",org.apache.poi:poi,0,3.10-beta1,MODERATE,CWE-400 -CVE-2012-0391,2022-05-04T00:29:43Z,"Apache Struts Remote Java Code Execution","org.apache.struts.xwork:xwork-core",0,2.2.3.1,HIGH,CWE-20 -CVE-2012-0391,2022-05-04T00:29:43Z,"Apache Struts Remote Java Code Execution","org.apache.struts:struts2-core",0,2.2.3.1,HIGH,CWE-20 -CVE-2012-0392,2022-05-04T00:29:43Z,"Apache Struts's CookieInterceptor component does not use the parameter-name whitelist","org.apache.struts.xwork:xwork-core",0,2.2.3.1,MODERATE, -CVE-2012-0392,2022-05-04T00:29:43Z,"Apache Struts's CookieInterceptor component does not use the parameter-name whitelist","org.apache.struts:struts2-core",0,2.2.3.1,MODERATE, -CVE-2012-0393,2022-05-04T00:29:43Z,"Apache Struts's ParameterInterceptor component does not prevent access to public constructors","org.apache.struts.xwork:xwork-core",0,2.2.3.1,MODERATE, -CVE-2012-0393,2022-05-04T00:29:43Z,"Apache Struts's ParameterInterceptor component does not prevent access to public constructors","org.apache.struts:struts2-core",0,2.3.1.1,MODERATE, -CVE-2012-0394,2022-05-04T00:29:43Z,"Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode","org.apache.struts.xwork:xwork-core",0,2.3.18,MODERATE,CWE-94 -CVE-2012-0785,2022-04-23T00:40:48Z,"Hash collision attack vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,1.424.2,HIGH, -CVE-2012-0785,2022-04-23T00:40:48Z,"Hash collision attack vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",1.425,1.447,HIGH, -CVE-2012-0803,2022-05-13T01:09:22Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.4.0,2.4.6,CRITICAL,CWE-287 -CVE-2012-0803,2022-05-13T01:09:22Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.5.0,2.5.2,CRITICAL,CWE-287 -CVE-2012-0818,2022-05-17T01:49:58Z,"Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy","org.jboss.resteasy:resteasy-client",0,2.3.1,MODERATE,CWE-200 -CVE-2012-0838,2022-05-14T01:51:59Z,"Apache Struts Code injection due to conversion error","org.apache.struts.xwork:xwork-core",0,2.2.3.1,HIGH,CWE-20 -CVE-2012-0838,2022-05-14T01:51:59Z,"Apache Struts Code injection due to conversion error","org.apache.struts:struts2-core",0,2.2.3.1,HIGH,CWE-20 -CVE-2012-0881,2020-06-15T18:51:38Z,"Denial of service in Apache Xerces2",xerces:xercesImpl,0,2.12.0,HIGH,CWE-400 -CVE-2012-1006,2022-05-17T01:49:11Z,"Apache Struts Multiple Cross-site Scripting Vulnerabilities","org.apache.struts:struts2-parent",0,2.1.2,MODERATE,CWE-79 -CVE-2012-1006,2022-05-17T01:49:11Z,"Apache Struts Multiple Cross-site Scripting Vulnerabilities","org.apache.struts:struts2-parent",2.2,2.2.3.1,MODERATE,CWE-79 -CVE-2012-1007,2022-05-14T02:21:24Z,"Apache Struts XSS","org.apache.struts:struts-core",0,,MODERATE,CWE-79 -CVE-2012-1007,2022-05-14T02:21:24Z,"Apache Struts XSS",struts:struts,0,,MODERATE,CWE-79 -CVE-2012-1094,2022-04-23T00:40:48Z,"JBoss AS may expose root content if excluded-contexts list is mismatched","org.jboss.as:jboss-as-server",7.0.0.Alpha1,7.1.1.Final,HIGH,CWE-200 -CVE-2012-1154,2022-05-17T05:18:47Z,"Improper Access Control in JBoss mod_cluster","org.jboss.mod_cluster:mod_cluster",1.1.0,1.1.4,MODERATE,CWE-284 -CVE-2012-1574,2022-05-17T02:54:07Z,"Apache Hadoop allows impersonation of arbitrary cluster user accounts","org.apache.hadoop:hadoop-main",0.23,0.23.2,MODERATE,CWE-287 -CVE-2012-1574,2022-05-17T02:54:07Z,"Apache Hadoop allows impersonation of arbitrary cluster user accounts","org.apache.hadoop:hadoop-main",1.0,1.0.2,MODERATE,CWE-287 -CVE-2012-1592,2022-04-23T00:40:23Z,"Unrestricted Upload of File with Dangerous Type in Apache Struts2","org.apache.struts:struts2-core",2.0,2.5.22,HIGH,CWE-434 -CVE-2012-1618,2022-05-17T05:20:42Z,"Unescaped parameters in the PostgreSQL JDBC driver","org.postgresql:postgresql",0,8.2,HIGH, -CVE-2012-2098,2022-05-13T01:07:05Z,"Uncontrolled Resource Consumption in Apache Commons Compress","org.apache.commons:commons-compress",0,1.4.1,MODERATE,CWE-400 -CVE-2012-2138,2022-05-17T05:28:00Z,"Apache Sling POST Servlets Denial of Service Vulnerability","org.apache.sling:org.apache.sling.servlets.post",0,2.1.2,MODERATE,CWE-400 -CVE-2012-2378,2022-05-13T01:09:22Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.4.5,2.4.8,MODERATE,CWE-287 -CVE-2012-2378,2022-05-13T01:09:22Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.5.1,2.5.3,MODERATE,CWE-287 -CVE-2012-2378,2022-05-13T01:09:22Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.6.0,2.6.1,MODERATE,CWE-287 -CVE-2012-2379,2022-05-13T01:09:22Z,"XML Signature/Encryption Not Validated in Apache CXF",org.apache.cxf:cxf,2.4.0,2.4.8,HIGH, -CVE-2012-2379,2022-05-13T01:09:22Z,"XML Signature/Encryption Not Validated in Apache CXF",org.apache.cxf:cxf,2.5.0,2.5.4,HIGH, -CVE-2012-2379,2022-05-13T01:09:22Z,"XML Signature/Encryption Not Validated in Apache CXF",org.apache.cxf:cxf,2.6.0,2.6.1,HIGH, -CVE-2012-2945,2022-04-23T00:40:07Z,"Hadoop symlink vulnerability","org.apache.hadoop:hadoop-main",0,1.0.4,HIGH,CWE-377;CWE-59 -CVE-2012-3353,2022-05-14T03:46:15Z,"Apache Sling JCR ContentLoader XmlReader Arbitrary File Load","org.apache.sling:org.apache.sling.jcr.contentloader",0,2.1.6,HIGH,CWE-200 -CVE-2012-3376,2022-05-17T02:54:07Z,"Client BlockTokens not checked in Apache Hadoop","org.apache.hadoop:hadoop-client",2.0.0-alpha,2.0.1-alpha,HIGH, -CVE-2012-3428,2022-05-17T05:17:01Z,"User confusion in IronJacamar","org.jboss.ironjacamar:ironjacamar-jdbc",0,1.0.12.Final,MODERATE, -CVE-2012-3451,2022-05-13T01:09:21Z,"Remote web-service operation execution in Apache CXF",org.apache.cxf:cxf,0,2.4.9,HIGH,CWE-20 -CVE-2012-3451,2022-05-13T01:09:21Z,"Remote web-service operation execution in Apache CXF",org.apache.cxf:cxf,2.5.0,2.5.5,HIGH,CWE-20 -CVE-2012-3451,2022-05-13T01:09:21Z,"Remote web-service operation execution in Apache CXF",org.apache.cxf:cxf,2.6.0,2.6.2,HIGH,CWE-20 -CVE-2012-3467,2022-05-17T01:44:00Z,"Apache QPID Allows Remote Authentication Bypass","org.apache.qpid:qpid-parent",0,0.17,MODERATE,CWE-287 -CVE-2012-3536,2022-05-14T03:37:10Z,"Apache James Hupa Webmail application Cross-site Scripting Vulnerabilities","org.apache.james.hupa:hupa-parent",0,0.0.3,MODERATE,CWE-79 -CVE-2012-3546,2022-05-17T00:59:04Z,"Authentication Bypass in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.36,MODERATE,CWE-287 -CVE-2012-3546,2022-05-17T00:59:04Z,"Authentication Bypass in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.30,MODERATE,CWE-287 -CVE-2012-4386,2022-05-17T01:42:17Z,"Cross-Site Request Forgery in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.4.1,MODERATE,CWE-352 -CVE-2012-4387,2022-05-17T01:42:17Z,"Denial of service in Apache Struts","org.apache.struts.xwork:xwork-core",2.0.0,2.3.4.1,MODERATE, -CVE-2012-4418,2022-05-17T05:16:12Z,"Apache Axis2 Vulnerable to XML Signature wrapping attack",org.apache.axis2:axis2,0,1.7.9,MODERATE,CWE-287 -CVE-2012-4431,2022-05-17T00:57:51Z,"Cross-Site Request Forgery in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.36,MODERATE,CWE-352 -CVE-2012-4431,2022-05-17T00:57:51Z,"Cross-Site Request Forgery in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.32,MODERATE,CWE-352 -CVE-2012-4446,2022-05-17T05:13:24Z,"Improper Authentication in Apache Qpid","org.apache.qpid:qpid-client",0,0.20,MODERATE,CWE-287 -CVE-2012-4449,2022-05-17T00:22:31Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop","org.apache.hadoop:hadoop-client",0,0.23.4,CRITICAL,CWE-327 -CVE-2012-4449,2022-05-17T00:22:31Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop","org.apache.hadoop:hadoop-client",1.0.0,1.0.4,CRITICAL,CWE-327 -CVE-2012-4449,2022-05-17T00:22:31Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop","org.apache.hadoop:hadoop-client",2.0.0,2.0.2,CRITICAL,CWE-327 -CVE-2012-5055,2022-05-17T05:17:30Z,"Exposure of Sensitive Information to an Unauthorized Actor in Spring Security","org.springframework.security:spring-security-core",0,2.0.8,MODERATE,CWE-200 -CVE-2012-5055,2022-05-17T05:17:30Z,"Exposure of Sensitive Information to an Unauthorized Actor in Spring Security","org.springframework.security:spring-security-core",3.0.0,3.0.8,MODERATE,CWE-200 -CVE-2012-5055,2022-05-17T05:17:30Z,"Exposure of Sensitive Information to an Unauthorized Actor in Spring Security","org.springframework.security:spring-security-core",3.1.0,3.1.3,MODERATE,CWE-200 -CVE-2012-5351,2022-05-13T01:01:04Z,"Improper Authentication in Apache Axis2",org.apache.axis2:axis2,0,1.6.4,MODERATE,CWE-287 -CVE-2012-5370,2022-05-17T04:17:07Z,"JRuby denial of service via Hash Collision",org.jruby:jruby-parent,0,1.7.1,MODERATE,CWE-400 -CVE-2012-5575,2022-05-13T01:09:21Z,"Inadequate Encryption Strength in Apache CXF","org.apache.cxf:cxf-rt-transports-http",2.5.0,2.5.10,MODERATE,CWE-326 -CVE-2012-5575,2022-05-13T01:09:21Z,"Inadequate Encryption Strength in Apache CXF","org.apache.cxf:cxf-rt-transports-http",2.6.0,2.6.7,MODERATE,CWE-326 -CVE-2012-5575,2022-05-13T01:09:21Z,"Inadequate Encryption Strength in Apache CXF","org.apache.cxf:cxf-rt-transports-http",2.7.0,2.7.4,MODERATE,CWE-326 -CVE-2012-5633,2022-05-13T01:09:21Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,0,2.5.8,MODERATE,CWE-287 -CVE-2012-5633,2022-05-13T01:09:21Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.6.0,2.6.5,MODERATE,CWE-287 -CVE-2012-5633,2022-05-13T01:09:21Z,"Improper Authentication in Apache CXF",org.apache.cxf:cxf,2.7.0,2.7.2,MODERATE,CWE-287 -CVE-2012-5783,2022-05-13T01:10:34Z,"Improper Certificate Validation in Apache Commons HttpClient","commons-httpclient:commons-httpclient",3.0,,MODERATE,CWE-295 -CVE-2012-5784,2020-10-07T17:51:02Z,"Man-in-the-middle attack in Apache Axis",axis:axis,0,,MODERATE,CWE-20 -CVE-2012-5784,2020-10-07T17:51:02Z,"Man-in-the-middle attack in Apache Axis",org.apache.axis:axis,0,,MODERATE,CWE-20 -CVE-2012-5785,2022-05-17T01:38:56Z,"Improper Input Validation in Apache Axis2",org.apache.axis2:axis2,0,1.8.0,MODERATE,CWE-20 -CVE-2012-5817,2022-05-17T01:38:40Z,"Improper Input Validation in XFire","org.codehaus.xfire:xfire-core",0,,HIGH,CWE-20;CWE-295 -CVE-2012-5885,2022-05-17T00:57:35Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.36,MODERATE,CWE-284 -CVE-2012-5885,2022-05-17T00:57:35Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.36,MODERATE,CWE-284 -CVE-2012-5885,2022-05-17T00:57:35Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.30,MODERATE,CWE-284 -CVE-2012-5886,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat","org.apache.tomcat:tomcat-catalina",5.5.0,5.5.36,MODERATE,CWE-287 -CVE-2012-5886,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat","org.apache.tomcat:tomcat-catalina",6.0.0,6.0.36,MODERATE,CWE-287 -CVE-2012-5886,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.30,MODERATE,CWE-287 -CVE-2012-5887,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,5.5.0,5.5.36,MODERATE,CWE-287 -CVE-2012-5887,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.36,MODERATE,CWE-287 -CVE-2012-5887,2022-05-17T01:38:30Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.30,MODERATE,CWE-287 -CVE-2012-6092,2022-05-17T03:46:33Z,"Cross-site Scripting in Apache ActiveMQ","org.apache.activemq:activemq-core",0,5.8.0,MODERATE,CWE-79 -CVE-2012-6153,2018-10-17T00:05:15Z,"Improper certificate validation in org.apache.httpcomponents:httpclient","org.apache.httpcomponents:httpclient",0,4.2.3,HIGH,CWE-20 -CVE-2012-6551,2022-05-17T03:46:32Z,"Apache ActiveMQ default configuration subject to denial of service","org.apache.activemq:activemq-web-demo",0,5.8.0,MODERATE,CWE-400 -CVE-2012-6551,2022-05-17T03:46:32Z,"Apache ActiveMQ default configuration subject to denial of service","org.apache.activemq:apache-activemq",0,5.8.0,MODERATE,CWE-400 -CVE-2012-6612,2022-05-17T04:50:16Z,"Improper Restriction of XML External Entity Reference in Apache Solr","org.apache.solr:solr-core",0,4.1.0,HIGH,CWE-611 -CVE-2012-6662,2017-10-24T18:33:37Z,"jquery-ui Tooltip widget vulnerable to XSS","org.webjars.npm:jquery-ui",0,1.10.0,MODERATE,CWE-79 -CVE-2012-6708,2020-09-01T16:41:46Z,"Cross-Site Scripting in jquery",org.webjars.npm:jquery,0,1.9.0,MODERATE,CWE-64;CWE-79 -CVE-2013-0158,2022-05-05T02:48:30Z,"Jenkins allows attackers to obtain the master cryptographic key","org.jenkins-ci.main:jenkins-core",0,1.480.2,LOW, -CVE-2013-0158,2022-05-05T02:48:30Z,"Jenkins allows attackers to obtain the master cryptographic key","org.jenkins-ci.main:jenkins-core",1.481,1.498,LOW, -CVE-2013-0239,2022-05-05T02:48:38Z,"Improper Authentication in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",0,2.5.9,MODERATE,CWE-287 -CVE-2013-0239,2022-05-05T02:48:38Z,"Improper Authentication in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.6.0,2.6.6,MODERATE,CWE-287 -CVE-2013-0239,2022-05-05T02:48:38Z,"Improper Authentication in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.7.0,2.7.3,MODERATE,CWE-287 -CVE-2013-0248,2022-05-05T02:48:41Z,"Incorrect Default Permissions in Apache Commons FileUpload","commons-fileupload:commons-fileupload",1.0,1.2.2,LOW,CWE-276 -CVE-2013-0327,2022-05-05T02:48:48Z,"Jenkins Cross-Site Request Forgery vulnerability","org.jenkins-ci.main:jenkins-core",0,1.480.3,MODERATE,CWE-352 -CVE-2013-0327,2022-05-05T02:48:48Z,"Jenkins Cross-Site Request Forgery vulnerability","org.jenkins-ci.main:jenkins-core",1.481,1.502,MODERATE,CWE-352 -CVE-2013-0328,2022-05-05T02:48:48Z,"Jenkins subject to Cross-site Scripting","org.jenkins-ci.main:jenkins-core",0,1.502,MODERATE,CWE-79 -CVE-2013-0329,2022-05-05T02:48:48Z,"Jenkins Cross-Site Request Forgery vulnerability","org.jenkins-ci.main:jenkins-core",0,1.480.3,MODERATE,CWE-352 -CVE-2013-0329,2022-05-05T02:48:48Z,"Jenkins Cross-Site Request Forgery vulnerability","org.jenkins-ci.main:jenkins-core",1.481,1.502,MODERATE,CWE-352 -CVE-2013-1624,2022-05-14T02:14:04Z,"Improper Input Validation in Bouncy Castle","org.bouncycastle:bcprov-jdk15on",0,1.48,MODERATE,CWE-20 -CVE-2013-1768,2022-05-14T03:30:19Z,"Deserialization of Untrusted Data in Apache OpenJPA","org.apache.openjpa:openjpa",1.0.0,1.2.3,HIGH,CWE-502 -CVE-2013-1768,2022-05-14T03:30:19Z,"Deserialization of Untrusted Data in Apache OpenJPA","org.apache.openjpa:openjpa",2.0.0,2.2.2,HIGH,CWE-502 -CVE-2013-1777,2022-05-17T04:48:11Z,"Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1","org.apache.geronimo.framework:geronimo-jmx-remoting",3.0-beta-1,3.0.1,HIGH,CWE-94 -CVE-2013-1814,2022-05-17T05:07:50Z,"Apache Rave information disclosure vulnerability","org.apache.rave:rave-core",0.11,0.20.1,MODERATE,CWE-200 -CVE-2013-1814,2022-05-17T05:07:50Z,"Apache Rave information disclosure vulnerability","org.apache.rave:rave-portal-resources",0.11,0.20.1,MODERATE,CWE-200 -CVE-2013-1814,2022-05-17T05:07:50Z,"Apache Rave information disclosure vulnerability",org.apache.rave:rave-web,0.11,0.20.1,MODERATE,CWE-200 -CVE-2013-1821,2022-05-17T03:23:26Z,"Ruby vulnerable to denial of service",org.jruby:jruby,0,1.7.3,MODERATE,CWE-400 -CVE-2013-1879,2022-05-17T01:36:25Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",0,5.9.0,MODERATE,CWE-79 -CVE-2013-1880,2022-05-17T03:46:32Z,"Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet ","org.apache.activemq:activemq-core",0,5.9.0,MODERATE,CWE-79 -CVE-2013-1965,2022-05-14T00:54:15Z,"Improper Control of Generation of Code in Apache Struts","org.apache.struts:struts2-core",0,2.3.14.3,HIGH,CWE-94 -CVE-2013-1966,2022-05-14T00:54:15Z,"Arbitrary code execution in Apache Struts","org.apache.struts.xwork:xwork-core",2.0.0,2.3.14.2,HIGH,CWE-94 -CVE-2013-1966,2022-05-14T00:54:15Z,"Arbitrary code execution in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.14.2,HIGH,CWE-94 -CVE-2013-2027,2022-05-14T02:05:10Z,"Jython Improper Access Restrictions vulnerability","org.python:jython-standalone",0,2.7.2b3,MODERATE,CWE-281 -CVE-2013-2033,2022-05-14T01:52:20Z,"Jenkins vulnerable to Cross-site Scripting","org.jenkins-ci.main:jenkins-core",0,1.509.1,MODERATE,CWE-79 -CVE-2013-2033,2022-05-14T01:52:20Z,"Jenkins vulnerable to Cross-site Scripting","org.jenkins-ci.main:jenkins-core",1.513,1.514,MODERATE,CWE-79 -CVE-2013-2034,2022-05-17T03:51:00Z,"Jenkins Cross-Site Request Forgery vulnerabilities","org.jenkins-ci.main:jenkins-core",0,1.509.1,MODERATE,CWE-352 -CVE-2013-2034,2022-05-17T03:51:00Z,"Jenkins Cross-Site Request Forgery vulnerabilities","org.jenkins-ci.main:jenkins-core",1.513,1.514,MODERATE,CWE-352 -CVE-2013-2035,2022-05-17T04:17:07Z,"Improper Control of Generation of Code in HawtJNI","org.fusesource.hawtjni:hawtjni-runtime",0,1.8,MODERATE,CWE-94 -CVE-2013-2067,2022-05-14T01:10:35Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,6.0.21,6.0.37,MODERATE,CWE-287 -CVE-2013-2067,2022-05-14T01:10:35Z,"Improper Authentication in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.33,MODERATE,CWE-287 -CVE-2013-2071,2022-05-17T02:44:28Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.40,LOW,CWE-200 -CVE-2013-2115,2022-05-13T01:16:08Z,"Code injection in Apache Struts","org.apache.struts.xwork:xwork-core",2.0.0,2.3.14.2,HIGH,CWE-94 -CVE-2013-2115,2022-05-13T01:16:08Z,"Code injection in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.14.2,HIGH,CWE-94 -CVE-2013-2134,2022-05-14T01:57:02Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts.xwork:xwork-core",2.0.0,2.3.14.3,HIGH,CWE-94 -CVE-2013-2134,2022-05-14T01:57:02Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts:struts2-core",2.0.0,2.3.14.3,HIGH,CWE-94 -CVE-2013-2135,2022-05-14T01:57:01Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts.xwork:xwork-core",2.0.0,2.3.14.3,HIGH,CWE-94 -CVE-2013-2135,2022-05-14T01:57:01Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts:struts2-core",2.0.0,2.3.14.3,HIGH,CWE-94 -CVE-2013-2160,2022-05-13T01:09:20Z,"Missing XML Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.5.0,2.5.10,MODERATE,CWE-112 -CVE-2013-2160,2022-05-13T01:09:20Z,"Missing XML Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.6.0,2.6.7,MODERATE,CWE-112 -CVE-2013-2160,2022-05-13T01:09:20Z,"Missing XML Validation in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.7.0,2.7.4,MODERATE,CWE-112 -CVE-2013-2165,2022-05-13T01:27:59Z,"Remote code execution due to insecure deserialization",org.richfaces:richfaces,3.1.0,3.3.3,HIGH, -CVE-2013-2165,2022-05-13T01:27:59Z,"Remote code execution due to insecure deserialization",org.richfaces:richfaces,4.0.0,4.3.2,HIGH, -CVE-2013-2172,2022-05-13T01:05:56Z,"Inefficient Algorithmic Complexity in Apache Santuario XML Security","org.apache.santuario:xmlsec",1.4.0,1.4.8,MODERATE,CWE-407 -CVE-2013-2172,2022-05-13T01:05:56Z,"Inefficient Algorithmic Complexity in Apache Santuario XML Security","org.apache.santuario:xmlsec",1.5.0,1.5.5,MODERATE,CWE-407 -CVE-2013-2185,2022-05-17T03:47:51Z,"Deserialization of Untrusted Data in Apache Tomcat",org.apache.tomcat:tomcat,0,7.0.39,HIGH,CWE-502 -CVE-2013-2186,2022-05-14T03:52:43Z,"Arbitrary file write in Apache Commons Fileupload","commons-fileupload:commons-fileupload",0,1.3.1,HIGH,CWE-20 -CVE-2013-2192,2022-05-17T02:54:07Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-common",0.23.0,0.23.9,LOW,CWE-287 -CVE-2013-2192,2022-05-17T02:54:07Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-common",2.0.0,2.0.6-alpha,LOW,CWE-287 -CVE-2013-2248,2022-05-17T03:13:10Z,"Open redirect in Apache Struts","org.apache.struts:struts2-core",0,2.3.15.1,MODERATE,CWE-20 -CVE-2013-2251,2022-05-13T01:14:26Z,"Code injection in Apache Struts","org.apache.struts:struts2-core",0,2.3.15.1,HIGH,CWE-20 -CVE-2013-2254,2022-05-17T01:36:04Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Sling","org.apache.sling:org.apache.sling.api",0,2.4.0,MODERATE,CWE-119 -CVE-2013-3060,2022-05-17T03:46:28Z,"Improper Authentication in Apache ActiveMQ","org.apache.activemq:activemq-client",0,5.8.0,MODERATE,CWE-287 -CVE-2013-3300,2022-05-17T05:07:19Z,"Lift Sensitive Information Disclosure",net.liftweb:lift-webkit,0,2.5,MODERATE,CWE-119 -CVE-2013-3827,2022-05-17T03:13:10Z,"Path Traversal in Eclipse Mojarra","org.glassfish:javax.faces",2.0.0,2.1.19,MODERATE,CWE-22 -CVE-2013-4002,2022-05-13T01:01:06Z,"Missing XML Validation in Apache Xerces2",xerces:xercesImpl,0,2.12.0,HIGH,CWE-112 -CVE-2013-4112,2022-05-17T04:50:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in JGroup",org.jgroups:jgroups,3.0.0,3.2.9.Final,MODERATE,CWE-200 -CVE-2013-4112,2022-05-17T04:50:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in JGroup",org.jgroups:jgroups,3.3.0,3.3.3.Final,MODERATE,CWE-200 -CVE-2013-4152,2022-05-13T01:02:38Z,"Cross-Site Request Forgery in Spring Framework","org.springframework:spring-oxm",0,3.2.4.RELEASE,MODERATE,CWE-352 -CVE-2013-4204,2022-05-17T01:58:13Z,"Improper Neutralization of Input During Web Page Generation in Google Web Toolkit",com.google.gwt:gwt,0,2.5.1,MODERATE,CWE-79 -CVE-2013-4221,2022-05-17T03:28:12Z,"Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML","org.restlet.jse:org.restlet",0,2.1.4,HIGH,CWE-91 -CVE-2013-4271,2022-05-17T03:28:57Z,"Restlet Arbitrary Java Code Execution via a serialized object","org.restlet.jse:org.restlet",0,2.1.4,HIGH,CWE-502 -CVE-2013-4286,2022-05-14T01:10:36Z,"Apache Tomcat is vulnerable to HTTP request-smuggling",org.apache.tomcat:tomcat,0,6.0.39,MODERATE,CWE-20 -CVE-2013-4286,2022-05-14T01:10:36Z,"Apache Tomcat is vulnerable to HTTP request-smuggling",org.apache.tomcat:tomcat,7.0.0,7.0.47,MODERATE,CWE-20 -CVE-2013-4286,2022-05-14T01:10:36Z,"Apache Tomcat is vulnerable to HTTP request-smuggling",org.apache.tomcat:tomcat,8.0.0-RC1,8.0.0-RC3,MODERATE,CWE-20 -CVE-2013-4295,2022-05-17T04:59:44Z,"Apache Shindig PHP Sensitive Information Disclosure","org.apache.shindig:shindig-php",2.5.0-beta1,2.5.0-update1,MODERATE,CWE-200 -CVE-2013-4310,2022-05-17T04:44:52Z,"Apache Struts2 Broken Access Control Vulnerability","org.apache.struts:struts2-core",0,2.3.15.3,MODERATE,CWE-284 -CVE-2013-4316,2022-05-17T03:28:23Z,"Code injection in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.15.2,HIGH,CWE-94 -CVE-2013-4316,2022-05-17T03:28:23Z,"Code injection in Apache Struts","org.apache.struts:struts2-rest-plugin",2.0.0,2.3.15.2,HIGH,CWE-94 -CVE-2013-4322,2022-05-14T01:10:35Z,"Apache Tomcat Denial of Service vulnerability",org.apache.tomcat:tomcat,0,6.0.39,MODERATE,CWE-400 -CVE-2013-4322,2022-05-14T01:10:35Z,"Apache Tomcat Denial of Service vulnerability",org.apache.tomcat:tomcat,7.0.0,7.0.50,MODERATE,CWE-400 -CVE-2013-4322,2022-05-14T01:10:35Z,"Apache Tomcat Denial of Service vulnerability",org.apache.tomcat:tomcat,8.0.0-RC1,8.0.0-RC10,MODERATE,CWE-400 -CVE-2013-4330,2022-05-13T01:26:34Z,"Improper Control of Generation of Code in Apache Camel","org.apache.camel:camel-core",0,2.9.7,MODERATE,CWE-94 -CVE-2013-4330,2022-05-13T01:26:34Z,"Improper Control of Generation of Code in Apache Camel","org.apache.camel:camel-core",2.10.0,2.10.7,MODERATE,CWE-94 -CVE-2013-4330,2022-05-13T01:26:34Z,"Improper Control of Generation of Code in Apache Camel","org.apache.camel:camel-core",2.11.0,2.11.2,MODERATE,CWE-94 -CVE-2013-4330,2022-05-13T01:26:34Z,"Improper Control of Generation of Code in Apache Camel","org.apache.camel:camel-core",2.12.0,2.12.1,MODERATE,CWE-94 -CVE-2013-4366,2022-05-13T01:25:03Z,"Hostname verification in Apache HttpClient 4.3 was disabled by default","org.apache.httpcomponents:httpclient",4.3,4.3.1,CRITICAL,CWE-20 -CVE-2013-4378,2022-05-17T05:02:46Z,"Improper Neutralization of Input During Web Page Generation in JavaMelody","net.bull.javamelody:javamelody-core",0,1.47.0,MODERATE,CWE-79 -CVE-2013-4390,2022-05-17T04:59:24Z,"Apache Sling Auth Core bundle vulnerable to Open Redirection","org.apache.sling:org.apache.sling.auth.core",0,1.1.4,MODERATE,CWE-601 -CVE-2013-4444,2022-05-13T01:12:13Z,"Apache Tomcat Unrestricted file upload vulnerability",org.apache.tomcat:tomcat,7.0,7.0.40,MODERATE,CWE-94 -CVE-2013-4517,2022-05-13T01:05:55Z,"Improper Input Validation in Apache Santuario XML Security","org.apache.santuario:xmlsec",0,1.5.6,MODERATE,CWE-20 -CVE-2013-4590,2022-05-14T01:10:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,0,6.0.39,MODERATE,CWE-200 -CVE-2013-4590,2022-05-14T01:10:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.50,MODERATE,CWE-200 -CVE-2013-4590,2022-05-14T01:10:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0-RC1,8.0.0-RC10,MODERATE,CWE-200 -CVE-2013-4766,2022-05-17T05:04:27Z,"Eucalyptus Unauthorized Access to CC/NC Log Files","org.jclouds.api:eucalyptus",0,3.3.1,MODERATE,CWE-200 -CVE-2013-5679,2022-05-17T03:56:06Z,"Missing Cryptographic Step in OWASP Enterprise Security API for Java",org.owasp.esapi:esapi,2.0.0,2.1.0,LOW,CWE-325 -CVE-2013-5823,2022-05-14T00:02:32Z,"Apache XML Security For Java vulnerable to Infinite Loop","org.apache.santuario:xmlsec",1.4.0,1.4.8,MODERATE, -CVE-2013-5823,2022-05-14T00:02:32Z,"Apache XML Security For Java vulnerable to Infinite Loop","org.apache.santuario:xmlsec",1.5.0,1.5.3,MODERATE, -CVE-2013-5855,2022-05-14T02:54:24Z,"Improper Neutralization of Input During Web Page Generation in Mojarra","org.glassfish:javax.faces",2.1.0,2.1.28,MODERATE,CWE-79 -CVE-2013-5855,2022-05-14T02:54:24Z,"Improper Neutralization of Input During Web Page Generation in Mojarra","org.glassfish:javax.faces",2.2.0,2.2.6,MODERATE,CWE-79 -CVE-2013-5960,2022-05-14T01:37:06Z,"Missing Cryptographic Step in OWASP Enterprise Security API for Java",org.owasp.esapi:esapi,2.0.0.0,2.1.0.1,MODERATE,CWE-325 -CVE-2013-6235,2022-05-14T02:54:05Z,"Improper Neutralization of Input During Web Page Generation in JAMon",com.jamonapi:jamon,0,2.80,MODERATE,CWE-79 -CVE-2013-6348,2022-05-17T04:57:18Z,"Apache Struts is vulnerable to Cross-site Scripting","org.apache.struts:struts2-core",0,2.3.16,MODERATE,CWE-79 -CVE-2013-6397,2022-05-17T04:04:29Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Solr","org.apache.solr:solr-core",0,4.6.0,MODERATE,CWE-22 -CVE-2013-6407,2022-05-17T04:39:49Z,"Apache Solr UpdateRequestHandler for XML resolves XML External Entities","org.apache.solr:solr-core",0,4.1.0,MODERATE,CWE-611 -CVE-2013-6408,2022-05-17T04:39:49Z,"XML Injection in Apache Solr","org.apache.solr:solr-core",0,4.3.1,MODERATE,CWE-91 -CVE-2013-6429,2022-05-13T01:02:39Z,"Cross-Site Request Forgery in Spring Framework","org.springframework:spring-web",0,3.2.5.RELEASE,MODERATE,CWE-352 -CVE-2013-6430,2022-05-05T00:29:18Z,"Improper Neutralization of Input During Web Page Generation in Spring Framework","org.springframework:spring-web",3.0.0.RELEASE,3.2.2.RELEASE,MODERATE,CWE-79 -CVE-2013-6440,2022-05-13T01:04:00Z,"Exposure of Sensitive Information to an Unauthorized Actor in OpenSAML",org.opensaml:opensaml,0,2.6.1,MODERATE,CWE-200 -CVE-2013-7285,2019-05-29T18:05:03Z,"Command Injection in Xstream","com.thoughtworks.xstream:xstream",0,1.4.7,CRITICAL,CWE-77;CWE-78 -CVE-2013-7285,2019-05-29T18:05:03Z,"Command Injection in Xstream","com.thoughtworks.xstream:xstream",1.4.10,1.4.11,CRITICAL,CWE-77;CWE-78 -CVE-2013-7315,2022-05-13T01:02:38Z,"Missing XML Validation in Spring Framework","org.springframework:spring-oxm",0,3.2.4.RELEASE,MODERATE,CWE-112 -CVE-2013-7330,2022-05-17T03:53:55Z,"Jenkins allows attackers to configure restricted projects","org.jenkins-ci.main:jenkins-core",0,1.480.3,MODERATE, -CVE-2013-7330,2022-05-17T03:53:55Z,"Jenkins allows attackers to configure restricted projects","org.jenkins-ci.main:jenkins-core",1.481,1.502,MODERATE, -CVE-2013-7397,2022-05-13T01:12:18Z,"Insufficient Verification of Data Authenticity in Async Http Client","com.ning:async-http-client",0,1.9.0,MODERATE,CWE-345 -CVE-2013-7398,2022-05-13T01:12:18Z,"Insufficient Verification of Data Authenticity in Async Http Client","com.ning:async-http-client",0,1.9.0,MODERATE,CWE-345 -CVE-2014-0002,2018-10-16T23:13:26Z,"Apache Camel's XSLT component allows remote attackers to read arbitrary files","org.apache.camel:camel-core",0,2.11.4,HIGH, -CVE-2014-0002,2018-10-16T23:13:26Z,"Apache Camel's XSLT component allows remote attackers to read arbitrary files","org.apache.camel:camel-core",2.12.0,2.12.3,HIGH, -CVE-2014-0003,2018-10-16T23:13:49Z,"Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods","org.apache.camel:camel-core",2.11.0,2.11.4,HIGH,CWE-502 -CVE-2014-0003,2018-10-16T23:13:49Z,"Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods","org.apache.camel:camel-core",2.12.0,2.12.3,HIGH,CWE-502 -CVE-2014-0033,2022-05-14T01:10:35Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.33,6.0.38,MODERATE,CWE-20 -CVE-2014-0034,2022-05-13T01:09:20Z,"Improper Input Validation in Apache CXF","org.apache.cxf:cxf-rt-ws-security",0,2.6.12,MODERATE,CWE-20 -CVE-2014-0034,2022-05-13T01:09:20Z,"Improper Input Validation in Apache CXF","org.apache.cxf:cxf-rt-ws-security",2.7.0,2.7.9,MODERATE,CWE-20 -CVE-2014-0035,2022-05-13T01:09:20Z,"Cleartext Transmission of Sensitive Information in Apache CXF",org.apache.cxf:cxf-core,0,2.6.13,MODERATE,CWE-319 -CVE-2014-0035,2022-05-13T01:09:20Z,"Cleartext Transmission of Sensitive Information in Apache CXF",org.apache.cxf:cxf-core,2.7.0,2.7.10,MODERATE,CWE-319 -CVE-2014-0050,2018-12-21T17:51:42Z,"Commons FileUpload Denial of service vulnerability","commons-fileupload:commons-fileupload",0,1.3.1,HIGH,CWE-20 -CVE-2014-0050,2018-12-21T17:51:42Z,"Commons FileUpload Denial of service vulnerability",org.apache.tomcat:tomcat,7.0.0,7.0.52,HIGH,CWE-20 -CVE-2014-0050,2018-12-21T17:51:42Z,"Commons FileUpload Denial of service vulnerability",org.apache.tomcat:tomcat,8.0.0-RC1,8.0.3,HIGH,CWE-20 -CVE-2014-0054,2022-05-13T01:02:38Z,"Cross-Site Request Forgery in Spring Framework","org.springframework:spring-webmvc",0,3.2.8,MODERATE,CWE-352 -CVE-2014-0054,2022-05-13T01:02:38Z,"Cross-Site Request Forgery in Spring Framework","org.springframework:spring-webmvc",4.0.0,4.0.2,MODERATE,CWE-352 -CVE-2014-0075,2022-05-14T01:10:19Z,"Integer Overflow or Wraparound in Apache Tomcat",org.apache.tomcat:tomcat,0,6.0.40,MODERATE,CWE-190;CWE-400 -CVE-2014-0075,2022-05-14T01:10:19Z,"Integer Overflow or Wraparound in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.53,MODERATE,CWE-190;CWE-400 -CVE-2014-0075,2022-05-14T01:10:19Z,"Integer Overflow or Wraparound in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.4,MODERATE,CWE-190;CWE-400 -CVE-2014-0085,2022-05-14T02:19:43Z,"Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse","org.jboss.fuse:jboss-fuse",0,6.1.0,LOW,CWE-200 -CVE-2014-0086,2022-05-17T00:13:54Z,"JBoss RichFaces Improper Input Validation vulnerability",org.richfaces:richfaces,4.3.4,,MODERATE,CWE-20 -CVE-2014-0086,2022-05-17T00:13:54Z,"JBoss RichFaces Improper Input Validation vulnerability",org.richfaces:richfaces,5.0.0.Alpha1,5.0.0.Alpha3,MODERATE,CWE-20 -CVE-2014-0094,2022-05-14T00:54:15Z,"ClassLoader manipulation in Apache Struts","org.apache.struts.xwork:xwork-core",2.0.0,2.3.16.2,MODERATE, -CVE-2014-0094,2022-05-14T00:54:15Z,"ClassLoader manipulation in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.16.2,MODERATE, -CVE-2014-0095,2022-05-17T00:24:30Z,"Denial of service in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0-RC1,8.0.4,MODERATE,CWE-20 -CVE-2014-0095,2022-05-17T00:24:30Z,"Denial of service in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.0.0-RC1,8.0.4,MODERATE,CWE-20 -CVE-2014-0096,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,0,6.0.40,MODERATE,CWE-20 -CVE-2014-0096,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.54,MODERATE,CWE-20 -CVE-2014-0096,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.6,MODERATE,CWE-20 -CVE-2014-0097,2022-05-13T01:01:04Z,"Improper Authentication in Spring Security","org.springframework.security:spring-security-core",3.1.0,3.1.5.RELEASE,HIGH,CWE-287 -CVE-2014-0097,2022-05-13T01:01:04Z,"Improper Authentication in Spring Security","org.springframework.security:spring-security-core",3.2.0,3.2.2.RELEASE,HIGH,CWE-287 -CVE-2014-0099,2022-05-14T01:10:18Z,"Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat",org.apache.tomcat:tomcat,0,6.0.40,MODERATE,CWE-113 -CVE-2014-0099,2022-05-14T01:10:18Z,"Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.54,MODERATE,CWE-113 -CVE-2014-0099,2022-05-14T01:10:18Z,"Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.6,MODERATE,CWE-113 -CVE-2014-0107,2022-05-13T01:05:38Z,"Improper Authorization in Apache Xalan-Java",xalan:xalan,0,2.7.2,HIGH,CWE-285 -CVE-2014-0109,2022-05-13T01:09:20Z,"Uncontrolled Resource Consumption in Apache CXF",org.apache.cxf:cxf-core,0,2.6.14,MODERATE,CWE-400 -CVE-2014-0109,2022-05-13T01:09:20Z,"Uncontrolled Resource Consumption in Apache CXF",org.apache.cxf:cxf-core,2.7.0,2.7.11,MODERATE,CWE-400 -CVE-2014-0110,2022-05-13T01:09:20Z,"Uncontrolled Resource Consumption in Apache CXF",org.apache.cxf:cxf-core,0,2.6.14,MODERATE,CWE-400 -CVE-2014-0110,2022-05-13T01:09:20Z,"Uncontrolled Resource Consumption in Apache CXF",org.apache.cxf:cxf-core,2.7.0,2.7.11,MODERATE,CWE-400 -CVE-2014-0111,2022-05-14T01:18:38Z,"Apache Syncope JEXL Code Injection","org.apache.syncope:syncope",1.0.0,1.0.9,MODERATE,CWE-94 -CVE-2014-0111,2022-05-14T01:18:38Z,"Apache Syncope JEXL Code Injection","org.apache.syncope:syncope",1.1.0,1.1.7,MODERATE,CWE-94 -CVE-2014-0112,2022-05-14T00:54:16Z,"ClassLoader manipulation in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,HIGH, -CVE-2014-0113,2022-05-14T00:54:15Z,"ClassLoader manipulation in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,HIGH, -CVE-2014-0114,2020-06-10T23:38:01Z,"Arbitrary code execution in Apache Commons BeanUtils","commons-beanutils:commons-beanutils",1.8.0,1.9.4,HIGH,CWE-20 -CVE-2014-0115,2022-05-17T00:24:06Z,"Apache Storm log viewer path traversal vulnerability",org.apache.storm:storm,0,,HIGH,CWE-22 -CVE-2014-0116,2022-05-14T00:54:14Z,"ClassLoader manipulation in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,HIGH, -CVE-2014-0119,2022-05-14T01:10:18Z,"Missing XML Validation in Apache Tomcat",org.apache.tomcat:tomcat,0,6.0.40,MODERATE,CWE-112 -CVE-2014-0119,2022-05-14T01:10:18Z,"Missing XML Validation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.54,MODERATE,CWE-112 -CVE-2014-0119,2022-05-14T01:10:18Z,"Missing XML Validation in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.6,MODERATE,CWE-112 -CVE-2014-0168,2022-05-17T04:31:39Z,"Cross-Site Request Forgery in Jolokia",org.jolokia:jolokia-core,0,1.2.1,MODERATE,CWE-352 -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty,3.6.0.Beta1,3.6.9.Final,MODERATE, -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty,3.7.0.Final,3.7.1.Final,MODERATE, -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty,3.8.0.Final,3.8.2.Final,MODERATE, -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty,3.9.0.Final,3.9.1.Final,MODERATE, -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty,4.0.0.Alpha1,4.0.19.Final,MODERATE, -CVE-2014-0193,2022-05-13T01:54:02Z,"Netty denial of service vulnerability",io.netty:netty-all,4.0.0.Alpha1,4.0.19.Final,MODERATE, -CVE-2014-0219,2022-05-14T01:42:28Z,"Improper Input Validation in Apache Karaf","org.apache.karaf:apache-karaf",0,4.0.10,MODERATE,CWE-20 -CVE-2014-0225,2022-05-13T01:02:39Z,"Improper Restriction of XML External Entity Reference in Spring Framework","org.springframework:spring-webmvc",3.0.0,3.2.8,HIGH,CWE-611 -CVE-2014-0225,2022-05-13T01:02:39Z,"Improper Restriction of XML External Entity Reference in Spring Framework","org.springframework:spring-webmvc",4.0.0,4.0.5,HIGH,CWE-611 -CVE-2014-0227,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.42,MODERATE,CWE-20 -CVE-2014-0227,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.55,MODERATE,CWE-20 -CVE-2014-0227,2022-05-14T01:10:18Z,"Improper Input Validation in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.9,MODERATE,CWE-20 -CVE-2014-0228,2018-11-21T22:23:29Z,"Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service","org.apache.hive:hive-exec",0,0.13.1,LOW,CWE-284 -CVE-2014-0228,2018-11-21T22:23:29Z,"Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service","org.apache.hive:hive-service",0,0.13.1,LOW,CWE-284 -CVE-2014-0228,2018-11-21T22:23:29Z,"Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service",org.apache.hive:hive,0,0.13.1,LOW,CWE-284 -CVE-2014-0229,2022-05-17T02:53:20Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-common",0.23.0,0.23.11,MODERATE,CWE-287 -CVE-2014-0229,2022-05-17T02:53:20Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-common",2.0.0,2.4.1,MODERATE,CWE-287 -CVE-2014-0230,2022-05-14T01:10:18Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.44,HIGH,CWE-400 -CVE-2014-0230,2022-05-14T01:10:18Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.55,HIGH,CWE-400 -CVE-2014-0230,2022-05-14T01:10:18Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.9,HIGH,CWE-400 -CVE-2014-1202,2022-05-17T04:53:43Z,"Code injection via property expansion in SoapUI","com.smartbear.soapui:soapui",0,4.6.4,HIGH,CWE-94 -CVE-2014-1216,2022-05-17T04:46:05Z,"Improper Neutralization of Special Elements used in a Command in FitNesse Wiki",org.fitnesse:fitnesse,20131110,20140418,HIGH,CWE-77 -CVE-2014-125087,2023-02-19T18:30:21Z,"java-xmlbuilder vulnerable to XML External Entity Reference","com.jamesmurty.utils:java-xmlbuilder",0,1.2,CRITICAL,CWE-611 -CVE-2014-1868,2018-10-17T00:04:53Z,"Moderate severity vulnerability that affects org.restlet.jse:org.restlet","org.restlet.jse:org.restlet",2.1.0,2.1.7,MODERATE,CWE-776 -CVE-2014-1904,2022-05-14T01:14:55Z,"Improper Neutralization of Input During Web Page Generation in Spring Framework","org.springframework:spring-webmvc",3.0.0,3.2.8.RELEASE,MODERATE,CWE-79 -CVE-2014-1904,2022-05-14T01:14:55Z,"Improper Neutralization of Input During Web Page Generation in Spring Framework","org.springframework:spring-webmvc",4.0.0,4.0.2.RELEASE,MODERATE,CWE-79 -CVE-2014-1972,2022-05-13T01:26:11Z,"Apache Tapestry Unsafe Object Storage","org.apache.tapestry:tapestry-core",0,5.3.6,HIGH,CWE-502 -CVE-2014-2058,2022-05-17T03:53:55Z,"Jenkins allows attackers to execute arbitrary jobs","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE, -CVE-2014-2058,2022-05-17T03:53:55Z,"Jenkins allows attackers to execute arbitrary jobs","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE, -CVE-2014-2059,2022-05-17T01:26:47Z,"Jenkins directory traversal vulnerability","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-22 -CVE-2014-2059,2022-05-17T01:26:47Z,"Jenkins directory traversal vulnerability","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-22 -CVE-2014-2061,2022-05-17T03:53:54Z,"Jenkin allows attackers to obtain passwords by reading the HTML source code","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE, -CVE-2014-2061,2022-05-17T03:53:54Z,"Jenkin allows attackers to obtain passwords by reading the HTML source code","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE, -CVE-2014-2062,2022-05-17T03:53:54Z,"Jenkins does not invalidate the API token when a user is deleted","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-287 -CVE-2014-2062,2022-05-17T03:53:54Z,"Jenkins does not invalidate the API token when a user is deleted","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-287 -CVE-2014-2064,2022-05-17T03:53:52Z,"Jenkins allows attackers to determine whether a user exists","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-200 -CVE-2014-2064,2022-05-17T03:53:52Z,"Jenkins allows attackers to determine whether a user exists","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-200 -CVE-2014-2065,2022-05-17T03:53:42Z,"Jenkins cross-site scripting (XSS) vulnerability","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-79 -CVE-2014-2065,2022-05-17T03:53:42Z,"Jenkins cross-site scripting (XSS) vulnerability","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-79 -CVE-2014-2066,2022-05-17T03:53:42Z,"Jenkins session fixation vulnerability","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-287 -CVE-2014-2066,2022-05-17T03:53:42Z,"Jenkins session fixation vulnerability","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-287 -CVE-2014-2067,2022-05-17T01:26:46Z,"Jenkins cross-site scripting (XSS) vulnerability","org.jenkins-ci.main:jenkins-core",0,1.532.2,MODERATE,CWE-79 -CVE-2014-2067,2022-05-17T01:26:46Z,"Jenkins cross-site scripting (XSS) vulnerability","org.jenkins-ci.main:jenkins-core",1.533,1.551,MODERATE,CWE-79 -CVE-2014-2068,2022-05-17T03:53:42Z,"Jenkins allows attackers to obtain sensitive information","org.jenkins-ci.main:jenkins-core",0,1.532.2,LOW, -CVE-2014-2068,2022-05-17T03:53:42Z,"Jenkins allows attackers to obtain sensitive information","org.jenkins-ci.main:jenkins-core",1.533,1.551,LOW, -CVE-2014-2741,2022-05-17T04:44:51Z,"Ignite Realtime Openfire vulnerable to XMPPbomb attack","org.igniterealtime.openfire:parent",0,3.9.2,HIGH,CWE-400 -CVE-2014-3004,2022-05-13T01:05:37Z,"Improper Restriction of XML External Entity Reference in Castor","org.codehaus.castor:castor",0,1.3.3,MODERATE,CWE-611 -CVE-2014-3488,2020-06-30T21:01:31Z,"Denial of service in Netty",io.netty:netty-handler,0,3.9.2,MODERATE,CWE-119 -CVE-2014-3490,2022-05-14T01:18:38Z,"Incorrect Privilege Assignment in RESTEasy","org.jboss.resteasy:resteasy-client",2.3.1,2.3.8.SP2,HIGH,CWE-266 -CVE-2014-3490,2022-05-14T01:18:38Z,"Incorrect Privilege Assignment in RESTEasy","org.jboss.resteasy:resteasy-client",3.0.0,3.0.9.Final,HIGH,CWE-266 -CVE-2014-3503,2022-05-14T02:52:41Z,"Apache Syncope uses a weak PNRG","org.apache.syncope:syncope",1.1.0,1.1.8,MODERATE,CWE-338 -CVE-2014-3526,2022-05-13T01:30:20Z,"Apache Wicket Sensitive Data Exposure","org.apache.wicket:wicket-core",0,1.5.12,HIGH,CWE-200 -CVE-2014-3526,2022-05-13T01:30:20Z,"Apache Wicket Sensitive Data Exposure","org.apache.wicket:wicket-core",6.0,6.17.0,HIGH,CWE-200 -CVE-2014-3526,2022-05-13T01:30:20Z,"Apache Wicket Sensitive Data Exposure","org.apache.wicket:wicket-core",7.0.0-M1,7.0.0-M3,HIGH,CWE-200 -CVE-2014-3527,2020-09-15T20:16:22Z,"Authorization Bypass in Spring Security","org.springframework.security:spring-security-core",0,3.1.7,CRITICAL,CWE-287 -CVE-2014-3527,2020-09-15T20:16:22Z,"Authorization Bypass in Spring Security","org.springframework.security:spring-security-core",3.2.0,3.2.5,CRITICAL,CWE-287 -CVE-2014-3529,2022-05-17T01:24:40Z,"Improper Restriction of XML External Entity Reference in Apache POI",org.apache.poi:poi,0,3.10.1,MODERATE,CWE-611 -CVE-2014-3530,2022-05-14T03:59:54Z,"XML External Entity Reference in org.picketlink:picketlink-common","org.picketlink:picketlink-common",0,2.7.0.Final,HIGH,CWE-611 -CVE-2014-3558,2022-05-14T01:18:38Z,"Improper Authentication in Hibernate Validator","org.hibernate:hibernate-validator",4.1.0,4.2.1,MODERATE,CWE-287 -CVE-2014-3558,2022-05-14T01:18:38Z,"Improper Authentication in Hibernate Validator","org.hibernate:hibernate-validator",4.3.0,4.3.2,MODERATE,CWE-287 -CVE-2014-3558,2022-05-14T01:18:38Z,"Improper Authentication in Hibernate Validator","org.hibernate:hibernate-validator",5.0.0,5.1.2,MODERATE,CWE-287 -CVE-2014-3574,2022-05-17T01:24:36Z,"Improper Input Validation in Apache POI",org.apache.poi:poi,0,3.10.1,MODERATE,CWE-20 -CVE-2014-3574,2022-05-17T01:24:36Z,"Improper Input Validation in Apache POI",org.apache.poi:poi,3.11-beta1,3.11-beta2,MODERATE,CWE-20 -CVE-2014-3576,2022-05-14T01:14:52Z,"Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ","org.apache.activemq:activemq-client",0,5.11.0,HIGH,CWE-78 -CVE-2014-3577,2018-10-17T00:05:06Z,"Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient","org.apache.httpcomponents:httpclient",0,4.3.5,MODERATE,CWE-347 -CVE-2014-3578,2022-05-14T00:56:29Z,"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","org.springframework:spring-core",3.0.0,3.2.9,MODERATE,CWE-22 -CVE-2014-3578,2022-05-14T00:56:29Z,"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","org.springframework:spring-core",4.0.0,4.0.5,MODERATE,CWE-22 -CVE-2014-3579,2022-05-14T01:14:52Z,"Apache ActiveMQ Apollo XXE Vulnerability","org.apache.activemq:apollo-project",1.0.0,1.7.1,CRITICAL,CWE-611 -CVE-2014-3584,2022-05-13T01:09:20Z,"Loop with Unreachable Exit Condition in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.5.0,2.6.11,MODERATE,CWE-835 -CVE-2014-3584,2022-05-13T01:09:20Z,"Loop with Unreachable Exit Condition in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",2.7.0,2.7.8,MODERATE,CWE-835 -CVE-2014-3584,2022-05-13T01:09:20Z,"Loop with Unreachable Exit Condition in Apache CXF","org.apache.cxf:cxf-rt-frontend-jaxrs",3.0.0,3.0.1,MODERATE,CWE-835 -CVE-2014-3596,2018-10-16T20:50:58Z,"Improper Validation of Certificates in apache axis",axis:axis,0,,MODERATE,CWE-297 -CVE-2014-3596,2018-10-16T20:50:58Z,"Improper Validation of Certificates in apache axis",org.apache.axis:axis,0,,MODERATE,CWE-297 -CVE-2014-3599,2022-05-24T22:01:08Z,"HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference","org.hornetq.rest:hornetq-rest",0,2.5.0.Beta1,MODERATE,CWE-611 -CVE-2014-3600,2022-05-14T01:14:52Z,"Improper Restriction of XML External Entity Reference in Apache ActiveMQ","org.apache.activemq:activemq-broker",5.0.0,5.10.1,CRITICAL,CWE-611 -CVE-2014-3600,2022-05-14T01:14:52Z,"Improper Restriction of XML External Entity Reference in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.10.1,CRITICAL,CWE-611 -CVE-2014-3603,2022-05-14T01:11:29Z,"Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java","edu.internet2.middleware:shibboleth-identityprovider",0,2.4.1,MODERATE,CWE-297 -CVE-2014-3603,2022-05-14T01:11:29Z,"Improper Validation of Certificate with Host Mismatch in Shibboleth Identity Provider and OpenSAML Java",org.opensaml:opensaml,0,2.6.2,MODERATE,CWE-297 -CVE-2014-3604,2022-05-14T03:59:54Z,"Improper Validation of Certificate with Host Mismatch in Not Yet Commons SSL","ca.juliusdavies:not-yet-commons-ssl",0,0.3.15,MODERATE,CWE-297 -CVE-2014-3607,2022-05-14T03:47:38Z,"Improper Certificate Validation in vt-ldap","edu.internet2.middleware:shibboleth-identityprovider",0,2.4.2,MODERATE,CWE-295 -CVE-2014-3607,2022-05-14T03:47:38Z,"Improper Certificate Validation in vt-ldap","edu.vt.middleware:vt-ldap",0,3.3.8,MODERATE,CWE-295 -CVE-2014-3612,2022-05-14T01:14:52Z,"Improper Authentication in Apache WSS4J","org.apache.activemq:activemq-broker",5.0.0,5.10.1,HIGH,CWE-287 -CVE-2014-3612,2022-05-14T01:14:52Z,"Improper Authentication in Apache WSS4J","org.apache.activemq:activemq-jaas",5.0.0,5.10.1,HIGH,CWE-287 -CVE-2014-3623,2022-05-13T01:09:20Z,"Improper Authentication in Apache WSS4J","org.apache.ws.security:wss4j",0,1.6.17,MODERATE,CWE-287 -CVE-2014-3623,2022-05-13T01:09:20Z,"Improper Authentication in Apache WSS4J","org.apache.wss4j:wss4j-ws-security-dom",2.0.0,2.0.2,MODERATE,CWE-287 -CVE-2014-3625,2022-05-13T01:02:39Z,"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","org.springframework:spring-webmvc",3.0.4,3.2.12,MODERATE,CWE-22 -CVE-2014-3625,2022-05-13T01:02:39Z,"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","org.springframework:spring-webmvc",4.0.0,4.0.8,MODERATE,CWE-22 -CVE-2014-3625,2022-05-13T01:02:39Z,"Improper Limitation of a Pathname to a Restricted Directory in Spring Framework","org.springframework:spring-webmvc",4.1.0,4.1.2,MODERATE,CWE-22 -CVE-2014-3627,2022-05-17T04:20:31Z,"Improper Link Resolution Before File Access in Apache Hadoop","org.apache.hadoop:hadoop-client",0.23.0,1.0.1,MODERATE,CWE-59 -CVE-2014-3627,2022-05-17T04:20:31Z,"Improper Link Resolution Before File Access in Apache Hadoop","org.apache.hadoop:hadoop-client",2.0.0,2.5.2,MODERATE,CWE-59 -CVE-2014-3628,2022-05-17T04:17:55Z,"Improper Neutralization of Input During Web Page Generation in Apache Solr",org.apache.solr:solr,4.0.0,4.10.3,MODERATE,CWE-79 -CVE-2014-3651,2018-10-18T16:50:20Z,"Keycloak vulnerable to uncontrolled resource consumption","org.keycloak:keycloak-core",0,1.0.3,HIGH,CWE-400 -CVE-2014-3652,2022-05-17T19:57:08Z,"JBoss KeyCloak Open Redirect","org.keycloak:keycloak-services",0,1.1.0.Beta1,MODERATE,CWE-601 -CVE-2014-3655,2022-05-17T19:57:03Z,"JBoss KeyCloak is vulnerable to soft token deletion via CSRF","org.keycloak:keycloak-services",0,1.0.2.Final,MODERATE,CWE-352 -CVE-2014-3656,2022-05-17T19:57:06Z,"JBoss KeyCloak Cross-site Scripting Vulnerability","org.keycloak:keycloak-core",0,1.1.0.Beta1,MODERATE,CWE-79 -CVE-2014-3661,2022-05-17T03:53:42Z,"Jenkins Denial of Service vulnerability","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE, -CVE-2014-3661,2022-05-17T03:53:42Z,"Jenkins Denial of Service vulnerability","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE, -CVE-2014-3662,2022-05-17T03:53:35Z,"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE,CWE-200 -CVE-2014-3662,2022-05-17T03:53:35Z,"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE,CWE-200 -CVE-2014-3663,2022-05-17T03:53:35Z,"Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE, -CVE-2014-3663,2022-05-17T03:53:35Z,"Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE, -CVE-2014-3664,2022-05-17T01:24:36Z,"Jenkins Path Traversal vulnerability","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE,CWE-22 -CVE-2014-3664,2022-05-17T01:24:36Z,"Jenkins Path Traversal vulnerability","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE,CWE-22 -CVE-2014-3665,2022-05-17T03:53:35Z,"Jenkins improperly ensures trust separation","org.jenkins-ci.main:jenkins-core",0,1.587,MODERATE, -CVE-2014-3680,2022-05-17T03:53:31Z,"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE,CWE-200 -CVE-2014-3680,2022-05-17T03:53:31Z,"Jenkins Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE,CWE-200 -CVE-2014-3681,2022-05-14T01:48:04Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",0,1.565.3,MODERATE,CWE-79 -CVE-2014-3681,2022-05-14T01:48:04Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",1.566,1.583,MODERATE,CWE-79 -CVE-2014-3709,2022-05-17T00:26:04Z,"JBoss Keycloak CSRF Vulnerability","org.keycloak:keycloak-services",0,1.0.3.Final,HIGH,CWE-352 -CVE-2014-4172,2022-05-17T19:57:18Z,"Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability",org.jasig.cas:cas-client,0,3.3.2,CRITICAL,CWE-74 -CVE-2014-5325,2022-05-17T03:46:06Z,"Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting","org.directwebremoting:dwr",0,2.0.11,MODERATE,CWE-200 -CVE-2014-5325,2022-05-17T03:46:06Z,"Exposure of Sensitive Information to an Unauthorized Actor in Direct Web Remoting","org.directwebremoting:dwr",3.0.M1,3.0.RC3,MODERATE,CWE-200 -CVE-2014-5326,2022-05-17T04:21:06Z,"Improper Neutralization of Input During Web Page Generation in Direct Web Remoting","org.directwebremoting:dwr",0,2.0.11,MODERATE,CWE-79 -CVE-2014-5326,2022-05-17T04:21:06Z,"Improper Neutralization of Input During Web Page Generation in Direct Web Remoting","org.directwebremoting:dwr",3.0.M1,3.0.RC3,MODERATE,CWE-79 -CVE-2014-6439,2022-05-14T02:51:14Z,"Cross-site scripting in Elasticsearch","org.elasticsearch:elasticsearch",0,1.4.0.Beta1,MODERATE,CWE-79 -CVE-2014-7809,2022-05-14T02:50:59Z,"Cross-Site Request Forgery in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,MODERATE,CWE-352 -CVE-2014-7810,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.44,MODERATE,CWE-284 -CVE-2014-7810,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.58,MODERATE,CWE-284 -CVE-2014-7810,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.16,MODERATE,CWE-284 -CVE-2014-7816,2022-05-17T04:15:16Z,"Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow","io.undertow:undertow-core",1.0.0,1.0.17,MODERATE,CWE-22 -CVE-2014-7816,2022-05-17T04:15:16Z,"Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow","io.undertow:undertow-core",1.1.0.Beta1,1.1.0.CR5,MODERATE,CWE-22 -CVE-2014-7816,2022-05-17T04:15:16Z,"Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow","io.undertow:undertow-core",1.2.0.Beta1,1.2.0.Beta3,MODERATE,CWE-22 -CVE-2014-7839,2022-05-17T04:13:50Z,"XML External Entity Reference in RESTEasy","org.jboss.resteasy:resteasy-jaxrs",0,3.0.11.Final,MODERATE,CWE-20;CWE-611 -CVE-2014-8110,2022-05-14T01:14:52Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.10.1,MODERATE,CWE-79 -CVE-2014-8114,2022-05-14T01:10:41Z,"UberFire Framework Improperly Restricts Paths","org.uberfire:uberfire-parent",0.3.0.Beta5,,MODERATE,CWE-22 -CVE-2014-8122,2020-06-10T20:54:15Z,"Information disclosure in JBoss Weld","org.jboss.weld:weld-core-bom",0,2.2.8,MODERATE,CWE-362 -CVE-2014-8125,2022-05-17T04:12:57Z,"Improper Input Validation in Drools and jBPM",org.drools:drools-core,0,6.2.0.Final,HIGH,CWE-20 -CVE-2014-8125,2022-05-17T04:12:57Z,"Improper Input Validation in Drools and jBPM",org.jbpm:jbpm-bpmn2,0,6.2.0.Final,HIGH,CWE-20 -CVE-2014-8152,2022-05-13T01:05:55Z,"Improper Input Validation in Apache Santuario XML Security","org.apache.santuario:xmlsec",2.0.0,2.0.3,MODERATE,CWE-20 -CVE-2014-9390,2022-05-17T19:57:29Z,"JGit Improper Input Validation vulnerability","org.eclipse.jgit:org.eclipse.jgit",0,3.5.3,CRITICAL,CWE-20 -CVE-2014-9527,2022-05-17T03:00:44Z,"Loop with Unreachable Exit Condition in Apache POI",org.apache.poi:poi,0,3.11,MODERATE,CWE-835 -CVE-2014-9634,2022-05-17T00:50:18Z,"Jenkins secure flag not set on session cookies","org.jenkins-ci.main:jenkins-core",0,1.586,MODERATE, -CVE-2014-9635,2022-05-17T00:50:19Z,"Jenkins HttpOnly flag not Set for session cookies","org.jenkins-ci.main:jenkins-core",0,1.586,MODERATE, -CVE-2014-9970,2022-05-14T03:44:52Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt",org.jasypt:jasypt,0,1.9.2,HIGH,CWE-200 -CVE-2015-0201,2018-10-17T20:28:20Z,"Moderate severity vulnerability that affects org.springframework:spring-core","org.springframework:spring-core",4.1.0,4.1.5,MODERATE, -CVE-2015-0225,2022-05-14T02:49:56Z,"Improper Neutralization of Special Elements used in a Command in Apache Cassandra","org.apache.cassandra:apache-cassandra",1.2.0,2.0.14,HIGH,CWE-77 -CVE-2015-0225,2022-05-14T02:49:56Z,"Improper Neutralization of Special Elements used in a Command in Apache Cassandra","org.apache.cassandra:apache-cassandra",2.1.0,2.1.4,HIGH,CWE-77 -CVE-2015-0226,2022-05-14T00:55:57Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J","org.apache.ws.security:wss4j",0,1.6.17,HIGH,CWE-327 -CVE-2015-0226,2022-05-14T00:55:57Z,"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J","org.apache.wss4j:wss4j-ws-security-dom",2.0.0,2.02,HIGH,CWE-327 -CVE-2015-0227,2022-05-14T02:57:28Z,"Improper Access Control in Apache WSS4J","org.apache.ws.security:wss4j",0,1.6.17,MODERATE,CWE-284 -CVE-2015-0227,2022-05-14T02:57:28Z,"Improper Access Control in Apache WSS4J","org.apache.ws.security:wss4j",2.0.0,2.02,MODERATE,CWE-284 -CVE-2015-0250,2022-05-17T00:28:34Z,"Improper Input Validation in Apache Batik","org.apache.xmlgraphics:batik",1.0,1.8,MODERATE,CWE-20 -CVE-2015-0254,2020-09-14T18:44:01Z,"XXE in Apache Standard Taglibs","org.apache.taglibs:taglibs-standard",0,1.2.3,HIGH,CWE-611 -CVE-2015-0254,2020-09-14T18:44:01Z,"XXE in Apache Standard Taglibs","org.apache.taglibs:taglibs-standard-impl",0,1.2.3,HIGH,CWE-611 -CVE-2015-0263,2018-10-16T23:08:43Z,"Apache Camel XML External Entity vulnerability","org.apache.camel:camel-core",0,2.13.4,MODERATE,CWE-611 -CVE-2015-0263,2018-10-16T23:08:43Z,"Apache Camel XML External Entity vulnerability","org.apache.camel:camel-core",2.14.0,2.14.2,MODERATE,CWE-611 -CVE-2015-0264,2018-10-16T23:09:15Z,"Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object","org.apache.camel:camel-core",0,2.13.4,MODERATE, -CVE-2015-0264,2018-10-16T23:09:15Z,"Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object","org.apache.camel:camel-core",2.14.0,2.14.2,MODERATE, -CVE-2015-0886,2022-05-13T01:05:53Z,"Integer Overflow or Wraparound in JBCrypt",org.mindrot:jbcrypt,0,0.4,MODERATE,CWE-190 -CVE-2015-0899,2022-05-14T03:15:11Z,"Improper Input Validation in Apache Struts","org.apache.struts:struts-core",1.1,,HIGH,CWE-20 -CVE-2015-1427,2022-05-14T02:49:44Z,"Improper Access Control in Elasticsearch","org.elasticsearch:elasticsearch",0,1.3.8,HIGH,CWE-284 -CVE-2015-1427,2022-05-14T02:49:44Z,"Improper Access Control in Elasticsearch","org.elasticsearch:elasticsearch",1.4.0,1.4.3,HIGH,CWE-284 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",1.0.0,1.0.1,HIGH,CWE-287 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",1.1.0,1.1.1,HIGH,CWE-287 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",1.0.0,1.0.1,HIGH,CWE-287 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",1.1.0,1.1.1,HIGH,CWE-287 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,1.0.0,1.0.1,HIGH,CWE-287 -CVE-2015-1772,2019-03-14T15:40:44Z,"Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,1.1.0,1.1.1,HIGH,CWE-287 -CVE-2015-1775,2022-05-17T04:03:11Z,"Apache Ambari SSRF Vulnerability",org.apache.ambari:ambari,1.5.0,2.1.0,MODERATE,CWE-918 -CVE-2015-1776,2022-05-17T03:44:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop","org.apache.hadoop:hadoop-common",2.6.0,2.6.5,MODERATE,CWE-200 -CVE-2015-1796,2022-05-17T03:38:17Z,"Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML","edu.internet2.middleware:shibboleth-identityprovider",0,2.4.4,MODERATE,CWE-295 -CVE-2015-1796,2022-05-17T03:38:17Z,"Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML",org.opensaml:opensaml,0,2.6.5,MODERATE,CWE-295 -CVE-2015-1809,2022-05-24T17:06:12Z,"XML external entity (XXE) vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,1.596.1,HIGH,CWE-611 -CVE-2015-1809,2022-05-24T17:06:12Z,"XML external entity (XXE) vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",1.597,1.600,HIGH,CWE-611 -CVE-2015-1811,2022-05-24T17:06:12Z,"XML external entity (XXE) vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,1.596.1,HIGH, -CVE-2015-1811,2022-05-24T17:06:12Z,"XML external entity (XXE) vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",1.597,1.600,HIGH, -CVE-2015-1812,2022-05-17T03:53:16Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",0,1.596.2,MODERATE,CWE-79 -CVE-2015-1812,2022-05-17T03:53:16Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",1.600,1.606,MODERATE,CWE-79 -CVE-2015-1830,2022-05-14T01:14:51Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.11.2,MODERATE,CWE-22 -CVE-2015-1831,2022-05-17T00:50:08Z,"Incomplete exclude pattern in Apache Struts","org.apache.struts.xwork:xwork-core",2.0.0,2.3.20.1,HIGH, -CVE-2015-1831,2022-05-17T00:50:08Z,"Incomplete exclude pattern in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.20.1,HIGH, -CVE-2015-1832,2022-05-13T01:14:26Z,"Improper Restriction of XML External Entity Reference in Apace Derby",org.apache.derby:derby,0,10.12.1.1,CRITICAL,CWE-611 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",0,2.0.6,MODERATE,CWE-20 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",2.10.0,2.10.1,MODERATE,CWE-20 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",2.2.0,2.2.14,MODERATE,CWE-20 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",2.4.0,2.4.6,MODERATE,CWE-20 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",2.6.0,2.6.6,MODERATE,CWE-20 -CVE-2015-1833,2022-05-14T02:49:30Z,"Improper Input Validation in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-core",2.8.0,2.8.1,MODERATE,CWE-20 -CVE-2015-1836,2018-10-18T18:04:50Z,"High severity vulnerability that affects org.apache.hbase:hbase",org.apache.hbase:hbase,0.98,0.98.12.1,HIGH,CWE-284 -CVE-2015-1836,2018-10-18T18:04:50Z,"High severity vulnerability that affects org.apache.hbase:hbase",org.apache.hbase:hbase,1.0.0,1.0.1.1,HIGH,CWE-284 -CVE-2015-1836,2018-10-18T18:04:50Z,"High severity vulnerability that affects org.apache.hbase:hbase",org.apache.hbase:hbase,1.1.0,1.1.0.1,HIGH,CWE-284 -CVE-2015-2080,2018-11-09T17:50:00Z,"Jetty vulnerable to exposure of sensitive information to unauthenticated remote users","org.eclipse.jetty:jetty-server",0,9.2.9.v20150224,HIGH,CWE-200 -CVE-2015-2156,2020-06-30T21:01:21Z,"Information Exposure in Netty",io.netty:netty,0,3.9.8.Final,HIGH,CWE-20 -CVE-2015-2156,2020-06-30T21:01:21Z,"Information Exposure in Netty",io.netty:netty,3.10.0,3.10.3.Final,HIGH,CWE-20 -CVE-2015-2156,2020-06-30T21:01:21Z,"Information Exposure in Netty",io.netty:netty-parent,4.0.0,4.0.28.Final,HIGH,CWE-20 -CVE-2015-2156,2020-06-30T21:01:21Z,"Information Exposure in Netty",org.jboss.netty:netty,0,3.9.8.Final,HIGH,CWE-20 -CVE-2015-2156,2020-06-30T21:01:21Z,"Information Exposure in Netty",org.jboss.netty:netty,3.10.0,3.10.3.Final,HIGH,CWE-20 -CVE-2015-2575,2022-05-17T00:25:07Z,"Improper Access Control in MySQL Connectors Java","mysql:mysql-connector-java",0,5.1.35,MODERATE,CWE-284 -CVE-2015-2912,2018-10-18T17:41:13Z,"OrientDB-Server vulnerable to Cross-Site Request Forgery","com.orientechnologies:orientdb-studio",0,2.0.15,HIGH,CWE-352 -CVE-2015-2912,2018-10-18T17:41:13Z,"OrientDB-Server vulnerable to Cross-Site Request Forgery","com.orientechnologies:orientdb-studio",2.1.0,2.1.1,HIGH,CWE-352 -CVE-2015-2913,2018-10-18T17:41:27Z,"OrientDB Server Community Edition uses insufficiently random values to generate session IDs","com.orientechnologies:orientdb-server",0,2.0.15,MODERATE,CWE-330 -CVE-2015-2913,2018-10-18T17:41:27Z,"OrientDB Server Community Edition uses insufficiently random values to generate session IDs","com.orientechnologies:orientdb-server",2.1.0,2.1.1,MODERATE,CWE-330 -CVE-2015-2918,2018-10-18T17:41:40Z,"OrientDB Studio web management interface is vulnerable to clickjacking attacks","com.orientechnologies:orientdb-studio",0,2.0.15,MODERATE,CWE-20 -CVE-2015-2918,2018-10-18T17:41:40Z,"OrientDB Studio web management interface is vulnerable to clickjacking attacks","com.orientechnologies:orientdb-studio",2.1.0,2.1.1,MODERATE,CWE-20 -CVE-2015-2944,2022-05-13T01:10:58Z,"Improper Neutralization of Input During Web Page Generation in Apache Sling","org.apache.sling:org.apache.sling.api",0,2.2.2,MODERATE,CWE-79 -CVE-2015-2944,2022-05-13T01:10:58Z,"Improper Neutralization of Input During Web Page Generation in Apache Sling","org.apache.sling:org.apache.sling.servlets.post",0,2.1.2,MODERATE,CWE-79 -CVE-2015-2992,2022-05-24T17:09:44Z,"Cross-site Scripting in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,MODERATE,CWE-79 -CVE-2015-3158,2022-05-17T04:09:07Z,"PicketLink does not properly check role based authorization","org.picketlink:picketlink-tomcat-common",0,2.7.1.Final,MODERATE, -CVE-2015-3188,2022-05-14T02:48:54Z,"Apache Storm remote code execution vulnerability",org.apache.storm:storm,0.10.0-beta,0.10.0-beta1,CRITICAL, -CVE-2015-3189,2022-05-13T01:07:02Z,"Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password","org.cloudfoundry.identity:cloudfoundry-identity-server",0,2.2.5,LOW,CWE-640 -CVE-2015-3192,2018-10-17T20:29:12Z,"Pivotal Spring Framework DoS Attack with XML Input","org.springframework:spring-web",0,3.2.14,MODERATE,CWE-119 -CVE-2015-3192,2018-10-17T20:29:12Z,"Pivotal Spring Framework DoS Attack with XML Input","org.springframework:spring-web",4.0.0,4.1.7,MODERATE,CWE-119 -CVE-2015-3192,2018-10-17T20:29:12Z,"Pivotal Spring Framework DoS Attack with XML Input","org.springframework:spring-web",5.0.0.RC2,5.0.0.RC3,MODERATE,CWE-119 -CVE-2015-3198,2022-05-17T02:19:49Z,"The Undertow module of WildFly allows source code disclosure","org.wildfly:wildfly-parent",8.1.0.Final,9.0.0.CR2,HIGH,CWE-200 -CVE-2015-3208,2022-05-14T02:21:03Z,"Improper Restriction of XML External Entity Reference in Apache ActiveMQ","org.apache.activemq:activemq-client",0,2.23.1,CRITICAL,CWE-611 -CVE-2015-3250,2022-05-17T00:51:52Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API","org.apache.directory.api:api-ldap-model",0,1.0.0-M31,HIGH,CWE-200 -CVE-2015-3253,2022-05-13T01:25:41Z,"Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy","org.codehaus.groovy:groovy",1.7.0,2.4.4,CRITICAL,CWE-74 -CVE-2015-3253,2022-05-13T01:25:41Z,"Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy","org.codehaus.groovy:groovy-all",1.7.0,2.4.4,CRITICAL,CWE-74 -CVE-2015-3271,2018-10-17T15:44:10Z,"Apache Tika Server exposes sensitive information","org.apache.tika:tika-server",0,1.10,MODERATE,CWE-200 -CVE-2015-3337,2022-05-17T04:12:25Z,"Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch","org.elasticsearch:elasticsearch",0,1.4.5,MODERATE,CWE-22 -CVE-2015-3337,2022-05-17T04:12:25Z,"Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch","org.elasticsearch:elasticsearch",1.5.0,1.5.2,MODERATE,CWE-22 -CVE-2015-4165,2022-05-14T02:48:29Z,"Improper Access Control in Elasticsearch","org.elasticsearch:elasticsearch",0,1.6.0,HIGH,CWE-284 -CVE-2015-5169,2022-05-14T01:57:02Z,"Cross-site Scripting in Apache Struts","org.apache.struts:struts2-core",0,2.3.20,MODERATE,CWE-79 -CVE-2015-5170,2022-05-13T01:07:00Z,"Cloud Foundry Runtime Cross-Site Request Forgery vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",0,2.5.2,HIGH,CWE-352 -CVE-2015-5171,2022-05-13T01:07:00Z,"Cloud Foundry Runtime Insufficient Session Expiration vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",0,2.5.2,CRITICAL,CWE-613 -CVE-2015-5172,2022-05-13T01:07:00Z,"Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password","org.cloudfoundry.identity:cloudfoundry-identity-server",0,2.5.2,CRITICAL,CWE-640 -CVE-2015-5174,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.45,MODERATE,CWE-22 -CVE-2015-5174,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.65,MODERATE,CWE-22 -CVE-2015-5174,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.27,MODERATE,CWE-22 -CVE-2015-5175,2018-10-18T16:57:00Z,"Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks","org.apache.cxf.fediz:fediz-core",0,1.1.3,HIGH,CWE-20 -CVE-2015-5175,2018-10-18T16:57:00Z,"Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks","org.apache.cxf.fediz:fediz-core",1.2,1.2.1,HIGH,CWE-20 -CVE-2015-5175,2018-10-18T16:57:00Z,"Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks","org.apache.cxf.fediz:fediz-idp",0,1.1.3,HIGH,CWE-20 -CVE-2015-5175,2018-10-18T16:57:00Z,"Apache CXF Fediz application plugins are vulnerable to Denial of Service (DoS) attacks","org.apache.cxf.fediz:fediz-idp",1.2,1.2.1,HIGH,CWE-20 -CVE-2015-5209,2022-05-14T03:15:08Z,"Special top object can be used to access Struts' internals","org.apache.struts:struts2-core",0,2.3.24.1,HIGH,CWE-20 -CVE-2015-5210,2022-05-17T04:03:11Z,"Apache Ambari Open Redirect",org.apache.ambari:ambari,1.7.0,2.1.2,MODERATE,CWE-601 -CVE-2015-5211,2018-10-17T20:29:33Z,"Files or Directories Accessible to External Parties in org.springframework:spring-core","org.springframework:spring-core",0,3.2.15,HIGH,CWE-20;CWE-552 -CVE-2015-5211,2018-10-17T20:29:33Z,"Files or Directories Accessible to External Parties in org.springframework:spring-core","org.springframework:spring-core",4.0.0,4.1.8,HIGH,CWE-20;CWE-552 -CVE-2015-5211,2018-10-17T20:29:33Z,"Files or Directories Accessible to External Parties in org.springframework:spring-core","org.springframework:spring-core",4.2.0,4.2.2,HIGH,CWE-20;CWE-552 -CVE-2015-5237,2022-05-13T01:06:54Z,"protobuf susceptible to buffer overflow","com.google.protobuf:protobuf-parent",0,3.4.0,HIGH,CWE-787 -CVE-2015-5241,2018-10-16T19:49:32Z,"Moderate severity vulnerability that affects org.apache.juddi:juddi-client","org.apache.juddi:juddi-client",3.1.2,3.2.0,MODERATE,CWE-601 -CVE-2015-5253,2022-05-13T01:09:20Z,"Improper Access Control in Apache CXF","org.apache.cxf:cxf-rt-rs-security-sso-saml",0,2.7.18,MODERATE,CWE-284 -CVE-2015-5253,2022-05-13T01:09:20Z,"Improper Access Control in Apache CXF","org.apache.cxf:cxf-rt-rs-security-sso-saml",3.0.0,3.0.7,MODERATE,CWE-284 -CVE-2015-5253,2022-05-13T01:09:20Z,"Improper Access Control in Apache CXF","org.apache.cxf:cxf-rt-rs-security-sso-saml",3.1.0,3.1.3,MODERATE,CWE-284 -CVE-2015-5254,2022-05-13T01:30:05Z,"Improper Input Validation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.11.3,CRITICAL,CWE-20 -CVE-2015-5254,2022-05-13T01:30:05Z,"Improper Input Validation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.12.0,5.12.2,CRITICAL,CWE-20 -CVE-2015-5258,2022-05-13T01:09:35Z,"springframework-social Cross-Site Request Forgery vulnerability","org.springframework.social:spring-social-core",0,1.1.3.RELEASE,HIGH,CWE-352 -CVE-2015-5262,2018-10-17T00:05:29Z,"Denial of service vulnerability in org.apache.httpcomponents:httpclient","org.apache.httpcomponents:httpclient",0,4.3.6,MODERATE, -CVE-2015-5298,2022-07-08T00:00:43Z,"Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification","org.jenkins-ci.plugins:google-login",1.0,1.2,MODERATE,CWE-287 -CVE-2015-5344,2018-10-16T23:10:23Z,"Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands ","org.apache.camel:camel-xstream",0,2.15.5,CRITICAL, -CVE-2015-5344,2018-10-16T23:10:23Z,"Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands ","org.apache.camel:camel-xstream",2.16.0,2.16.1,CRITICAL, -CVE-2015-5345,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.45,MODERATE,CWE-22 -CVE-2015-5345,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.68,MODERATE,CWE-22 -CVE-2015-5345,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.30,MODERATE,CWE-22 -CVE-2015-5345,2022-05-14T01:10:16Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M2,MODERATE,CWE-22 -CVE-2015-5346,2022-05-14T03:13:01Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.66,HIGH,CWE-79 -CVE-2015-5346,2022-05-14T03:13:01Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.31,HIGH,CWE-79 -CVE-2015-5346,2022-05-14T03:13:01Z,"Improper Neutralization of Input During Web Page Generation in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M2,HIGH,CWE-79 -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-ahc",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-ahc",2.16.0,2.16.1,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http",2.16.0,2.16.1,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http-common",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http-common",2.16.0,2.16.1,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http4",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-http4",2.16.0,2.16.1,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-jetty",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-jetty",2.16.0,2.16.1,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-servlet",0,2.15.5,HIGH, -CVE-2015-5348,2018-10-16T23:12:20Z,"Apache Camel can allow remote attackers to execute arbitrary commands","org.apache.camel:camel-servlet",2.16.0,2.16.1,HIGH, -CVE-2015-5349,2022-05-13T01:07:08Z,"Apache Directory Studio Command Injection","org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core",0,2.0.0.v20151221-M10,HIGH,CWE-77 -CVE-2015-5351,2022-05-14T03:13:01Z,"Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token",org.apache.tomcat:tomcat,0,7.0.68,HIGH,CWE-352 -CVE-2015-5351,2022-05-14T03:13:01Z,"Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token",org.apache.tomcat:tomcat,8.0.0,8.0.31,HIGH,CWE-352 -CVE-2015-5351,2022-05-14T03:13:01Z,"Apache Tomcat allows remote attackers to bypass a CSRF protection mechanism by using a token",org.apache.tomcat:tomcat,9.0.0.M0,9.0.0.M2,HIGH,CWE-352 -CVE-2015-5531,2022-05-14T02:48:01Z,"Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch","org.elasticsearch:elasticsearch",0,1.6.1,MODERATE,CWE-22 -CVE-2015-6420,2020-06-15T20:36:20Z,"Insecure Deserialization in Apache Commons Collection","commons-collections:commons-collections",0,3.2.2,HIGH,CWE-502 -CVE-2015-6420,2020-06-15T20:36:20Z,"Insecure Deserialization in Apache Commons Collection","net.sourceforge.collections:collections-generic",0,,HIGH,CWE-502 -CVE-2015-6420,2020-06-15T20:36:20Z,"Insecure Deserialization in Apache Commons Collection","org.apache.commons:commons-collections4",0,4.1,HIGH,CWE-502 -CVE-2015-6420,2020-06-15T20:36:20Z,"Insecure Deserialization in Apache Commons Collection","org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic",0,,HIGH,CWE-502 -CVE-2015-6420,2020-06-15T20:36:20Z,"Insecure Deserialization in Apache Commons Collection","org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections",0,,HIGH,CWE-502 -CVE-2015-6524,2022-05-17T03:22:06Z,"Improper Input Validation in Apache ActiveMQ","org.apache.activemq:activemq-broker",5.0.0,5.10.2,MODERATE,CWE-20 -CVE-2015-6524,2022-05-17T03:22:06Z,"Improper Input Validation in Apache ActiveMQ","org.apache.activemq:activemq-jaas",5.0.0,5.10.2,MODERATE,CWE-20 -CVE-2015-6748,2022-05-13T01:28:44Z,"Improper Neutralization of Input During Web Page Generation in Jsoup",org.jsoup:jsoup,1.6.0,1.8.3,MODERATE,CWE-79 -CVE-2015-7501,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Apache commons collections","commons-collections:commons-collections",0,3.2.2,CRITICAL,CWE-502 -CVE-2015-7501,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Apache commons collections","org.apache.commons:commons-collections4",0,4.1,CRITICAL,CWE-502 -CVE-2015-7501,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Apache commons collections","org.apache.servicemix.bundles:org.apache.servicemix.bundles.collections-generic",4.01,,CRITICAL,CWE-502 -CVE-2015-7501,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Apache commons collections","org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-collections",3.2.1,,CRITICAL,CWE-502 -CVE-2015-7521,2018-11-21T22:23:49Z,"High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",1.0.0,1.2.2,HIGH,CWE-287 -CVE-2015-7521,2018-11-21T22:23:49Z,"High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",1.0.0,1.2.2,HIGH,CWE-287 -CVE-2015-7521,2018-11-21T22:23:49Z,"High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,1.0.0,1.2.2,HIGH,CWE-287 -CVE-2015-7536,2022-05-17T03:53:41Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,1.625.2,MODERATE,CWE-79 -CVE-2015-7536,2022-05-17T03:53:41Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",1.626,1.640,MODERATE,CWE-79 -CVE-2015-7559,2019-08-01T19:17:45Z,"Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ","org.apache.activemq:activemq-client",0,5.14.5,MODERATE,CWE-20;CWE-306 -CVE-2015-7611,2022-05-14T02:47:30Z,"Apache James Server OS Command Injection","org.apache.james:james-server",0,2.3.2.1,HIGH,CWE-78 -CVE-2015-7940,2018-10-17T16:27:50Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk14",0,1.51,MODERATE,CWE-200 -CVE-2015-7940,2018-10-17T16:27:50Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk15",0,1.51,MODERATE,CWE-200 -CVE-2015-8031,2022-07-15T18:12:47Z,"Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2","org.jvnet.hudson.main:hudson-core",0,3.3.2,CRITICAL,CWE-611 -CVE-2015-8103,2022-05-13T01:30:07Z,"Jenkins CLI Deserialization of Untrusted Data vulnerability",org.jenkins-ci.main:cli,0,1.625.2,CRITICAL,CWE-502 -CVE-2015-8103,2022-05-13T01:30:07Z,"Jenkins CLI Deserialization of Untrusted Data vulnerability",org.jenkins-ci.main:cli,1.626,1.638,CRITICAL,CWE-502 -CVE-2015-8795,2022-05-17T03:59:03Z,"Improper Neutralization of Input During Web Page Generation in Apache Solr","org.apache.solr:solr-core",0,5.1.0,MODERATE,CWE-79 -CVE-2015-8796,2022-05-17T02:24:43Z,"Apache Solr Cross-site scripting Vulnerability",org.apache.solr:solr,0,5.3,MODERATE,CWE-79 -CVE-2015-8797,2022-05-17T03:58:49Z,"Improper Neutralization of Input During Web Page Generation in Apache Solr","org.apache.solr:solr-core",0,5.3.1,MODERATE,CWE-79 -CVE-2015-9251,2018-01-22T13:32:06Z,"Cross-Site Scripting (XSS) in jquery",org.webjars.npm:jquery,0,1.12.2,MODERATE,CWE-79 -CVE-2015-9251,2018-01-22T13:32:06Z,"Cross-Site Scripting (XSS) in jquery",org.webjars.npm:jquery,1.12.3,3.0.0,MODERATE,CWE-79 -CVE-2016-0706,2022-05-14T01:10:17Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.45,MODERATE,CWE-200 -CVE-2016-0706,2022-05-14T01:10:17Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.31,MODERATE,CWE-200 -CVE-2016-0706,2022-05-14T01:10:17Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M2,MODERATE,CWE-200 -CVE-2016-0709,2022-05-17T03:56:49Z,"Path Traversal in Apache Jetspeed","org.apache.portals.jetspeed-2:jetspeed",0,2.3.1,HIGH,CWE-22 -CVE-2016-0712,2022-05-17T03:56:48Z,"Cross-site Scripting in Apache Jetspeed","org.apache.portals.jetspeed-2:jetspeed",0,2.3.1,MODERATE,CWE-79 -CVE-2016-0714,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.46,HIGH,CWE-284 -CVE-2016-0714,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.70,HIGH,CWE-284 -CVE-2016-0714,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.32,HIGH,CWE-284 -CVE-2016-0714,2022-05-14T01:10:17Z,"Improper Access Control in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M2,HIGH,CWE-284 -CVE-2016-0733,2018-10-17T17:21:11Z,"The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password",org.apache.ranger:ranger,0,0.5.1,CRITICAL,CWE-287 -CVE-2016-0734,2022-05-14T01:14:51Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.13.2,MODERATE,CWE-79 -CVE-2016-0735,2022-05-17T03:56:54Z,"Apache Ranger Access Restriction Bypass",org.apache.ranger:ranger,0.5.0,0.5.2,HIGH, -CVE-2016-0762,2022-05-13T01:02:15Z,"Observable Discrepancy in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.46,MODERATE,CWE-203 -CVE-2016-0762,2022-05-13T01:02:15Z,"Observable Discrepancy in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.72,MODERATE,CWE-203 -CVE-2016-0762,2022-05-13T01:02:15Z,"Observable Discrepancy in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.37,MODERATE,CWE-203 -CVE-2016-0762,2022-05-13T01:02:15Z,"Observable Discrepancy in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.5,MODERATE,CWE-203 -CVE-2016-0762,2022-05-13T01:02:15Z,"Observable Discrepancy in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0M1,9.0.0.M10,MODERATE,CWE-203 -CVE-2016-0763,2022-05-14T01:18:35Z,"Improper Verification of Source of a Communication Channel in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.68,MODERATE,CWE-940 -CVE-2016-0763,2022-05-14T01:18:35Z,"Improper Verification of Source of a Communication Channel in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.32,MODERATE,CWE-940 -CVE-2016-0763,2022-05-14T01:18:35Z,"Improper Verification of Source of a Communication Channel in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0M1,9.0.0.M3,MODERATE,CWE-940 -CVE-2016-0767,2022-05-13T01:06:11Z,"PostgreSQL PL/Java Improper Privilege Management",postgresql:pljava-public,0,1.5.0,MODERATE,CWE-269 -CVE-2016-0782,2022-05-14T01:14:51Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.11.4,MODERATE,CWE-79 -CVE-2016-0782,2022-05-14T01:14:51Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.12.0,5.12.3,MODERATE,CWE-79 -CVE-2016-0782,2022-05-14T01:14:51Z,"Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.13.0,5.13.2,MODERATE,CWE-79 -CVE-2016-0785,2022-05-14T00:52:12Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-core",2.0.0,2.3.20.3,HIGH,CWE-20 -CVE-2016-0785,2022-05-14T00:52:12Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-core",2.3.24,2.3.24.3,HIGH,CWE-20 -CVE-2016-0790,2022-05-14T03:58:16Z,"Exposure of Sensitive Information in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,1.650,MODERATE,CWE-200 -CVE-2016-0791,2022-05-14T03:58:15Z,"Exposure of Sensitive Information in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,1.650,CRITICAL,CWE-200 -CVE-2016-0956,2022-05-14T02:47:05Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Sling Servlets Post","org.apache.sling:org.apache.sling.servlets.post",0,2.3.8,HIGH,CWE-200 -CVE-2016-1000027,2022-05-24T17:05:30Z,"Pivotal Spring Framework contains unsafe Java deserialization methods","org.springframework:spring-web",0,6.0.0,CRITICAL,CWE-502 -CVE-2016-1000031,2018-12-21T17:51:51Z,"Improper Access Control in commons-fileupload","commons-fileupload:commons-fileupload",0,1.3.3,CRITICAL,CWE-284 -CVE-2016-1000273,2022-07-20T01:36:35Z,"Java Melody vulnerable to cross-site scripting","net.bull.javamelody:javamelody-core",0,1.61.0,CRITICAL,CWE-79 -CVE-2016-1000338,2018-10-17T16:23:26Z,"In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate","org.bouncycastle:bcprov-jdk14",1.38,1.56,HIGH,CWE-347 -CVE-2016-1000338,2018-10-17T16:23:26Z,"In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate","org.bouncycastle:bcprov-jdk15",1.38,1.56,HIGH,CWE-347 -CVE-2016-1000339,2018-10-17T16:23:38Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk14",0,1.56,MODERATE, -CVE-2016-1000339,2018-10-17T16:23:38Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk15",0,1.56,MODERATE, -CVE-2016-1000340,2018-10-17T16:23:50Z,"The Bouncy Castle JCE Provider carry a propagation bug","org.bouncycastle:bcprov-jdk14",1.51,1.56,HIGH, -CVE-2016-1000340,2018-10-17T16:23:50Z,"The Bouncy Castle JCE Provider carry a propagation bug","org.bouncycastle:bcprov-jdk15",1.51,1.56,HIGH, -CVE-2016-1000341,2018-10-17T16:24:00Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk14",0,1.56,MODERATE, -CVE-2016-1000341,2018-10-17T16:24:00Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk15",0,1.56,MODERATE, -CVE-2016-1000342,2018-10-17T16:24:12Z,"In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification","org.bouncycastle:bcprov-jdk14",0,1.56,HIGH,CWE-347 -CVE-2016-1000342,2018-10-17T16:24:12Z,"In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification","org.bouncycastle:bcprov-jdk15",0,1.56,HIGH,CWE-347 -CVE-2016-1000343,2018-10-17T16:24:22Z,"In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values","org.bouncycastle:bcprov-jdk14",0,1.56,HIGH, -CVE-2016-1000343,2018-10-17T16:24:22Z,"In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values","org.bouncycastle:bcprov-jdk15",0,1.56,HIGH, -CVE-2016-1000344,2018-10-18T17:43:55Z,"In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode","org.bouncycastle:bcprov-jdk14",0,1.56,HIGH,CWE-1310 -CVE-2016-1000344,2018-10-18T17:43:55Z,"In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode","org.bouncycastle:bcprov-jdk15",0,1.56,HIGH,CWE-1310 -CVE-2016-1000345,2018-10-18T18:04:13Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk14",0,1.56,MODERATE, -CVE-2016-1000345,2018-10-18T18:04:13Z,"Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15","org.bouncycastle:bcprov-jdk15",0,1.56,MODERATE, -CVE-2016-1000346,2018-10-17T16:27:28Z,"In Bouncy Castle JCE Provider the other party DH public key is not fully validated","org.bouncycastle:bcprov-jdk14",0,1.56,LOW, -CVE-2016-1000346,2018-10-17T16:27:28Z,"In Bouncy Castle JCE Provider the other party DH public key is not fully validated","org.bouncycastle:bcprov-jdk15",0,1.56,LOW, -CVE-2016-1000352,2018-10-17T16:27:38Z,"In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode","org.bouncycastle:bcprov-jdk14",0,1.56,HIGH,CWE-326 -CVE-2016-1000352,2018-10-17T16:27:38Z,"In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode","org.bouncycastle:bcprov-jdk15",0,1.56,HIGH,CWE-326 -CVE-2016-10006,2018-10-18T17:21:47Z,"Moderate severity vulnerability that affects org.owasp.antisamy:antisamy","org.owasp.antisamy:antisamy",0,1.5.5,MODERATE,CWE-79 -CVE-2016-10707,2018-01-22T13:32:42Z,"Denial of Service in jquery",org.webjars.npm:jquery,3.0.0-rc.1,3.0.0,HIGH,CWE-400;CWE-674 -CVE-2016-10726,2018-10-19T16:52:06Z,"High severity vulnerability that affects org.dspace:dspace-xmlui",org.dspace:dspace-xmlui,0,3.6,HIGH,CWE-22 -CVE-2016-10726,2018-10-19T16:52:06Z,"High severity vulnerability that affects org.dspace:dspace-xmlui",org.dspace:dspace-xmlui,4.0,4.5,HIGH,CWE-22 -CVE-2016-10726,2018-10-19T16:52:06Z,"High severity vulnerability that affects org.dspace:dspace-xmlui",org.dspace:dspace-xmlui,5.0,5.5,HIGH,CWE-22 -CVE-2016-10735,2019-01-17T13:57:27Z,"Bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,2.0.4,3.4.0,MODERATE,CWE-79 -CVE-2016-10735,2019-01-17T13:57:27Z,"Bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,4.0.0-beta,4.0.0-beta.2,MODERATE,CWE-79 -CVE-2016-10750,2022-05-24T16:46:09Z,"Deserialization of Untrusted Data in Hazelcast",com.hazelcast:hazelcast,0,3.11,HIGH,CWE-502 -CVE-2016-11023,2021-05-07T15:52:56Z,"SQL Injection in odata4j","org.odata4j:odata4j-parent",0,,CRITICAL,CWE-89 -CVE-2016-11023,2021-05-07T15:52:56Z,"SQL Injection in odata4j",org.odata4j:odata4j-core,0,,CRITICAL,CWE-89 -CVE-2016-11023,2021-05-07T15:52:56Z,"SQL Injection in odata4j",org.odata4j:odata4j-dist,0,,CRITICAL,CWE-89 -CVE-2016-11024,2021-05-07T15:52:41Z,"SQL Injection in odata4j","org.odata4j:odata4j-parent",0,,CRITICAL,CWE-89 -CVE-2016-11024,2021-05-07T15:52:41Z,"SQL Injection in odata4j",org.odata4j:odata4j-core,0,,CRITICAL,CWE-89 -CVE-2016-11024,2021-05-07T15:52:41Z,"SQL Injection in odata4j",org.odata4j:odata4j-dist,0,,CRITICAL,CWE-89 -CVE-2016-1181,2022-05-13T01:25:20Z,"Improper Input Validation in Apache Struts","org.apache.struts:struts-core",0,,HIGH,CWE-20 -CVE-2016-1182,2022-05-13T01:25:19Z,"Improper Input Validation in Apache Struts","org.apache.struts:struts-core",0,,HIGH,CWE-20 -CVE-2016-15011,2023-01-06T12:31:34Z,"dssp vulnerable to Improper Restriction of XML External Entity Reference","be.e_contract.dssp:dssp-client",0,1.3.2,CRITICAL,CWE-611 -CVE-2016-15026,2023-02-20T12:30:18Z,"dd-plist XML External Entitly vulnerability","com.googlecode.plist:dd-plist",0,1.18,HIGH,CWE-611 -CVE-2016-2141,2022-05-13T01:03:31Z,"Improper Input Validation in JGroups",org.jgroups:jgroups,0,3.2.16.Final,CRITICAL,CWE-20 -CVE-2016-2141,2022-05-13T01:03:31Z,"Improper Input Validation in JGroups",org.jgroups:jgroups,3.3.0.Alpha1,3.6.10.Final,CRITICAL,CWE-20 -CVE-2016-2162,2022-05-17T03:42:59Z,"Apache Struts XSS Vulnerability","org.apache.struts:struts2-core",2.0.0,2.3.28,MODERATE,CWE-79 -CVE-2016-2163,2022-05-14T02:46:39Z,"Apache OpenMeetings Cross-site Scripting vulnerability","org.apache.openmeetings:openmeetings-parent",0,3.1.1,MODERATE,CWE-79 -CVE-2016-2164,2022-05-14T02:46:39Z,"Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file","org.apache.openmeetings:openmeetings-parent",0,3.1.1,HIGH,CWE-200 -CVE-2016-2166,2018-10-16T19:50:27Z,"Moderate severity vulnerability that affects org.apache.qpid:proton-j",org.apache.qpid:proton-j,0,0.12.1,MODERATE,CWE-200 -CVE-2016-2173,2022-05-13T01:26:13Z,"Improper Input Validation in Spring AMQP","org.springframework.amqp:spring-amqp",0,1.5.5,CRITICAL,CWE-20 -CVE-2016-2174,2018-10-17T17:21:29Z,"SQL injection vulnerability in the policy admin tool in Apache Ranger",org.apache.ranger:ranger,0,0.5.3,HIGH,CWE-89 -CVE-2016-2175,2018-10-17T18:22:15Z,"High severity vulnerability that affects org.apache.pdfbox:pdfbox",org.apache.pdfbox:pdfbox,0,1.8.12,HIGH,CWE-611 -CVE-2016-2175,2018-10-17T18:22:15Z,"High severity vulnerability that affects org.apache.pdfbox:pdfbox",org.apache.pdfbox:pdfbox,2.0.0,2.0.1,HIGH,CWE-611 -CVE-2016-2402,2022-05-13T01:11:51Z,"Improper Certificate Validation in OkHttp","com.squareup.okhttp3:okhttp",0,2.7.4,MODERATE,CWE-295 -CVE-2016-2402,2022-05-13T01:11:51Z,"Improper Certificate Validation in OkHttp","com.squareup.okhttp3:okhttp",3.0.0,3.1.2,MODERATE,CWE-295 -CVE-2016-2510,2022-05-13T01:14:25Z,"Improper Input Validation in BeanShell","org.apache-extras.beanshell:bsh",0,2.0b6,HIGH,CWE-20 -CVE-2016-3081,2022-05-14T00:54:14Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-core",2.3.19,2.3.20.3,HIGH,CWE-77 -CVE-2016-3081,2022-05-14T00:54:14Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-core",2.3.21,2.3.24.3,HIGH,CWE-77 -CVE-2016-3081,2022-05-14T00:54:14Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-core",2.3.25,2.3.28.1,HIGH,CWE-77 -CVE-2016-3082,2022-05-17T03:42:18Z,"Remote Code Execution in Apache Struts","org.apache.struts:struts2-core",0,2.3.20.3,CRITICAL,CWE-20 -CVE-2016-3082,2022-05-17T03:42:18Z,"Remote Code Execution in Apache Struts","org.apache.struts:struts2-core",2.3.24,2.3.24.3,CRITICAL,CWE-20 -CVE-2016-3082,2022-05-17T03:42:18Z,"Remote Code Execution in Apache Struts","org.apache.struts:struts2-core",2.3.28,2.3.28.1,CRITICAL,CWE-20 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ","org.apache.hive:hive-exec",0,1.2.2,HIGH,CWE-295 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ","org.apache.hive:hive-exec",2.0.0,2.0.1,HIGH,CWE-295 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ","org.apache.hive:hive-service",0,1.2.2,HIGH,CWE-295 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ","org.apache.hive:hive-service",2.0.0,2.0.1,HIGH,CWE-295 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ",org.apache.hive:hive,0,1.2.2,HIGH,CWE-295 -CVE-2016-3083,2019-03-14T15:40:32Z,"org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation ",org.apache.hive:hive,2.0.0,2.0.1,HIGH,CWE-295 -CVE-2016-3084,2022-05-13T01:07:24Z,"Cloud Foundry UAA reset password vulnerable to brute force attack","org.cloudfoundry.identity:cloudfoundry-identity-server",0,3.3.0.1,HIGH, -CVE-2016-3086,2022-05-17T01:08:00Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop","org.apache.hadoop:hadoop-yarn-server-nodemanager",2.6.0,2.6.5,CRITICAL,CWE-200 -CVE-2016-3086,2022-05-17T01:08:00Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop","org.apache.hadoop:hadoop-yarn-server-nodemanager",2.7.0,2.7.3,CRITICAL,CWE-200 -CVE-2016-3087,2022-05-14T00:54:14Z,"Apache Struts vulnerable to arbitrary remote code execution due to improper input validation","org.apache.struts:struts2-core",2.3.19,2.3.20.3,CRITICAL,CWE-20 -CVE-2016-3087,2022-05-14T00:54:14Z,"Apache Struts vulnerable to arbitrary remote code execution due to improper input validation","org.apache.struts:struts2-core",2.3.21,2.3.24.3,CRITICAL,CWE-20 -CVE-2016-3087,2022-05-14T00:54:14Z,"Apache Struts vulnerable to arbitrary remote code execution due to improper input validation","org.apache.struts:struts2-core",2.3.25,2.3.28.1,CRITICAL,CWE-20 -CVE-2016-3088,2022-05-14T01:14:51Z,"Improper Input Validation in Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.14.0,CRITICAL,CWE-20;CWE-434 -CVE-2016-3089,2022-05-14T02:46:33Z,"Apache OpenMeetings Cross-site Scripting vulnerability","org.apache.openmeetings:openmeetings-parent",0,3.1.2,MODERATE,CWE-79 -CVE-2016-3090,2022-05-14T03:15:07Z,"Apache Struts RCE Vulnerability","org.apache.struts:struts2-parent",2.0.0,2.3.20,HIGH,CWE-20 -CVE-2016-3092,2018-12-21T17:47:47Z,"High severity vulnerability that affects commons-fileupload:commons-fileupload","commons-fileupload:commons-fileupload",0,1.3.2,HIGH,CWE-20 -CVE-2016-3093,2022-05-17T03:42:18Z,"Denial of service in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.24.3,MODERATE,CWE-20 -CVE-2016-3093,2022-05-17T03:42:18Z,"Denial of service in Apache Struts",ognl:ognl,0,3.0.12,MODERATE,CWE-20 -CVE-2016-3094,2018-10-16T19:50:13Z,"Improper Input Validation in org.apache.qpid:qpid-broker","org.apache.qpid:qpid-broker",0,6.0.3,MODERATE,CWE-20;CWE-287 -CVE-2016-3674,2020-06-30T22:48:14Z,"XML External Entity Injection in XStream","com.thoughtworks.xstream:xstream",0,1.4.9,HIGH,CWE-200 -CVE-2016-3720,2018-10-18T17:43:16Z,"jackson-dataformat-xml vulnerable to XML external entity (XXE)","com.fasterxml.jackson.dataformat:jackson-dataformat-xml",0,2.7.4,CRITICAL,CWE-611 -CVE-2016-3722,2022-05-14T03:57:44Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.3,MODERATE,CWE-863 -CVE-2016-3723,2022-05-14T03:57:45Z,"Exposure of Sensitive Information in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.3,MODERATE,CWE-200 -CVE-2016-3725,2022-05-14T03:57:44Z,"Missing permissions check in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.3,MODERATE,CWE-280 -CVE-2016-4000,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Jython","org.python:jython-standalone",0,2.7.1,CRITICAL,CWE-502 -CVE-2016-4000,2022-05-13T01:25:20Z,"Deserialization of Untrusted Data in Jython",org.python:jython,0,2.7.1-rc1,CRITICAL,CWE-502 -CVE-2016-4003,2022-05-14T01:57:01Z,"Cross-site Scripting in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.3.28,MODERATE,CWE-79 -CVE-2016-4216,2018-10-19T16:39:29Z,"Moderate severity vulnerability that affects com.adobe.xmp:xmpcore",com.adobe.xmp:xmpcore,0,5.1.3,HIGH,CWE-611 -CVE-2016-4430,2022-05-17T00:29:27Z,"Apache Struts CSRF Vulnerability","org.apache.struts.xwork:xwork-core",2.3.20,2.3.29,HIGH,CWE-352 -CVE-2016-4431,2022-05-17T02:16:00Z,"Apache Struts Access Control Redirect","org.apache.struts:struts-parent",2.3.20,2.3.29,HIGH,CWE-20 -CVE-2016-4432,2018-10-16T19:49:48Z,"AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication","org.apache.qpid:qpid-broker-plugins-amqp-0-8-protocol",0,6.0.3,CRITICAL,CWE-287 -CVE-2016-4432,2018-10-16T19:49:48Z,"AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid Java before 6.0.3 might allow remote attackers to bypass authentication","org.apache.qpid:qpid-broker-plugins-amqp-1-0-protocol",0,6.0.3,CRITICAL,CWE-287 -CVE-2016-4433,2022-05-17T02:16:00Z,"Apache Struts Open Redirect","org.apache.struts.xwork:xwork-core",2.3.20,2.3.29,HIGH,CWE-20 -CVE-2016-4434,2018-10-17T15:44:22Z,"Apache Tika does not properly initialize the XML parser or choose handlers","org.apache.tika:tika-core",0,1.13,HIGH,CWE-611 -CVE-2016-4436,2022-05-17T02:16:00Z,"Apache Struts improper action name cleanup","org.apache.struts:struts2-core",2.0.0,2.3.29,CRITICAL, -CVE-2016-4436,2022-05-17T02:16:00Z,"Apache Struts improper action name cleanup","org.apache.struts:struts2-core",2.5-BETA1,2.5.1,CRITICAL, -CVE-2016-4437,2022-05-14T02:46:17Z,"Improper Access Control in Apache Shiro","org.apache.shiro:shiro-core",0,1.2.5,CRITICAL,CWE-284 -CVE-2016-4438,2022-05-14T00:54:13Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts:struts2-core",2.3.19,2.3.29,CRITICAL,CWE-20 -CVE-2016-4438,2022-05-14T00:54:13Z,"Arbitrary code execution in Apache Struts 2","org.apache.struts:struts2-rest-plugin",2.3.19,2.3.29,CRITICAL,CWE-20 -CVE-2016-4464,2018-10-18T16:57:10Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring",1.2.0,1.2.3,HIGH,CWE-284 -CVE-2016-4464,2018-10-18T16:57:10Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring",1.3.0,1.3.1,HIGH,CWE-284 -CVE-2016-4464,2018-10-18T16:57:10Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring2",1.2.0,1.2.3,HIGH,CWE-284 -CVE-2016-4464,2018-10-18T16:57:10Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring2",1.3.0,1.3.1,HIGH,CWE-284 -CVE-2016-4465,2022-05-17T02:16:00Z,"Apache Struts vulnerable to possible DoS attack when using URLValidator","org.apache.struts:struts2-core",2.3.20,2.3.29,MODERATE,CWE-20 -CVE-2016-4465,2022-05-17T02:16:00Z,"Apache Struts vulnerable to possible DoS attack when using URLValidator","org.apache.struts:struts2-core",2.5.0,2.5.13,MODERATE,CWE-20 -CVE-2016-4800,2018-10-19T16:16:16Z,"Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request","org.eclipse.jetty:jetty-server",9.3.0,9.3.9,CRITICAL,CWE-284 -CVE-2016-4970,2022-05-13T01:11:43Z,"Loop with Unreachable Exit Condition in Netty",io.netty:netty-handler,4.0.0.Alpha1,4.0.37.Final,HIGH,CWE-835 -CVE-2016-4970,2022-05-13T01:11:43Z,"Loop with Unreachable Exit Condition in Netty",io.netty:netty-handler,4.1.0.Beta1,4.1.1.Final,HIGH,CWE-835 -CVE-2016-4974,2022-05-14T02:46:14Z,"Improper Input Validation in Apache Qpid AMQP 0-x JMS","org.apache.qpid:qpid-jms-client",0,0.10.0,HIGH,CWE-20 -CVE-2016-4976,2022-05-17T02:52:22Z,"Apache Ambari reveals administrator passwords",org.apache.ambari:ambari,2.0.0,2.4.0,MODERATE,CWE-200 -CVE-2016-4977,2018-10-18T18:06:22Z,"Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views","org.springframework.security.oauth:spring-security-oauth2",1.0.0,1.0.5,HIGH, -CVE-2016-4977,2018-10-18T18:06:22Z,"Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views","org.springframework.security.oauth:spring-security-oauth2",2.0.0,2.0.10,HIGH, -CVE-2016-4978,2022-05-13T01:11:53Z,"Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain","org.apache.activemq:artemis-pom",0,1.4.0,HIGH,CWE-502 -CVE-2016-4988,2022-05-13T01:30:58Z,"Cross-site Scripting in Jenkins Build Failure Analyzer plugin","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,1.16.0,MODERATE,CWE-79 -CVE-2016-4993,2022-05-17T00:15:12Z,"Improper Neutralization of CRLF Sequences in Wildfly Undertow","org.wildfly:wildfly-undertow",10.0.0.Final,11.0.0.Final,MODERATE,CWE-93 -CVE-2016-5000,2022-05-13T01:14:25Z,"Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability","org.apache.poi:poi-examples",0,3.14,MODERATE,CWE-611 -CVE-2016-5001,2022-05-13T01:08:56Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop","org.apache.hadoop:hadoop-common",0,2.6.4,MODERATE,CWE-200 -CVE-2016-5001,2022-05-13T01:08:56Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop","org.apache.hadoop:hadoop-common",2.7.0,2.7.2,MODERATE,CWE-200 -CVE-2016-5002,2022-05-14T01:53:10Z,"Apache XML-RPC XXE Vulnerability",org.apache.xmlrpc:xmlrpc,0,,HIGH,CWE-611 -CVE-2016-5003,2022-05-14T01:53:10Z,"Apache XML-RPC vulnerable to Deserialization of Untrusted Data",org.apache.xmlrpc:xmlrpc,0,,CRITICAL,CWE-502 -CVE-2016-5004,2022-05-17T02:40:59Z,"ws-xmlrpc DoS Vulnerability","org.apache.xmlrpc:xmlrpc-common",0,,MODERATE,CWE-400 -CVE-2016-5005,2022-05-14T01:09:51Z,"Apache Archiva vulnerable to Cross-site Scripting","org.apache.archiva:archiva",0,2.2.1,MODERATE,CWE-79 -CVE-2016-5007,2018-10-17T20:30:12Z,"Spring Security and Spring Framework may not recognize certain paths that should be protected","org.springframework.security:spring-security-core",0,4.1.1,HIGH, -CVE-2016-5007,2018-10-17T20:30:12Z,"Spring Security and Spring Framework may not recognize certain paths that should be protected","org.springframework:spring-core",0,4.3.1,HIGH, -CVE-2016-5016,2022-05-14T01:30:57Z,"Cloud Foundry vulnerable to Improper Certificate Validation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.3.0.3,MODERATE,CWE-295 -CVE-2016-5016,2022-05-14T01:30:57Z,"Cloud Foundry vulnerable to Improper Certificate Validation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.4.0,3.4.2,MODERATE,CWE-295 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-jasper",6.0.0,6.0.47,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-jasper",7.0.0,7.0.72,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-jasper",8.0.0RC1,8.0.37,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-jasper",8.5.0,8.5.5,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-jasper",9.0.0.M1,9.0.0.M10,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat:tomcat-jasper",7.0.0,7.0.72,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat:tomcat-jasper",8.0.0RC1,8.0.37,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat:tomcat-jasper",8.5.0,8.5.5,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat","org.apache.tomcat:tomcat-jasper",9.0.0.M1,9.0.0.M10,CRITICAL,CWE-288 -CVE-2016-5018,2022-05-13T01:02:15Z,"Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat",org.apache.tomcat:jasper,6.0.0,6.0.47,CRITICAL,CWE-288 -CVE-2016-5019,2022-05-13T01:25:19Z,"Apache MyFaces Trinidad Deserialization Vulnerability","org.apache.myfaces.trinidad:trinidad",1.0.0,,CRITICAL,CWE-502 -CVE-2016-5019,2022-05-13T01:25:19Z,"Apache MyFaces Trinidad Deserialization Vulnerability","org.apache.myfaces.trinidad:trinidad",1.2.0,1.2.15,CRITICAL,CWE-502 -CVE-2016-5019,2022-05-13T01:25:19Z,"Apache MyFaces Trinidad Deserialization Vulnerability","org.apache.myfaces.trinidad:trinidad",2.0.0,2.0.2,CRITICAL,CWE-502 -CVE-2016-5019,2022-05-13T01:25:19Z,"Apache MyFaces Trinidad Deserialization Vulnerability","org.apache.myfaces.trinidad:trinidad",2.1.0,2.1.2,CRITICAL,CWE-502 -CVE-2016-5388,2022-05-13T01:23:38Z,"Improper Access Control in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.72,HIGH,CWE-284 -CVE-2016-5388,2022-05-13T01:23:38Z,"Improper Access Control in Apache Tomcat","org.apache.tomcat:tomcat-catalina",8.0.0,8.5.5,HIGH,CWE-284 -CVE-2016-5393,2022-05-17T03:35:31Z,"Improper Access Control in Apache Hadoop","org.apache.hadoop:hadoop-common",2.6.0,2.6.5,HIGH,CWE-284 -CVE-2016-5393,2022-05-17T03:35:31Z,"Improper Access Control in Apache Hadoop","org.apache.hadoop:hadoop-common",2.7.0,2.7.3,HIGH,CWE-284 -CVE-2016-5394,2022-05-13T01:25:29Z,"Cross site scripting in Apache Sling","org.apache.sling:org.apache.sling.xss",0,1.0.12,MODERATE,CWE-79 -CVE-2016-5394,2022-05-13T01:25:29Z,"Cross site scripting in Apache Sling","org.apache.sling:org.apache.sling.xss.compat",0,1.1.0,MODERATE,CWE-79 -CVE-2016-5395,2018-10-17T17:21:37Z,"Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML",org.apache.ranger:ranger,0,0.6.1,MODERATE,CWE-79 -CVE-2016-5725,2022-05-13T01:09:33Z,"Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch",com.jcraft:jsch,0,0.1.54,MODERATE,CWE-22 -CVE-2016-6345,2022-05-17T03:49:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy","org.jboss.resteasy:resteasy-client",0,3.0.20.Final,MODERATE,CWE-200 -CVE-2016-6345,2022-05-17T03:49:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy","org.jboss.resteasy:resteasy-client",3.1.0.Beta1,3.1.0.CR1,MODERATE,CWE-200 -CVE-2016-6346,2022-05-14T01:03:28Z,"Denial of service in JBoss resteasy","org.jboss.resteasy:resteasy-jaxrs",0,3.0.20.Final,HIGH, -CVE-2016-6347,2022-05-17T02:48:28Z,"Improper Neutralization of Input During Web Page Generation in RESTEasy","org.jboss.resteasy:resteasy-client",0,3.0.20.Final,MODERATE,CWE-79 -CVE-2016-6347,2022-05-17T02:48:28Z,"Improper Neutralization of Input During Web Page Generation in RESTEasy","org.jboss.resteasy:resteasy-client",3.1.0.Beta1,3.1.0.CR1,MODERATE,CWE-79 -CVE-2016-6348,2022-05-17T02:49:31Z,"JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack","org.jboss.resteasy:resteasy-client",0,3.0.20.Final,MODERATE,CWE-79 -CVE-2016-6637,2022-05-13T01:07:27Z,"Cloud Foundry vulnerable to Cross-Site Request Forgery","org.cloudfoundry.identity:cloudfoundry-identity-server",2.0.0,2.7.4.7,CRITICAL,CWE-352 -CVE-2016-6637,2022-05-13T01:07:27Z,"Cloud Foundry vulnerable to Cross-Site Request Forgery","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.3.0.5,CRITICAL,CWE-352 -CVE-2016-6637,2022-05-13T01:07:27Z,"Cloud Foundry vulnerable to Cross-Site Request Forgery","org.cloudfoundry.identity:cloudfoundry-identity-server",3.4.0,3.4.4,CRITICAL,CWE-352 -CVE-2016-6637,2022-05-13T01:07:27Z,"Cloud Foundry vulnerable to Cross-Site Request Forgery","org.cloudfoundry.identity:cloudfoundry-identity-server",3.5.0,3.7.0,CRITICAL,CWE-352 -CVE-2016-6652,2022-05-17T02:37:09Z,"Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA","org.springframework.data:spring-data-jpa",0,1.9.6,MODERATE,CWE-89 -CVE-2016-6652,2022-05-17T02:37:09Z,"Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA","org.springframework.data:spring-data-jpa",1.10.0,1.10.4,MODERATE,CWE-89 -CVE-2016-6794,2022-05-13T01:02:16Z,"System Property Disclosure in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.47,MODERATE, -CVE-2016-6794,2022-05-13T01:02:16Z,"System Property Disclosure in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.72,MODERATE, -CVE-2016-6794,2022-05-13T01:02:16Z,"System Property Disclosure in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.37,MODERATE, -CVE-2016-6794,2022-05-13T01:02:16Z,"System Property Disclosure in Apache Tomcat",org.apache.tomcat:tomcat,8.1.0,8.5.5,MODERATE, -CVE-2016-6794,2022-05-13T01:02:16Z,"System Property Disclosure in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M10,MODERATE, -CVE-2016-6795,2022-05-14T00:54:13Z,"Path Traversal in Apache Struts","org.apache.struts:struts2-convention-plugin",2.3.0,2.3.31,CRITICAL,CWE-22 -CVE-2016-6795,2022-05-14T00:54:13Z,"Path Traversal in Apache Struts","org.apache.struts:struts2-convention-plugin",2.5.0,2.5.5,CRITICAL,CWE-22 -CVE-2016-6796,2022-05-13T01:02:16Z,"Apache Tomcat vulnerable to SecurityManager bypass",org.apache.tomcat:tomcat,6.0.0,6.0.46,HIGH, -CVE-2016-6796,2022-05-13T01:02:16Z,"Apache Tomcat vulnerable to SecurityManager bypass",org.apache.tomcat:tomcat,7.0.0,7.0.71,HIGH, -CVE-2016-6796,2022-05-13T01:02:16Z,"Apache Tomcat vulnerable to SecurityManager bypass",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.37,HIGH, -CVE-2016-6796,2022-05-13T01:02:16Z,"Apache Tomcat vulnerable to SecurityManager bypass",org.apache.tomcat:tomcat,8.5.0,8.5.5,HIGH, -CVE-2016-6796,2022-05-13T01:02:16Z,"Apache Tomcat vulnerable to SecurityManager bypass",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M10,HIGH, -CVE-2016-6797,2022-05-13T01:02:15Z,"Incorrect Authorization in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.72,HIGH,CWE-863 -CVE-2016-6797,2022-05-13T01:02:15Z,"Incorrect Authorization in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.37,HIGH,CWE-863 -CVE-2016-6797,2022-05-13T01:02:15Z,"Incorrect Authorization in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.5,HIGH,CWE-863 -CVE-2016-6797,2022-05-13T01:02:15Z,"Incorrect Authorization in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M10,HIGH,CWE-863 -CVE-2016-6798,2022-05-17T02:26:22Z,"XML External Entity Reference in Apache Sling","org.apache.sling:org.apache.sling.xss",0,1.0.12,CRITICAL,CWE-611 -CVE-2016-6798,2022-05-17T02:26:22Z,"XML External Entity Reference in Apache Sling","org.apache.sling:org.apache.sling.xss.compat",0,1.1.0,CRITICAL,CWE-611 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.10.0,2.10.4,HIGH,CWE-352 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.12.0,2.12.4,HIGH,CWE-352 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.13.0,2.13.3,HIGH,CWE-352 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.4.0,2.4.6,HIGH,CWE-352 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.6.0,2.6.6,HIGH,CWE-352 -CVE-2016-6801,2022-05-17T03:48:02Z,"Apache Jackrabbit Authentication Hijacking Vulnerability","org.apache.jackrabbit:jackrabbit-webdav",2.8.0,2.8.3,HIGH,CWE-352 -CVE-2016-6802,2022-05-14T02:46:12Z,"Improper Access Control in Apache Shiro","org.apache.shiro:shiro-all",0,1.3.2,HIGH,CWE-284 -CVE-2016-6802,2022-05-14T02:46:12Z,"Improper Access Control in Apache Shiro","org.apache.shiro:shiro-web",0,1.3.2,HIGH,CWE-284 -CVE-2016-6805,2018-10-16T20:53:31Z,"Moderate severity vulnerability that affects org.apache.ignite:ignite-core","org.apache.ignite:ignite-core",0,1.9,MODERATE,CWE-611 -CVE-2016-6807,2022-05-17T02:51:56Z,"Apache Ambari Improper Access Control",org.apache.ambari:ambari,2.4.0,2.4.2,CRITICAL,CWE-284 -CVE-2016-6809,2018-10-17T15:44:36Z,"Apache Tika allows Java code execution for serialized objects embedded in MATLAB files","org.apache.tika:tika-core",0,1.14,CRITICAL,CWE-502 -CVE-2016-6810,2022-05-14T01:06:24Z,"Improper Neutralization of Input During Web Page Generation Apache ActiveMQ","org.apache.activemq:activemq-client",5.0.0,5.14.2,MODERATE,CWE-79 -CVE-2016-6811,2022-05-14T03:24:59Z,"Insecure Inherited Permissions in Apache Hadoop","org.apache.hadoop:hadoop-common",2.0.0-alpha,2.7.4,HIGH,CWE-277 -CVE-2016-6812,2022-05-13T01:09:20Z,"Improper Neutralization of Input During Web Page Generation in Apache CXF",org.apache.cxf:cxf-core,0,3.0.12,MODERATE,CWE-79 -CVE-2016-6812,2022-05-13T01:09:20Z,"Improper Neutralization of Input During Web Page Generation in Apache CXF",org.apache.cxf:cxf-core,3.1.0,3.1.9,MODERATE,CWE-79 -CVE-2016-6814,2022-05-13T01:25:19Z,"Deserialization of Untrusted Data in Groovy","org.codehaus.groovy:groovy",1.7.0,2.4.8,CRITICAL,CWE-502 -CVE-2016-6814,2022-05-13T01:25:19Z,"Deserialization of Untrusted Data in Groovy","org.codehaus.groovy:groovy-all",1.7.0,2.4.8,CRITICAL,CWE-502 -CVE-2016-6815,2018-10-17T17:21:44Z,"Moderate severity vulnerability that affects org.apache.ranger:ranger",org.apache.ranger:ranger,0,0.6.2,MODERATE, -CVE-2016-6816,2022-05-13T01:14:53Z,"Improper Input Validation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",6.0.0,6.0.48,HIGH,CWE-20 -CVE-2016-6816,2022-05-13T01:14:53Z,"Improper Input Validation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",7.0.0,7.0.73,HIGH,CWE-20 -CVE-2016-6816,2022-05-13T01:14:53Z,"Improper Input Validation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.0.0RC1,8.0.39,HIGH,CWE-20 -CVE-2016-6816,2022-05-13T01:14:53Z,"Improper Input Validation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.8,HIGH,CWE-20 -CVE-2016-6816,2022-05-13T01:14:53Z,"Improper Input Validation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",9.0.0.M1,9.0.0.M12,HIGH,CWE-20 -CVE-2016-6817,2022-05-14T01:10:16Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.8,HIGH,CWE-119;CWE-835 -CVE-2016-6817,2022-05-14T01:10:16Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M12,HIGH,CWE-119;CWE-835 -CVE-2016-7043,2022-05-24T16:45:43Z,"Password in config file in KIE server","org.kie.server:kie-server-common",0,7.21.0.Final,CRITICAL,CWE-260 -CVE-2016-7046,2022-05-17T00:15:06Z,"Undertow Uncaught Exception vulnerability","io.undertow:undertow-core",0,1.3.25.Final,MODERATE,CWE-248 -CVE-2016-7046,2022-05-17T00:15:06Z,"Undertow Uncaught Exception vulnerability","io.undertow:undertow-core",1.4.0,1.4.3.Final,MODERATE,CWE-248 -CVE-2016-7051,2018-10-18T17:43:28Z,"jackson-dataformat-xml vulnerable to server side request forgery (SSRF)","com.fasterxml.jackson.dataformat:jackson-dataformat-xml",0,2.7.8,HIGH,CWE-611;CWE-918 -CVE-2016-7051,2018-10-18T17:43:28Z,"jackson-dataformat-xml vulnerable to server side request forgery (SSRF)","com.fasterxml.jackson.dataformat:jackson-dataformat-xml",2.8.0,2.8.4,HIGH,CWE-611;CWE-918 -CVE-2016-7103,2017-10-24T18:33:35Z,"jQuery-UI vulnerable to Cross-site Scripting in dialog closeText","org.webjars.npm:jquery-ui",0,1.12.0,MODERATE,CWE-79 -CVE-2016-8609,2018-10-18T16:48:41Z,"Improper Authentication in org.keycloak:keycloak-core","org.keycloak:keycloak-core",0,2.3.0,HIGH,CWE-287;CWE-384 -CVE-2016-8629,2018-10-18T16:48:01Z,"Moderate severity vulnerability that affects org.keycloak:keycloak-core","org.keycloak:keycloak-core",0,2.4.0,MODERATE,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina",0,6.0.48,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.73,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina",8.0.0,8.0.39,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina",8.5.0,8.5.7,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina",9.0.0.M1,9.0.0.M12,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina-jmx-remote",0,6.0.48,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina-jmx-remote",7.0.0,7.0.73,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina-jmx-remote",8.0.0,8.0.39,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina-jmx-remote",8.5.0,8.5.7,CRITICAL,CWE-284 -CVE-2016-8735,2022-05-13T01:14:52Z,"Apache Tomcat Improper Access Control vulnerability","org.apache.tomcat:tomcat-catalina-jmx-remote",9.0.0.M1,9.0.0.M12,CRITICAL,CWE-284 -CVE-2016-8736,2022-05-14T01:29:42Z,"Apache OpenMeetings RCE","org.apache.openmeetings:openmeetings-parent",0,3.1.2,CRITICAL,CWE-502 -CVE-2016-8738,2022-05-14T03:15:07Z,"Apache Struts vulnerable to possible DoS attack when using URLValidator","org.apache.struts:struts2-core",2.5.0,2.5.13,MODERATE,CWE-20 -CVE-2016-8739,2022-05-13T01:09:20Z,"Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS",org.apache.cxf:cxf-core,0,3.0.12,HIGH,CWE-611 -CVE-2016-8739,2022-05-13T01:09:20Z,"Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS",org.apache.cxf:cxf-core,3.1.0,3.1.9,HIGH,CWE-611 -CVE-2016-8741,2022-05-17T02:24:59Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java","org.apache.qpid:qpid-broker",6.0.0,6.0.6,HIGH,CWE-200 -CVE-2016-8741,2022-05-17T02:24:59Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Qpid Broker for Java","org.apache.qpid:qpid-broker",6.1.0,6.1.1,HIGH,CWE-200 -CVE-2016-8744,2022-05-17T00:36:06Z,"Deserialization of Untrusted Data in Apache Brooklyn","org.apache.brooklyn:brooklyn",0,0.10.0,HIGH,CWE-502 -CVE-2016-8745,2022-05-14T01:10:16Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat",org.apache.tomcat:tomcat,6.0.16,6.0.50,HIGH,CWE-362 -CVE-2016-8745,2022-05-14T01:10:16Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.75,HIGH,CWE-362 -CVE-2016-8745,2022-05-14T01:10:16Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0RC1,8.0.41,HIGH,CWE-362 -CVE-2016-8745,2022-05-14T01:10:16Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.9,HIGH,CWE-362 -CVE-2016-8745,2022-05-14T01:10:16Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M14,HIGH,CWE-362 -CVE-2016-8746,2018-10-17T17:22:05Z,"Apache Ranger policy engine incorrectly matches paths in certain conditions","org.apache.ranger:ranger-plugins-common",0,0.6.3,MODERATE,CWE-426 -CVE-2016-8747,2022-05-14T01:10:15Z,"Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request",org.apache.tomcat:tomcat,8.5.7,8.5.10,HIGH,CWE-200 -CVE-2016-8747,2022-05-14T01:10:15Z,"Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request",org.apache.tomcat:tomcat,9.0.0.M11,9.0.0.M16,HIGH,CWE-200 -CVE-2016-8748,2022-05-14T01:05:57Z,"Cross-site Scripting in Apache NiFi",org.apache.nifi:nifi,0,1.0.1,MODERATE,CWE-79 -CVE-2016-8748,2022-05-14T01:05:57Z,"Cross-site Scripting in Apache NiFi",org.apache.nifi:nifi,1.1.0,1.1.1,MODERATE,CWE-79 -CVE-2016-8749,2018-10-16T23:13:00Z,"Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks","org.apache.camel:camel-jackson",0,2.16.5,CRITICAL,CWE-502 -CVE-2016-8749,2018-10-16T23:13:00Z,"Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks","org.apache.camel:camel-jackson",2.17.0,2.17.5,CRITICAL,CWE-502 -CVE-2016-8749,2018-10-16T23:13:00Z,"Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks","org.apache.camel:camel-jackson",2.18.0,2.18.2,CRITICAL,CWE-502 -CVE-2016-8750,2019-01-07T19:14:46Z,"Moderate severity vulnerability that affects org.apache.karaf:apache-karaf","org.apache.karaf:apache-karaf",0,4.0.8,MODERATE,CWE-90 -CVE-2016-8751,2018-10-17T17:21:54Z,"Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies",org.apache.ranger:ranger,0,0.6.3,MODERATE,CWE-79 -CVE-2016-8752,2022-05-17T01:18:35Z,"Path Traversal in Apache Atlas","org.apache.atlas:atlas-common",0.6.0-incubating,0.8-incubating,HIGH,CWE-22;CWE-284 -CVE-2016-9177,2018-10-04T19:53:35Z,"Spark allows remote attackers to read arbitrary files via a .. (dot dot) in the URI",com.sparkjava:spark-core,0,2.5.2,HIGH,CWE-22 -CVE-2016-9299,2022-05-14T01:00:43Z,"Improper Neutralization of Special Elements used in an LDAP Query in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.19.3,CRITICAL,CWE-90 -CVE-2016-9299,2022-05-14T01:00:43Z,"Improper Neutralization of Special Elements used in an LDAP Query in Jenkins","org.jenkins-ci.main:jenkins-core",2.20,2.32,CRITICAL,CWE-90 -CVE-2016-9589,2022-05-13T01:38:28Z,"Red Hat Wildfly DoS","org.wildfly:wildfly-undertow",0,11.0.0.Beta1,HIGH,CWE-400 -CVE-2016-9606,2022-05-14T02:37:13Z,"JBoss RESTEasy vulnerable to Improper Input Validation","org.jboss.resteasy:resteasy-bom",0,3.1.2.Final,HIGH,CWE-20 -CVE-2016-9878,2018-10-04T20:29:55Z,"Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized","org.springframework:spring-webmvc",0,3.2.18,HIGH,CWE-22 -CVE-2016-9878,2018-10-04T20:29:55Z,"Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized","org.springframework:spring-webmvc",4.2.0,4.2.9,HIGH,CWE-22 -CVE-2016-9878,2018-10-04T20:29:55Z,"Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized","org.springframework:spring-webmvc",4.3.0,4.3.5,HIGH,CWE-22 -CVE-2016-9879,2020-09-15T20:30:34Z,"Security Constraint Bypass in Spring Security","org.springframework.security:spring-security-core",0,3.2.10.RELEASE,HIGH, -CVE-2016-9879,2020-09-15T20:30:34Z,"Security Constraint Bypass in Spring Security","org.springframework.security:spring-security-core",4.0.0.RELEASE,4.1.4.RELEASE,HIGH, -CVE-2016-9879,2020-09-15T20:30:34Z,"Security Constraint Bypass in Spring Security","org.springframework.security:spring-security-core",4.2.0.RELEASE,4.2.1.RELEASE,HIGH, -CVE-2017-1000034,2018-10-22T20:52:38Z,"Akka Java Serialization vulnerability","com.typesafe.akka:akka-actor",0,2.4.17,HIGH,CWE-502 -CVE-2017-1000084,2022-05-13T01:40:56Z,"Parameterized Trigger Plugin fails to check Item/Build permission","org.jenkins-ci.plugins:parameterized-trigger",0,2.35.1,MODERATE,CWE-276 -CVE-2017-1000085,2022-05-17T00:29:00Z,"Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:subversion",0,2.9,MODERATE,CWE-352 -CVE-2017-1000086,2022-05-13T01:18:19Z,"Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings","org.jenkins-ci.plugins:periodicbackup",0,1.5,HIGH,CWE-862 -CVE-2017-1000087,2022-05-17T00:29:00Z,"Jenkins GitHub Branch Source Plugin allows any user with Overall/Read permission to get list of valid credentials IDs","org.jenkins-ci.plugins:github-branch-source",0,2.2.0-alpha-1,MODERATE,CWE-200 -CVE-2017-1000088,2022-05-17T00:29:00Z,"Persisted XSS Vulnerability in Jenkins Sidebar Link Plugin","org.jenkins-ci.plugins:sidebar-link",0,1.9,MODERATE,CWE-79 -CVE-2017-1000089,2022-05-13T01:40:54Z,"Jenkins Build Step Plugin fails to check Item/Build permission","org.jenkins-ci.plugins:pipeline-build-step",0,2.5.1,MODERATE,CWE-276 -CVE-2017-1000090,2022-05-17T00:29:02Z,"CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration","org.jenkins-ci.plugins:role-strategy",0,2.5.1,HIGH,CWE-352 -CVE-2017-1000091,2022-05-17T00:33:21Z,"Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:github-branch-source",0,2.2.0-alpha-1,MODERATE,CWE-352 -CVE-2017-1000092,2022-05-17T00:33:22Z,"Cross-Site Request Forgery in Jenkins Git Plugin","org.jenkins-ci.plugins:git",0,3.3.2,HIGH,CWE-352 -CVE-2017-1000093,2022-05-17T00:33:25Z,"Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:pollscm",0,1.3.1,HIGH,CWE-352 -CVE-2017-1000094,2022-05-17T00:33:25Z,"Jenkins Docker Commons Plugin allows any user with Overall/Read permission to get list of valid credentials IDs","org.jenkins-ci.plugins:docker-commons",0,1.8,MODERATE,CWE-200 -CVE-2017-1000095,2022-05-13T01:40:54Z,"Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.29.1,MODERATE,CWE-732 -CVE-2017-1000096,2022-05-13T01:40:55Z,"Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.36.1,HIGH,CWE-732 -CVE-2017-1000102,2022-05-17T00:29:01Z,"Persistent XSS vulnerability in Static Analysis Utilities","org.jvnet.hudson.plugins:analysis-core",0,1.92,MODERATE,CWE-79 -CVE-2017-1000103,2022-05-17T00:29:01Z,"Persistent XSS vulnerability in Jenkins DRY Plugin","org.jvnet.hudson.plugins:dry",0,2.49,MODERATE,CWE-79 -CVE-2017-1000104,2022-05-13T01:40:56Z,"Improper Privilege Management in Jenkins Config File Provider Plugin","org.jenkins-ci.plugins:config-file-provider",0,2.16.2,MODERATE,CWE-269 -CVE-2017-1000105,2022-05-13T01:18:20Z,"Missing Authorization in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,,MODERATE,CWE-862 -CVE-2017-1000106,2022-05-13T01:40:57Z,"Improper Authentication in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.2.0,HIGH,CWE-287 -CVE-2017-1000107,2022-05-13T01:40:57Z,"Sandbox bypass in Jenkins Script Security Plugin sandbox bypass","org.jenkins-ci.plugins:script-security",0,1.31,HIGH, -CVE-2017-1000108,2022-05-17T00:29:01Z,"Jenkins Pipeline: Input Step Plugin","org.jenkins-ci.plugins:pipeline-input-step",0,2.7,HIGH,CWE-200 -CVE-2017-1000109,2022-05-17T00:32:26Z,"Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin","org.jenkins-ci.plugins:dependency-check-jenkins-plugin",0,2.0.1.2,MODERATE,CWE-79 -CVE-2017-1000110,2022-05-13T01:40:56Z,"Improper Authentication in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.2.0,MODERATE,CWE-287 -CVE-2017-1000113,2022-05-14T00:58:29Z,"Jenkins Deploy to container Plugin stored plain text passwords in job configuration","org.jenkins-ci.plugins:deploy",0,1.13,MODERATE,CWE-200 -CVE-2017-1000114,2022-05-17T00:33:21Z,"Exposure of Sensitive Information in Jenkins Datadog plugin","org.datadog.jenkins.plugins:datadog",0,0.6.2,LOW,CWE-200 -CVE-2017-1000118,2018-10-22T20:53:02Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core","com.typesafe.akka:akka-http-core_2.11",0,10.0.6,HIGH,CWE-119 -CVE-2017-1000118,2018-10-22T20:53:02Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in akka-http-core","com.typesafe.akka:akka-http-core_2.12",0,10.0.6,HIGH,CWE-119 -CVE-2017-1000190,2022-05-14T00:55:56Z,"SimpleXML vulnerable to XML External Entity (XXE)","org.simpleframework:simple-xml",0,2.7.1,CRITICAL,CWE-611 -CVE-2017-1000207,2018-10-19T16:46:30Z,"Deserialization of Untrusted Data in swagger-codegen","io.swagger:swagger-codegen",0,2.2.2,HIGH,CWE-502 -CVE-2017-1000207,2018-10-19T16:46:30Z,"Deserialization of Untrusted Data in swagger-codegen","io.swagger:swagger-parser",0,1.0.31,HIGH,CWE-502 -CVE-2017-1000208,2018-10-19T16:46:41Z,"Deserialization of Untrusted Data in swagger-parser","io.swagger:swagger-codegen",0,2.2.2,HIGH,CWE-502 -CVE-2017-1000208,2018-10-19T16:46:41Z,"Deserialization of Untrusted Data in swagger-parser","io.swagger:swagger-parser",0,1.0.31,HIGH,CWE-502 -CVE-2017-1000209,2022-05-17T00:18:13Z,"nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate","com.neovisionaries:nv-websocket-client",0,2.1,MODERATE,CWE-295 -CVE-2017-1000217,2022-05-14T01:06:17Z,"Opencast RCE Vulnerability",org.opencastproject:base,0,2.3.3,HIGH,CWE-74 -CVE-2017-1000221,2022-05-13T01:40:59Z,"Opencast has Incorrect Permission Assignment","org.opencastproject:opencast-kernel",0,2.2.4,MODERATE,CWE-732 -CVE-2017-1000242,2022-05-17T00:21:58Z,"Insecure temporary file usage in Jenkins Git Client Plugin","org.jenkins-ci.plugins:git-client",0,2.4.3,LOW,CWE-200 -CVE-2017-1000243,2022-05-13T01:18:20Z,"Missing permission check in Jenkins Favorite Plugin","org.jvnet.hudson.plugins:favorite",0,2.3.0,MODERATE,CWE-862 -CVE-2017-1000244,2022-05-14T01:00:42Z,"Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery","org.jvnet.hudson.plugins:favorite",0,2.3.2,HIGH,CWE-352 -CVE-2017-1000245,2022-05-13T01:41:00Z,"Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext","org.jenkins-ci.plugins:ssh",0,2.5,CRITICAL,CWE-522 -CVE-2017-1000245,2022-05-13T01:41:00Z,"Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext","org.jvnet.hudson.plugins:ssh",0,,CRITICAL,CWE-522 -CVE-2017-1000353,2022-05-13T01:01:03Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.46.2,CRITICAL,CWE-502 -CVE-2017-1000353,2022-05-13T01:01:03Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",2.50,2.57,CRITICAL,CWE-502 -CVE-2017-1000354,2022-05-14T03:44:30Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.46.2,HIGH,CWE-287 -CVE-2017-1000354,2022-05-14T03:44:30Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",2.50,2.57,HIGH,CWE-287 -CVE-2017-1000355,2022-05-14T03:44:36Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.46.2,MODERATE,CWE-502 -CVE-2017-1000355,2022-05-14T03:44:36Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",2.50,2.57,MODERATE,CWE-502 -CVE-2017-1000356,2022-05-14T03:44:36Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.46.2,HIGH,CWE-352 -CVE-2017-1000356,2022-05-14T03:44:36Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.50,2.57,HIGH,CWE-352 -CVE-2017-1000360,2022-05-13T01:41:13Z,"OpenDaylight NULL Pointer Dereference","org.opendaylight.controller:releasepom",0,,MODERATE,CWE-476 -CVE-2017-1000361,2022-05-13T01:41:13Z,"OpenDaylight Controller DoS","org.opendaylight.controller:releasepom",0,,HIGH, -CVE-2017-1000362,2022-05-17T02:25:41Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",1.498,2.32.2,CRITICAL,CWE-200 -CVE-2017-1000362,2022-05-17T02:25:41Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.40,2.44,CRITICAL,CWE-200 -CVE-2017-1000386,2022-05-14T00:58:32Z,"Cross-site Scripting in Jenkins Active Choices plugin",org.biouno:uno-choice,0,2.0,MODERATE,CWE-79 -CVE-2017-1000387,2022-05-13T01:41:14Z,"Jenkins Build-Publisher plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:build-publisher",0,1.22,HIGH,CWE-522 -CVE-2017-1000388,2022-05-13T01:18:20Z,"Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks","org.jenkins-ci.plugins:depgraph-view",0,0.13,MODERATE,CWE-862 -CVE-2017-1000389,2022-05-14T03:45:23Z,"Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin","org.jenkins-ci.plugins:global-build-stats",0,1.5,MODERATE,CWE-79 -CVE-2017-1000390,2022-05-13T01:18:20Z,"Jenkins Multijob plugin did not check permissions in the Resume Build action","org.jenkins-ci.plugins:jenkins-multijob-plugin",0,1.26,MODERATE,CWE-862 -CVE-2017-1000391,2022-05-14T01:04:30Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.3,HIGH,CWE-20 -CVE-2017-1000391,2022-05-14T01:04:30Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.89,HIGH,CWE-20 -CVE-2017-1000392,2022-05-14T01:04:30Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.3,MODERATE,CWE-79 -CVE-2017-1000392,2022-05-14T01:04:30Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.89,MODERATE,CWE-79 -CVE-2017-1000393,2022-05-14T01:04:30Z,"OS Command Injection in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,HIGH,CWE-78 -CVE-2017-1000393,2022-05-14T01:04:30Z,"OS Command Injection in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,HIGH,CWE-78 -CVE-2017-1000394,2022-05-14T01:04:31Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,HIGH,CWE-20 -CVE-2017-1000394,2022-05-14T01:04:31Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,HIGH,CWE-20 -CVE-2017-1000395,2022-05-14T01:04:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,MODERATE,CWE-200 -CVE-2017-1000395,2022-05-14T01:04:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,MODERATE,CWE-200 -CVE-2017-1000396,2022-05-14T01:04:35Z,"Improper Certificate Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,MODERATE,CWE-295 -CVE-2017-1000396,2022-05-14T01:04:35Z,"Improper Certificate Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,MODERATE,CWE-295 -CVE-2017-1000397,2022-05-14T03:45:43Z,"MitM on Jenkins Maven Plugin","org.jenkins-ci.main:maven-plugin",0,3.0,MODERATE,CWE-20 -CVE-2017-1000398,2022-05-14T01:04:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,MODERATE,CWE-200 -CVE-2017-1000398,2022-05-14T01:04:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,MODERATE,CWE-200 -CVE-2017-1000399,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,MODERATE,CWE-200 -CVE-2017-1000399,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,MODERATE,CWE-200 -CVE-2017-1000400,2022-05-13T01:18:20Z,"Missing Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,MODERATE,CWE-862 -CVE-2017-1000400,2022-05-13T01:18:20Z,"Missing Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,MODERATE,CWE-862 -CVE-2017-1000401,2022-05-14T01:04:35Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.73.2,LOW,CWE-20 -CVE-2017-1000401,2022-05-14T01:04:35Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.74,2.84,LOW,CWE-20 -CVE-2017-1000402,2022-05-14T03:45:42Z,"Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks","org.jenkins-ci.plugins:swarm-client",0,3.5,MODERATE,CWE-20 -CVE-2017-1000402,2022-05-14T03:45:42Z,"Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks","org.jvnet.hudson.plugins:swarm-plugin",0,,MODERATE,CWE-20 -CVE-2017-1000403,2022-05-13T01:41:14Z,"Arbitrary code execution vulnerability in Jenkins Speaks! Plugin","org.jvnet.hudson.plugins:speaks",0,,HIGH,CWE-732 -CVE-2017-1000404,2022-05-14T03:45:38Z,"Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability","se.diabol.jenkins.pipeline:delivery-pipeline-plugin",0,1.0.8,MODERATE,CWE-79 -CVE-2017-1000406,2022-05-17T00:12:25Z,"Password change doesn't result in Karaf clearing cache","org.opendaylight.integration:distribution-karaf",0,,HIGH, -CVE-2017-1000486,2021-06-03T19:22:22Z,"Inadequate Encryption Strength","org.primefaces:primefaces",5.0,6.0,CRITICAL,CWE-326 -CVE-2017-1000487,2022-05-13T01:11:53Z,"OS Command Injection in Plexus-utils","org.codehaus.plexus:plexus-utils",0,3.0.16,CRITICAL,CWE-78 -CVE-2017-1000498,2018-10-19T16:50:33Z,"Android SVG vulnerable to XML External Entity (XXE)",com.caverock:androidsvg,0,1.3,HIGH,CWE-611 -CVE-2017-1000500,2018-10-18T16:48:15Z,"Moderate severity vulnerability that affects org.keycloak:keycloak-core","org.keycloak:keycloak-core",0,2.0.0,MODERATE, -CVE-2017-1000502,2022-05-14T03:45:21Z,"Arbitrary shell command execution in Jenkins EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.38,HIGH,CWE-78 -CVE-2017-1000503,2022-05-14T03:45:22Z,"Race Condition in Jenkins","org.jenkins-ci.main:jenkins-core",2.81,2.89.2,HIGH,CWE-362 -CVE-2017-1000503,2022-05-14T03:45:22Z,"Race Condition in Jenkins","org.jenkins-ci.main:jenkins-core",2.90,2.95,HIGH,CWE-362 -CVE-2017-1000504,2022-05-14T01:04:36Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.81,2.89.2,HIGH,CWE-352 -CVE-2017-1000504,2022-05-14T01:04:36Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.90,2.95,HIGH,CWE-352 -CVE-2017-1000505,2022-05-14T03:45:23Z,"Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.37,MODERATE,CWE-200 -CVE-2017-10862,2022-05-17T00:28:41Z,"Insufficient Data Verification in io.really:jwt-scala",io.really:jwt-scala,0,,MODERATE,CWE-345 -CVE-2017-11467,2018-10-18T17:40:56Z,"OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection","com.orientechnologies:orientdb-core",0,2.2.23,CRITICAL,CWE-269 -CVE-2017-12158,2022-05-13T01:38:14Z,"Keycloak Reflected XSS","org.keycloak:keycloak-parent",0,3.4.0,MODERATE,CWE-79 -CVE-2017-12159,2022-05-13T01:38:14Z,"Keycloak CSRF Vulnerability","org.keycloak:keycloak-parent",0,3.4.0,HIGH,CWE-613 -CVE-2017-12160,2022-05-13T01:23:16Z,"Keycloak Oauth Implementation Error","org.keycloak:keycloak-parent",0,3.3.0.Final,HIGH,CWE-287 -CVE-2017-12161,2018-10-18T16:50:05Z,"Moderate severity vulnerability that affects org.keycloak:keycloak-core","org.keycloak:keycloak-core",0,3.4.2,MODERATE,CWE-602 -CVE-2017-12165,2022-05-13T01:38:14Z,"Undertow Request Smuggling vulnerability","io.undertow:undertow-core",0,1.3.31,HIGH,CWE-444 -CVE-2017-12165,2022-05-13T01:38:14Z,"Undertow Request Smuggling vulnerability","io.undertow:undertow-core",1.4.0,1.4.17,HIGH,CWE-444 -CVE-2017-12165,2022-05-13T01:38:14Z,"Undertow Request Smuggling vulnerability","io.undertow:undertow-core",2.0.0.Alpha1,2.0.0.Beta1,HIGH,CWE-444 -CVE-2017-12174,2022-05-13T01:11:53Z,"Uncontrolled Resource Consumption in Artemis and HornetQ","org.apache.activemq:artemis-native",0,2.4.0,HIGH,CWE-400 -CVE-2017-12174,2022-05-13T01:11:53Z,"Uncontrolled Resource Consumption in Artemis and HornetQ","org.hornetq:hornetq-server",0,2.4.0.Final,HIGH,CWE-400 -CVE-2017-12196,2022-05-13T01:38:10Z,"Incorrect Authorization in Undertow","io.undertow:undertow-core",0,1.4.24.Final,MODERATE,CWE-863 -CVE-2017-12196,2022-05-13T01:38:10Z,"Incorrect Authorization in Undertow","io.undertow:undertow-core",2.0.0.Alpha1,2.0.2.FInal,MODERATE,CWE-863 -CVE-2017-12197,2022-05-13T01:38:10Z,"Improper Input Validation in libpam4j",org.kohsuke:libpam4j,0,1.10,MODERATE,CWE-20 -CVE-2017-12610,2022-05-13T01:25:19Z,"Improper Authentication in Apache Kafka","org.apache.kafka:kafka-clients",0.10.0.0,0.10.2.2,MODERATE,CWE-287 -CVE-2017-12610,2022-05-13T01:25:19Z,"Improper Authentication in Apache Kafka","org.apache.kafka:kafka-clients",0.11.0.0,0.11.0.2,MODERATE,CWE-287 -CVE-2017-12611,2018-10-16T19:35:40Z,"Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal","org.apache.struts:struts2-core",2.0.1,2.3.34,CRITICAL,CWE-20 -CVE-2017-12611,2018-10-16T19:35:40Z,"Apache Struts 2.0.1 uses an unintentional expression in a Freemarker tag instead of string literal","org.apache.struts:struts2-core",2.5.0,2.5.11,CRITICAL,CWE-20 -CVE-2017-12612,2018-11-09T17:43:25Z,"Apache Spark Deserialization of Untrusted Data vulnerability","org.apache.spark:spark-core_2.10",0,2.1.2,HIGH,CWE-502 -CVE-2017-12612,2018-11-09T17:43:25Z,"Apache Spark Deserialization of Untrusted Data vulnerability","org.apache.spark:spark-core_2.11",0,2.1.2,HIGH,CWE-502 -CVE-2017-12615,2018-10-17T16:30:31Z,"When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.79,HIGH,CWE-434 -CVE-2017-12616,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.81,HIGH,CWE-200 -CVE-2017-12617,2022-05-14T01:07:15Z,"Unrestricted Upload of File with Dangerous Type Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.82,HIGH,CWE-434 -CVE-2017-12617,2022-05-14T01:07:15Z,"Unrestricted Upload of File with Dangerous Type Apache Tomcat",org.apache.tomcat:tomcat,8.0.0RC1,8.0.47,HIGH,CWE-434 -CVE-2017-12617,2022-05-14T01:07:15Z,"Unrestricted Upload of File with Dangerous Type Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.23,HIGH,CWE-434 -CVE-2017-12617,2022-05-14T01:07:15Z,"Unrestricted Upload of File with Dangerous Type Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.1,HIGH,CWE-434 -CVE-2017-12619,2019-04-24T16:06:59Z,"Session Fixation in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.7.3,HIGH,CWE-384 -CVE-2017-12620,2022-05-17T00:29:00Z,"Improper Restriction of XML External Entity Reference in Apache OpenNLP","org.apache.opennlp:opennlp-tools",1.5.0,1.8.2,CRITICAL,CWE-611 -CVE-2017-12621,2022-05-17T00:34:13Z,"Improper Restriction of XML External Entity Reference in Jelly","commons-jelly:commons-jelly",0,1.0.1,CRITICAL,CWE-611 -CVE-2017-12622,2022-05-14T03:47:21Z,"Apache Geode gfsh authorization vulnerability","org.apache.geode:geode-core",1.0.0,1.3.0,HIGH,CWE-200 -CVE-2017-12623,2022-05-17T00:26:27Z,"XML External Entity Reference in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.4.0,MODERATE,CWE-611 -CVE-2017-12624,2022-05-13T01:09:20Z,"Improper Input Validation in Apache CXF",org.apache.cxf:cxf-core,0,3.0.16,MODERATE,CWE-20 -CVE-2017-12624,2022-05-13T01:09:20Z,"Improper Input Validation in Apache CXF",org.apache.cxf:cxf-core,3.1.0,3.1.14,MODERATE,CWE-20 -CVE-2017-12624,2022-05-13T01:09:20Z,"Improper Input Validation in Apache CXF",org.apache.cxf:cxf-core,3.2.0,3.2.1,MODERATE,CWE-20 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",2.1.0,2.1.2,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",2.2.0,2.2.1,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-exec",2.3.0,2.3.1,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",2.1.0,2.1.2,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",2.2.0,2.2.1,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service","org.apache.hive:hive-service",2.3.0,2.3.1,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,2.1.0,2.1.2,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,2.2.0,2.2.1,MODERATE,CWE-200 -CVE-2017-12625,2019-03-14T15:40:16Z,"Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service",org.apache.hive:hive,2.3.0,2.3.1,MODERATE,CWE-200 -CVE-2017-12626,2021-01-14T19:18:22Z,"Denial of Service in Apache POI",org.apache.poi:poi,0,3.17,HIGH,CWE-835 -CVE-2017-12628,2022-05-17T00:25:34Z,"Apache James Privilege Escalation","org.apache.james:james-project",0,3.0.1,HIGH,CWE-502 -CVE-2017-12629,2018-10-17T19:56:17Z,"Remote code execution occurs in Apache Solr","org.apache.solr:solr-core",5.5.0,5.5.5,CRITICAL,CWE-611 -CVE-2017-12629,2018-10-17T19:56:17Z,"Remote code execution occurs in Apache Solr","org.apache.solr:solr-core",6.0.0,6.6.2,CRITICAL,CWE-611 -CVE-2017-12629,2018-10-17T19:56:17Z,"Remote code execution occurs in Apache Solr","org.apache.solr:solr-core",7.0.0,7.1.0,CRITICAL,CWE-611 -CVE-2017-12630,2022-05-14T03:53:41Z,"Apache Drill vulnerable to Cross-site Scripting","org.apache.drill:drill-common",0,1.12.0,MODERATE,CWE-79 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring",0,1.3.3,MODERATE,CWE-352 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring",1.4.0,1.4.3,MODERATE,CWE-352 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring2",0,1.3.3,MODERATE,CWE-352 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring2",1.4.0,1.4.3,MODERATE,CWE-352 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring3",0,1.3.3,MODERATE,CWE-352 -CVE-2017-12631,2018-10-18T16:57:21Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring3",1.4.0,1.4.3,MODERATE,CWE-352 -CVE-2017-12632,2022-05-14T03:45:20Z,"Apache NiFi host header poisoning issue",org.apache.nifi:nifi,1.0.0,1.5.0,HIGH,CWE-20 -CVE-2017-12633,2022-05-14T01:00:38Z,"Apache Camel camel-hessian component vulnerable to Java object deserialization","org.apache.camel:camel-hessian",2.0,2.19.4,CRITICAL,CWE-502 -CVE-2017-12633,2022-05-14T01:00:38Z,"Apache Camel camel-hessian component vulnerable to Java object deserialization","org.apache.camel:camel-hessian",2.20.0,2.20.1,CRITICAL,CWE-502 -CVE-2017-12634,2018-10-16T23:05:58Z,"Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation","org.apache.camel:camel-castor",2.0.0,2.19.4,CRITICAL,CWE-502 -CVE-2017-12634,2018-10-16T23:05:58Z,"Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation","org.apache.camel:camel-castor",2.20.0,2.20.1,CRITICAL,CWE-502 -CVE-2017-12972,2022-05-13T01:30:32Z,"Nimbus JOSE+JWT missing overflow check","com.nimbusds:nimbus-jose-jwt",0,4.39,HIGH,CWE-345 -CVE-2017-12973,2022-05-13T01:42:51Z,"Nimbus JOSE+JWT vulnerable to padding oracle attack","com.nimbusds:nimbus-jose-jwt",0,4.39,LOW,CWE-354 -CVE-2017-12974,2022-05-13T01:30:32Z,"Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT","com.nimbusds:nimbus-jose-jwt",0,4.36,HIGH,CWE-347 -CVE-2017-13098,2022-05-13T01:14:24Z,"Observable Discrepancy in BouncyCastle","org.bouncycastle:bcprov-jdk15on",0,1.0.3,MODERATE,CWE-203 -CVE-2017-13763,2022-05-13T01:43:15Z,"ONOS vulnerable to denial of service due to unrestricted NettyMessagingManager payload","org.onosproject:onos-base",1.8.0,1.11.0,HIGH,CWE-770 -CVE-2017-14063,2018-10-19T16:50:50Z,"Improper Input Validation in async-http-client","org.asynchttpclient:async-http-client",0,2.0.35,HIGH,CWE-20 -CVE-2017-14735,2018-10-18T17:22:11Z,"OWASP AntiSamy Cross-site Scripting vulnerability","org.owasp.antisamy:antisamy",0,1.5.7,MODERATE,CWE-79 -CVE-2017-14868,2018-10-17T00:04:31Z,"Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider","org.restlet.jse:org.restlet.ext.jaxrs",0,2.3.11,HIGH,CWE-611 -CVE-2017-14949,2018-10-17T00:04:18Z,"Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request","org.restlet.jse:org.restlet",0,2.3.12,HIGH,CWE-611 -CVE-2017-15089,2022-05-14T00:59:30Z,"Deserialization of Untrusted Data in Infinispan","org.infinispan:infinispan-core",0,9.2.0.CR1,HIGH,CWE-502 -CVE-2017-15095,2018-10-18T17:42:34Z,"jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,CRITICAL,CWE-184;CWE-502 -CVE-2017-15095,2018-10-18T17:42:34Z,"jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.2,CRITICAL,CWE-184;CWE-502 -CVE-2017-15095,2018-10-18T17:42:34Z,"jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11,CRITICAL,CWE-184;CWE-502 -CVE-2017-15095,2018-10-18T17:42:34Z,"jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.4,CRITICAL,CWE-184;CWE-502 -CVE-2017-15113,2022-05-13T01:37:34Z,"ovirt-engine Logs Plaintext Passwords To File","org.ovirt.engine.sdk:ovirt-engine-sdk-java",0,4.1.7.6,MODERATE,CWE-532 -CVE-2017-15288,2018-10-19T16:51:11Z,"High severity vulnerability that affects org.scala-lang:scala-compiler","org.scala-lang:scala-compiler",0,2.10.7,HIGH,CWE-732 -CVE-2017-15288,2018-10-19T16:51:11Z,"High severity vulnerability that affects org.scala-lang:scala-compiler","org.scala-lang:scala-compiler",2.11.0,2.11.12,HIGH,CWE-732 -CVE-2017-15288,2018-10-19T16:51:11Z,"High severity vulnerability that affects org.scala-lang:scala-compiler","org.scala-lang:scala-compiler",2.12.0,2.12.4,HIGH,CWE-732 -CVE-2017-15680,2022-05-24T17:34:59Z,"Missing Authorization in Crafter CMS","org.craftercms:crafter-core",3.0.0,3.0.1,MODERATE,CWE-862 -CVE-2017-15681,2022-02-09T23:07:59Z,"Path Traversal in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",0,3.0.2,CRITICAL,CWE-22 -CVE-2017-15682,2022-05-24T17:34:59Z,"Cross site scripting in Crafter CMS","org.craftercms:crafter-core",3.0.0,3.0.1,MODERATE,CWE-79 -CVE-2017-15683,2022-05-24T17:34:59Z,"XML injection in Crafter CMS","org.craftercms:crafter-core",3.0.0,3.0.1,HIGH,CWE-91 -CVE-2017-15684,2022-02-09T23:08:03Z,"Path Traversal in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",0,3.0.2,HIGH,CWE-22 -CVE-2017-15685,2022-02-09T23:08:01Z,"XML Injection in Crafter CMS Crafter Studio 3.0.1","org.craftercms:crafter-studio",0,3.0.2,HIGH,CWE-91 -CVE-2017-15686,2022-02-09T23:08:06Z,"Cross-site scripting in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",0,3.0.2,MODERATE,CWE-79 -CVE-2017-15691,2022-05-14T00:58:02Z,"Improper Restriction of XML External Entity Reference in Apache uimaj","org.apache.uima:uimafit-core",0,2.4.0,MODERATE,CWE-611 -CVE-2017-15691,2022-05-14T00:58:02Z,"Improper Restriction of XML External Entity Reference in Apache uimaj","org.apache.uima:uimaj-as-core",0,2.10.2,MODERATE,CWE-611 -CVE-2017-15691,2022-05-14T00:58:02Z,"Improper Restriction of XML External Entity Reference in Apache uimaj","org.apache.uima:uimaj-core",0,2.10.2,MODERATE,CWE-611 -CVE-2017-15691,2022-05-14T00:58:02Z,"Improper Restriction of XML External Entity Reference in Apache uimaj","org.apache.uima:uimaj-core",3.0.0-alpha,3.0.0-beta,MODERATE,CWE-611 -CVE-2017-15692,2022-05-14T03:35:52Z,"Apache Geode unsafe deserialization in TcpServer","org.apache.geode:geode-core",1.0.0,1.4.0,CRITICAL,CWE-502 -CVE-2017-15693,2022-05-14T03:35:52Z,"Apache Geode unsafe deserialization of application objects","org.apache.geode:geode-core",1.0.0,1.4.0,HIGH,CWE-502 -CVE-2017-15694,2019-06-26T01:09:35Z,"Argument Injection in Apache Geode server","org.apache.geode:geode-core",0,1.9.0,MODERATE,CWE-88 -CVE-2017-15695,2022-05-13T01:18:20Z,"Apache Geode vulnerable to Incorrect Authorization","org.apache.geode:geode-core",1.0.0,1.5.0,HIGH,CWE-863 -CVE-2017-15696,2022-05-14T03:37:08Z,"Apache Geode configuration request authorization vulnerability","org.apache.geode:geode-core",1.0.0,1.4.0,HIGH,CWE-200 -CVE-2017-15697,2022-05-14T03:45:22Z,"Apache NiFi XSS issue in context path handling",org.apache.nifi:nifi,1.0.0,1.5.0,CRITICAL,CWE-20 -CVE-2017-15700,2022-05-14T03:53:41Z,"Apache Sling Authentication Service vulnerability","org.apache.sling:org.apache.sling.auth.core",1.4.0,1.4.2,HIGH,CWE-200 -CVE-2017-15701,2018-10-19T16:41:15Z,"Apache Qpid Broker-J vulnerable to Denial of Service (DoS) via uncontrolled resource consumption","org.apache.qpid:qpid-broker",6.1.0,6.1.5,HIGH,CWE-400 -CVE-2017-15702,2018-10-19T16:41:04Z,"Apache Qpid Broker vulnerable to authentication port spoofing","org.apache.qpid:qpid-broker",0.18,6.0.0,CRITICAL, -CVE-2017-15703,2019-10-25T19:42:50Z,"Denial of service via deserialization attack in nifi","org.apache.nifi:nifi-framework-cluster-protocol",0,1.5.0,MODERATE,CWE-502 -CVE-2017-15706,2022-05-14T01:10:15Z,"Inconsistent documentation in Apache Tomcat",org.apache.tomcat:tomcat,7.0.79,7.0.84,MODERATE,CWE-1068;CWE-358 -CVE-2017-15706,2022-05-14T01:10:15Z,"Inconsistent documentation in Apache Tomcat",org.apache.tomcat:tomcat,8.0.45,8.0.48,MODERATE,CWE-1068;CWE-358 -CVE-2017-15706,2022-05-14T01:10:15Z,"Inconsistent documentation in Apache Tomcat",org.apache.tomcat:tomcat,8.5.16,8.5.24,MODERATE,CWE-1068;CWE-358 -CVE-2017-15706,2022-05-14T01:10:15Z,"Inconsistent documentation in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M22,9.0.2,MODERATE,CWE-1068;CWE-358 -CVE-2017-15707,2018-10-16T19:35:55Z,"Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin","org.apache.struts:struts2-rest-plugin",2.5.0,2.5.16,MODERATE,CWE-20 -CVE-2017-15708,2020-11-04T18:23:25Z,"Remote Code Execution in Apache Synapse","org.apache.synapse:synapse-core",0,3.0.1,CRITICAL,CWE-502;CWE-74 -CVE-2017-15709,2022-05-13T01:11:29Z,"ActiveMQ's OpenWire protocol exposes certain system details as plain text","org.apache.activemq:activemq-openwire-generator",5.14.0,5.15.3,LOW,CWE-200 -CVE-2017-15709,2022-05-13T01:11:29Z,"ActiveMQ's OpenWire protocol exposes certain system details as plain text","org.apache.activemq:activemq-parent",5.14.0,5.14.6,LOW,CWE-200 -CVE-2017-15709,2022-05-13T01:11:29Z,"ActiveMQ's OpenWire protocol exposes certain system details as plain text","org.apache.activemq:activemq-parent",5.15.0,5.15.3,LOW,CWE-200 -CVE-2017-15712,2022-05-14T03:37:34Z,"Path Traversal in Apache Oozie","org.apache.oozie:oozie-core",3.1.3,5.0.0,MODERATE,CWE-22 -CVE-2017-15713,2018-12-21T17:50:13Z,"Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",0,2.7.5,MODERATE,CWE-200 -CVE-2017-15713,2018-12-21T17:50:13Z,"Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",2.8.0,2.8.3,MODERATE,CWE-200 -CVE-2017-15717,2022-05-14T03:46:36Z,"Cross-site Scripting in Apache Sling XSS Protection API","org.apache.sling:org.apache.sling.xss",1.0.4,2.0.4,MODERATE,CWE-79 -CVE-2017-15718,2018-12-21T17:50:20Z,"Exposure of Sensitive Information in Hadoop","org.apache.hadoop:hadoop-main",2.7.3,2.7.5,CRITICAL,CWE-200 -CVE-2017-15719,2022-05-14T00:58:28Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",0,6.28.1,MODERATE,CWE-79 -CVE-2017-15719,2022-05-14T00:58:28Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",7.0.0,7.9.2,MODERATE,CWE-79 -CVE-2017-15719,2022-05-14T00:58:28Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",8.0.0-M1,8.0.0-M8.1,MODERATE,CWE-79 -CVE-2017-15911,2022-05-17T00:23:24Z,"Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console","org.igniterealtime.openfire:parent",0,4.1.7,MODERATE,CWE-79 -CVE-2017-17383,2022-05-14T04:04:08Z,"Cross-site Scripting in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.94,MODERATE,CWE-79 -CVE-2017-17485,2018-10-18T17:42:48Z,"jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass","com.fasterxml.jackson.core:jackson-databind",0,2.7.9.2,CRITICAL,CWE-502 -CVE-2017-17485,2018-10-18T17:42:48Z,"jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11,CRITICAL,CWE-502 -CVE-2017-17485,2018-10-18T17:42:48Z,"jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.4,CRITICAL,CWE-502 -CVE-2017-17837,2022-05-13T01:02:10Z,"Cross-site Scripting in Apache DeltaSpike","org.apache.deltaspike.modules:jsf-module-project",0,1.8.1,MODERATE,CWE-79 -CVE-2017-18239,2018-11-09T17:50:40Z,"Exposure of Sensitive information in authentikat-jwt","com.jason-goodwin:authentikat-jwt_2.12",0,0.4.6,CRITICAL, -CVE-2017-18349,2018-10-24T19:42:03Z,"Improper Input Validation in alilibaba:fastjson",com.alibaba:fastjson,0,1.2.31,CRITICAL,CWE-20 -CVE-2017-18349,2018-10-24T19:42:03Z,"Improper Input Validation in alilibaba:fastjson",ro.pippo:pippo-fastjson,0,1.12.0,CRITICAL,CWE-20 -CVE-2017-18640,2021-06-04T21:37:45Z,"SnakeYAML Entity Expansion during load operation",org.yaml:snakeyaml,0,1.26,HIGH,CWE-776 -CVE-2017-20151,2022-12-30T12:30:25Z,"iText RUPS XML External Entity vulnerability",com.itextpdf:itext-rups,0,,CRITICAL,CWE-611 -CVE-2017-20189,2024-01-22T06:30:32Z,"Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization",org.clojure:clojure,0,1.9.0,CRITICAL,CWE-502 -CVE-2017-2582,2018-10-18T16:49:40Z,"keycloak-core discloses system properties","org.keycloak:keycloak-core",0,2.5.1,MODERATE,CWE-200;CWE-201 -CVE-2017-2585,2018-10-18T16:47:41Z,"keycloak-core vulnerable to timing attacks against JWS token verification","org.keycloak:keycloak-core",0,2.5.1,MODERATE,CWE-200 -CVE-2017-2589,2022-05-13T01:36:55Z,"Insecure cookie sharing in Hawtio",io.hawt:project,0,1.5.0,CRITICAL,CWE-200 -CVE-2017-2594,2022-05-13T01:36:55Z,"Path Traversal in io.hawt:project",io.hawt:project,0,1.5.0,HIGH,CWE-22 -CVE-2017-2598,2022-05-13T01:36:56Z,"Inadequate Encryption Strength in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-326 -CVE-2017-2598,2022-05-13T01:36:56Z,"Inadequate Encryption Strength in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-326 -CVE-2017-2599,2022-05-13T01:12:25Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-863 -CVE-2017-2599,2022-05-13T01:12:25Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-863 -CVE-2017-2600,2022-05-13T01:36:55Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-200 -CVE-2017-2600,2022-05-13T01:36:55Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-200 -CVE-2017-2601,2022-05-13T01:02:35Z,"Cross-site Scripting in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-79 -CVE-2017-2601,2022-05-13T01:02:35Z,"Cross-site Scripting in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-79 -CVE-2017-2602,2022-05-13T01:36:56Z,"Incomplete List of Disallowed Inputs in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-184 -CVE-2017-2602,2022-05-13T01:36:56Z,"Incomplete List of Disallowed Inputs in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-184 -CVE-2017-2603,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,LOW,CWE-200 -CVE-2017-2603,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,LOW,CWE-200 -CVE-2017-2604,2022-05-13T01:36:54Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-287 -CVE-2017-2604,2022-05-13T01:36:54Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-287 -CVE-2017-2606,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-200 -CVE-2017-2606,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-200 -CVE-2017-2607,2022-05-13T01:36:54Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-79 -CVE-2017-2607,2022-05-13T01:36:54Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-79 -CVE-2017-2608,2022-05-13T01:36:54Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,HIGH,CWE-502 -CVE-2017-2608,2022-05-13T01:36:54Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,HIGH,CWE-502 -CVE-2017-2609,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-200 -CVE-2017-2609,2022-05-13T01:36:54Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-200 -CVE-2017-2610,2022-05-13T01:36:54Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-79 -CVE-2017-2610,2022-05-13T01:36:54Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-79 -CVE-2017-2611,2022-05-13T01:16:28Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.44,MODERATE,CWE-863 -CVE-2017-2612,2022-05-13T01:36:54Z,"Incorrect Permission Assignment for Critical Resource in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-732 -CVE-2017-2612,2022-05-13T01:36:54Z,"Incorrect Permission Assignment for Critical Resource in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-732 -CVE-2017-2613,2022-05-13T01:36:54Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.32.2,MODERATE,CWE-352 -CVE-2017-2613,2022-05-13T01:36:54Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.34,2.44,MODERATE,CWE-352 -CVE-2017-2638,2022-05-13T01:36:52Z,"Infinispan Rest API Does Not Enforce Auth Constraints","org.infinispan:infinispan-server-core",0,9.0.0,MODERATE,CWE-287 -CVE-2017-2646,2018-10-18T16:49:29Z,"Keycloak vulnerable to infinite loop based Denial of Service","org.keycloak:keycloak-core",0,2.5.5,HIGH,CWE-835 -CVE-2017-2648,2022-05-13T01:36:51Z,"Jenkins SSH Build Agents Plugin did not verify host keys","org.jenkins-ci.plugins:ssh-slaves",0,1.15,MODERATE,CWE-295 -CVE-2017-2649,2022-05-13T01:36:52Z,"Jenkins Active Directory Plugin did not verify certificate of AD server","org.jenkins-ci.plugins:active-directory",0,2.3,HIGH,CWE-295 -CVE-2017-2651,2022-05-13T01:36:51Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin","org.jenkins-ci.plugins:mailer",0,1.20,LOW,CWE-200 -CVE-2017-2652,2022-05-13T01:36:51Z,"Missing permission checks in Jenkins Distributed Fork Plugin","org.jenkins-ci.plugins:distfork",0,1.6.0,HIGH,CWE-287 -CVE-2017-2654,2022-05-13T01:36:51Z,"Emails were sent to addresses not associated with actual users of Jenkins by Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.57.1,MODERATE,CWE-200 -CVE-2017-2666,2018-10-19T16:55:14Z,"Undertow-core vulnerable to HTTP Request Smuggling","io.undertow:undertow-core",0,1.3.31,MODERATE,CWE-444 -CVE-2017-2666,2018-10-19T16:55:14Z,"Undertow-core vulnerable to HTTP Request Smuggling","io.undertow:undertow-core",1.4.0,1.4.17,MODERATE,CWE-444 -CVE-2017-2670,2018-10-19T16:54:56Z,"Moderate severity vulnerability that affects io.undertow:undertow-core","io.undertow:undertow-core",0,1.3.28,MODERATE,CWE-835 -CVE-2017-3150,2022-05-17T01:18:59Z,"Insecure cookie storage in Apache Atlas ","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2017-3151,2022-05-13T01:30:22Z,"Cross-site Scripting in Apache Atlas","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2017-3152,2022-05-17T01:17:22Z,"Cross-site Scripting in Apache Atlas ","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2017-3153,2022-05-17T01:17:22Z,"Cross-site Scripting in Apache Atlas ","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2017-3154,2022-05-17T01:17:12Z,"Apache Atlas produces Stack trace in error response","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,HIGH,CWE-200 -CVE-2017-3155,2022-05-17T01:17:12Z,"Cross-site Scripting in Apache Atlas ","org.apache.atlas:atlas-common",0.6.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2017-3156,2022-05-13T01:09:21Z,"Covert Timing Channel in Apache CXF","org.apache.cxf.karaf:apache-cxf",0,3.0.13,HIGH,CWE-385 -CVE-2017-3156,2022-05-13T01:09:21Z,"Covert Timing Channel in Apache CXF","org.apache.cxf.karaf:apache-cxf",3.1.0,3.1.10,HIGH,CWE-385 -CVE-2017-3158,2022-05-14T03:46:14Z,"Apache Guacamole Race Condition vulnerability","org.apache.guacamole:guacamole-common",0.9.5,0.9.11-incubating,HIGH,CWE-362 -CVE-2017-3159,2018-10-16T17:21:42Z,"Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization","org.apache.camel:camel-snakeyaml",0,2.17.5,CRITICAL,CWE-502 -CVE-2017-3159,2018-10-16T17:21:42Z,"Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization","org.apache.camel:camel-snakeyaml",2.18.0,2.18.2,CRITICAL,CWE-502 -CVE-2017-3161,2022-05-13T01:08:56Z,"Improper Neutralization of Input During Web Page Generation in Apache Hadoop","org.apache.hadoop:hadoop-client",0,2.7.0,MODERATE,CWE-79 -CVE-2017-3162,2022-05-13T01:08:56Z,"Improper Input Validation in Apache Hadoop","org.apache.hadoop:hadoop-client",0,2.7.0,HIGH,CWE-20 -CVE-2017-3163,2018-10-18T16:40:43Z,"Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core","org.apache.solr:solr-core",0,5.5.4,HIGH,CWE-22 -CVE-2017-3163,2018-10-18T16:40:43Z,"Improper Limitation of a Pathname ('Path Traversal') in org.apache.solr:solr-core","org.apache.solr:solr-core",6.0.0,6.4.1,HIGH,CWE-22 -CVE-2017-3164,2019-03-14T15:39:56Z,"Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core","org.apache.solr:solr-core",1.30,7.7.0,HIGH,CWE-918 -CVE-2017-3165,2022-05-17T00:47:43Z,"Cross-site Scripting In Apache Brooklyn","org.apache.brooklyn:brooklyn",0,0.10.0,MODERATE,CWE-79 -CVE-2017-3166,2018-12-21T17:50:03Z,"Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",0,2.7.3,MODERATE,CWE-732 -CVE-2017-3199,2022-05-13T01:28:41Z,"GraniteDS Insecure Deserialization","org.graniteds:granite-core",0,,HIGH,CWE-502 -CVE-2017-3200,2022-05-13T01:28:41Z,"GraniteDS Insecure Deserialization","org.graniteds:granite-server-core",0,,HIGH,CWE-502 -CVE-2017-3202,2022-05-13T01:36:43Z,"Deserialization of Untrusted Data in Flamingo amf-serializer","com.exadel.flamingo.flex:amf-serializer",0,,CRITICAL,CWE-502 -CVE-2017-3203,2022-05-13T01:36:43Z,"Deserialization of Untrusted Data in Spring-flex","org.springframework.flex:spring-flex",0,,HIGH,CWE-502 -CVE-2017-3523,2022-05-13T01:45:34Z,"Improper Access Control in MySQL Connectors Java","mysql:mysql-connector-java",0,5.1.41,HIGH,CWE-284 -CVE-2017-3586,2022-05-13T01:45:42Z,"Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java","mysql:mysql-connector-java",0,5.1.42,MODERATE,CWE-200 -CVE-2017-3589,2022-05-13T01:45:42Z,"Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java","mysql:mysql-connector-java",0,5.1.42,LOW,CWE-200 -CVE-2017-4960,2022-05-13T01:07:24Z,"Cloud Foundry denial of service vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",0,3.9.8,HIGH, -CVE-2017-4960,2022-05-13T01:07:24Z,"Cloud Foundry denial of service vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,3.12.0,HIGH, -CVE-2017-4971,2022-05-13T01:45:59Z,"Insecure Default Initialization of Resource in Pivotal Spring Web Flow","org.springframework.webflow:spring-webflow",2.4.0,2.4.5,MODERATE,CWE-1188 -CVE-2017-4973,2022-05-13T01:07:25Z,"Cloud Foundry UAA Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",2.0.0,2.7.4.14,HIGH,CWE-269 -CVE-2017-4973,2022-05-13T01:07:25Z,"Cloud Foundry UAA Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.6.8,HIGH,CWE-269 -CVE-2017-4973,2022-05-13T01:07:25Z,"Cloud Foundry UAA Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,3.15.0,HIGH,CWE-269 -CVE-2017-4973,2022-05-13T01:07:25Z,"Cloud Foundry UAA Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.7.0,3.9.10,HIGH,CWE-269 -CVE-2017-4974,2022-05-13T01:07:26Z,"Blind SQL Injection with privileged Cloud Foundry UAA endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",2.0.0,2.7.4.15,MODERATE,CWE-89 -CVE-2017-4974,2022-05-13T01:07:26Z,"Blind SQL Injection with privileged Cloud Foundry UAA endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.6.9,MODERATE,CWE-89 -CVE-2017-4974,2022-05-13T01:07:26Z,"Blind SQL Injection with privileged Cloud Foundry UAA endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,3.16.0,MODERATE,CWE-89 -CVE-2017-4974,2022-05-13T01:07:26Z,"Blind SQL Injection with privileged Cloud Foundry UAA endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",3.7.0,3.9.11,MODERATE,CWE-89 -CVE-2017-4991,2022-05-13T01:07:26Z,"Cloud Foundry UAA password reset vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",2.0.0,2.7.4.16,HIGH,CWE-269 -CVE-2017-4991,2022-05-13T01:07:26Z,"Cloud Foundry UAA password reset vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.6.10,HIGH,CWE-269 -CVE-2017-4991,2022-05-13T01:07:26Z,"Cloud Foundry UAA password reset vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,3.17.0,HIGH,CWE-269 -CVE-2017-4991,2022-05-13T01:07:26Z,"Cloud Foundry UAA password reset vulnerability","org.cloudfoundry.identity:cloudfoundry-identity-server",3.7.0,3.9.12,HIGH,CWE-269 -CVE-2017-4992,2022-05-13T01:07:25Z,"Cloud Foundry UAA privilege escalation with user invitations","org.cloudfoundry.identity:cloudfoundry-identity-server",2.0.0,2.7.4.17,CRITICAL,CWE-269 -CVE-2017-4992,2022-05-13T01:07:25Z,"Cloud Foundry UAA privilege escalation with user invitations","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.6.11,CRITICAL,CWE-269 -CVE-2017-4992,2022-05-13T01:07:25Z,"Cloud Foundry UAA privilege escalation with user invitations","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,4.2.0,CRITICAL,CWE-269 -CVE-2017-4992,2022-05-13T01:07:25Z,"Cloud Foundry UAA privilege escalation with user invitations","org.cloudfoundry.identity:cloudfoundry-identity-server",3.7.0,3.9.13,CRITICAL,CWE-269 -CVE-2017-4995,2022-05-13T01:02:16Z,"Deserialization of Untrusted Data in Spring Security","org.springframework.security:spring-security-core",4.2.0.RELEASE,4.2.3.RELEASE,HIGH,CWE-502 -CVE-2017-4995,2022-05-13T01:02:16Z,"Deserialization of Untrusted Data in Spring Security","org.springframework.security:spring-security-core",5.0.0.M1,5.0.0.M2,HIGH,CWE-502 -CVE-2017-5617,2018-10-19T16:51:25Z,"Server Side Request Forgery in svgSalamander","com.kitfox.svg:svg-salamander",0,1.1.2,HIGH,CWE-918 -CVE-2017-5635,2022-05-13T01:46:13Z,"Improper Authentication In Apache NiFi",org.apache.nifi:nifi,0,0.7.2,HIGH,CWE-287 -CVE-2017-5635,2022-05-13T01:46:13Z,"Improper Authentication In Apache NiFi",org.apache.nifi:nifi,1.0.0,1.1.2,HIGH,CWE-287 -CVE-2017-5636,2022-05-17T00:26:04Z,"Injection in Apache NiFi",org.apache.nifi:nifi,0,0.7.2,CRITICAL,CWE-74 -CVE-2017-5636,2022-05-17T00:26:04Z,"Injection in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.1.2,CRITICAL,CWE-74 -CVE-2017-5637,2022-05-13T01:08:23Z,"Uncontrolled Resource Consumption in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.4.0,3.4.10,HIGH,CWE-400 -CVE-2017-5637,2022-05-13T01:08:23Z,"Uncontrolled Resource Consumption in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.5.0,3.5.3,HIGH,CWE-400 -CVE-2017-5638,2018-10-18T19:24:26Z,"Apache Struts vulnerable to remote arbitrary command execution due to improper input validation","org.apache.struts:struts2-core",2.3.0,2.3.32,CRITICAL,CWE-20;CWE-755 -CVE-2017-5638,2018-10-18T19:24:26Z,"Apache Struts vulnerable to remote arbitrary command execution due to improper input validation","org.apache.struts:struts2-core",2.5.0,2.5.10.1,CRITICAL,CWE-20;CWE-755 -CVE-2017-5641,2022-05-13T01:02:10Z,"Apache Flex BlazeDS unsafe deserialization","org.apache.flex.blazeds:flex-messaging-core",0,4.7.3,CRITICAL,CWE-502 -CVE-2017-5641,2022-05-13T01:02:10Z,"Apache Flex BlazeDS unsafe deserialization","org.apache.flex.blazeds:flex-messaging-remoting",0,4.7.3,CRITICAL,CWE-502 -CVE-2017-5643,2018-10-16T23:13:11Z,"Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.","org.apache.camel:camel-core",0,2.17.6,HIGH,CWE-918 -CVE-2017-5643,2018-10-16T23:13:11Z,"Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.","org.apache.camel:camel-core",2.18.0,2.18.2,HIGH,CWE-918 -CVE-2017-5644,2022-05-13T01:14:24Z,"Improper Restriction of Recursive Entity References in DTDs in Apache POI",org.apache.poi:poi,0,3.15,MODERATE,CWE-776 -CVE-2017-5645,2020-01-06T18:43:38Z,"Deserialization of Untrusted Data in Log4j","org.apache.logging.log4j:log4j",2.0,2.8.2,CRITICAL,CWE-502 -CVE-2017-5645,2020-01-06T18:43:38Z,"Deserialization of Untrusted Data in Log4j","org.apache.logging.log4j:log4j-core",2.0,2.8.2,CRITICAL,CWE-502 -CVE-2017-5647,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,6.0.0,6.0.53,HIGH,CWE-200 -CVE-2017-5647,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.77,HIGH,CWE-200 -CVE-2017-5647,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.43,HIGH,CWE-200 -CVE-2017-5647,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.13,HIGH,CWE-200 -CVE-2017-5647,2022-05-14T01:10:16Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M19,HIGH,CWE-200 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.76,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.0.42,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.13,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.0.M18,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.76,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat:tomcat-catalina",8.0.0,8.0.42,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat:tomcat-catalina",8.5.0,8.5.13,CRITICAL,CWE-668 -CVE-2017-5648,2022-05-13T01:25:13Z,"Exposure of Resource to Wrong Sphere in Apache Tomcat","org.apache.tomcat:tomcat-catalina",9.0.0.M1,9.0.0.M18,CRITICAL,CWE-668 -CVE-2017-5649,2022-05-17T02:50:39Z,"Apache Geode information disclosure vulnerability","org.apache.geode:geode-core",1.1.0,1.1.1,HIGH,CWE-200 -CVE-2017-5650,2022-05-13T01:46:13Z,"Improper Resource Shutdown or Release in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.13,HIGH,CWE-404 -CVE-2017-5650,2022-05-13T01:46:13Z,"Improper Resource Shutdown or Release in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M19,HIGH,CWE-404 -CVE-2017-5651,2022-05-13T01:46:13Z,"Expected Behavior Violation in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.13,CRITICAL,CWE-440 -CVE-2017-5651,2022-05-13T01:46:13Z,"Expected Behavior Violation in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.0.M19,CRITICAL,CWE-440 -CVE-2017-5651,2022-05-13T01:46:13Z,"Expected Behavior Violation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.13,CRITICAL,CWE-440 -CVE-2017-5651,2022-05-13T01:46:13Z,"Expected Behavior Violation in Apache Tomcat","org.apache.tomcat:tomcat-coyote",9.0.0.M1,9.0.0.M19,CRITICAL,CWE-440 -CVE-2017-5653,2022-05-13T01:09:19Z,"Improper Certificate Validation in Apache CXF",org.apache.cxf:cxf-core,0,3.0.13,MODERATE,CWE-295 -CVE-2017-5653,2022-05-13T01:09:19Z,"Improper Certificate Validation in Apache CXF",org.apache.cxf:cxf-core,3.1.0,3.1.11,MODERATE,CWE-295 -CVE-2017-5656,2022-05-13T01:09:19Z,"Session Fixation in Apache CXF",org.apache.cxf:cxf-core,0,3.0.13,HIGH,CWE-384 -CVE-2017-5656,2022-05-13T01:09:19Z,"Session Fixation in Apache CXF",org.apache.cxf:cxf-core,3.1.0,3.1.11,HIGH,CWE-384 -CVE-2017-5657,2022-05-14T01:09:51Z,"Apache Archiva vulnerable to Cross Site Request Forgery","org.apache.archiva:archiva",0,2.2.3,HIGH,CWE-352 -CVE-2017-5661,2022-05-13T01:07:54Z,"Improper Restriction of XML External Entity Reference in Apache FOP","org.apache.xmlgraphics:fop",0,2.2,HIGH,CWE-611 -CVE-2017-5662,2022-05-13T01:14:24Z,"Improper Restriction of XML External Entity Reference in Apache Batik","org.apache.xmlgraphics:batik",0,1.9,HIGH,CWE-611 -CVE-2017-5664,2022-05-13T01:46:15Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,7.0.0,7.0.78,HIGH,CWE-755 -CVE-2017-5664,2022-05-13T01:46:15Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.0.44,HIGH,CWE-755 -CVE-2017-5664,2022-05-13T01:46:15Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.15,HIGH,CWE-755 -CVE-2017-5664,2022-05-13T01:46:15Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M21,HIGH,CWE-755 -CVE-2017-5929,2021-06-07T16:07:36Z,"QOS.ch Logback vulnerable to Deserialization of Untrusted Data","ch.qos.logback:logback-classic",0,1.2.0,CRITICAL,CWE-502 -CVE-2017-5929,2021-06-07T16:07:36Z,"QOS.ch Logback vulnerable to Deserialization of Untrusted Data","ch.qos.logback:logback-core",0,1.2.0,CRITICAL,CWE-502 -CVE-2017-7525,2018-10-16T17:21:35Z,"jackson-databind is vulnerable to a deserialization flaw","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.1,CRITICAL,CWE-184;CWE-502 -CVE-2017-7525,2018-10-16T17:21:35Z,"jackson-databind is vulnerable to a deserialization flaw","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.1,CRITICAL,CWE-184;CWE-502 -CVE-2017-7525,2018-10-16T17:21:35Z,"jackson-databind is vulnerable to a deserialization flaw","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.9,CRITICAL,CWE-184;CWE-502 -CVE-2017-7536,2020-06-15T19:57:48Z,"Privilege Escalation in Hibernate Validator","org.hibernate:hibernate-validator",5.2.0,5.2.5.Final,HIGH,CWE-470 -CVE-2017-7536,2020-06-15T19:57:48Z,"Privilege Escalation in Hibernate Validator","org.hibernate:hibernate-validator",5.3.0,5.3.6.Final,HIGH,CWE-470 -CVE-2017-7536,2020-06-15T19:57:48Z,"Privilege Escalation in Hibernate Validator","org.hibernate:hibernate-validator",5.4.0,5.4.2.Final,HIGH,CWE-470 -CVE-2017-7545,2022-05-13T01:36:17Z,"XML External Entity Reference in jbpmmigration","org.jbpm.jbpm5:jbpmmigration",0,,MODERATE,CWE-611 -CVE-2017-7556,2022-05-13T01:36:16Z,"Cross-Site Request Forgery in hawtio",io.hawt:project,0,1.5.4,HIGH,CWE-352 -CVE-2017-7559,2022-05-13T01:36:16Z,"Undertow vulnerable to Request Smuggling","io.undertow:undertow-core",1.3.0,1.3.31.Final,MODERATE,CWE-444 -CVE-2017-7559,2022-05-13T01:36:16Z,"Undertow vulnerable to Request Smuggling","io.undertow:undertow-core",1.4.0,1.4.17.Final,MODERATE,CWE-444 -CVE-2017-7559,2022-05-13T01:36:16Z,"Undertow vulnerable to Request Smuggling","io.undertow:undertow-core",2.0.0.Alpha1,2.0.0.Alpha2,MODERATE,CWE-444 -CVE-2017-7561,2022-05-13T01:47:01Z,"Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP","org.jboss.resteas:resteasy-jaxrs",3.0.7.Final,3.0.25.Final,HIGH,CWE-444 -CVE-2017-7561,2022-05-13T01:47:01Z,"Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP","org.jboss.resteas:resteasy-jaxrs",3.1.4.Final,3.5.0.CR1,HIGH,CWE-444 -CVE-2017-7656,2018-10-19T16:16:27Z,"Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)","org.eclipse.jetty:jetty-server",0,9.3.24.v20180605,HIGH,CWE-444 -CVE-2017-7656,2018-10-19T16:16:27Z,"Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)","org.eclipse.jetty:jetty-server",9.4.0,9.4.11.v20180605,HIGH,CWE-444 -CVE-2017-7657,2018-10-19T16:15:34Z,"Critical severity vulnerability that affects org.eclipse.jetty:jetty-server","org.eclipse.jetty:jetty-server",0,9.2.25.v20180606,CRITICAL,CWE-190;CWE-444 -CVE-2017-7657,2018-10-19T16:15:34Z,"Critical severity vulnerability that affects org.eclipse.jetty:jetty-server","org.eclipse.jetty:jetty-server",9.3.0,9.3.24.v20180605,CRITICAL,CWE-190;CWE-444 -CVE-2017-7658,2018-10-19T16:16:38Z,"Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)","org.eclipse.jetty:jetty-server",0,9.2.25.v20180606,CRITICAL,CWE-444 -CVE-2017-7658,2018-10-19T16:16:38Z,"Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)","org.eclipse.jetty:jetty-server",9.3.0,9.3.24.v20180605,CRITICAL,CWE-444 -CVE-2017-7658,2018-10-19T16:16:38Z,"Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)","org.eclipse.jetty:jetty-server",9.4.0,9.4.11.v20180605,CRITICAL,CWE-444 -CVE-2017-7660,2022-05-14T01:56:08Z,"Apache Solr insecure inter-node communication","org.apache.solr:solr-core",5.3.0,5.5.5,HIGH,CWE-287 -CVE-2017-7660,2022-05-14T01:56:08Z,"Apache Solr insecure inter-node communication","org.apache.solr:solr-core",6.0.0,6.6.0,HIGH,CWE-287 -CVE-2017-7661,2018-10-18T16:56:38Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-jetty8",0,1.3.2,MODERATE,CWE-352 -CVE-2017-7661,2018-10-18T16:56:38Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-jetty9",0,1.3.2,MODERATE,CWE-352 -CVE-2017-7661,2018-10-18T16:56:38Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring2",0,1.2.4,MODERATE,CWE-352 -CVE-2017-7661,2018-10-18T16:56:38Z,"Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, and org.apache.cxf.fediz:fediz-spring2","org.apache.cxf.fediz:fediz-spring2",1.3.0,1.3.2,MODERATE,CWE-352 -CVE-2017-7662,2022-05-13T01:09:19Z,"Cross-Site Request Forgery in Apache CXF Fediz","org.apache.cxf.fediz:fediz-oidc",0,1.3.2,HIGH,CWE-352 -CVE-2017-7663,2022-05-17T02:28:11Z,"Apache OpenMeetings Cross-site Scripting vulnerability","org.apache.openmeetings:openmeetings-parent",3.2.0,3.3.0,MODERATE,CWE-79 -CVE-2017-7664,2022-05-17T02:28:11Z,"Apache OpenMeetings does not correctly validate uploaded XML documents","org.apache.openmeetings:openmeetings-parent",3.1.0,3.3.0,CRITICAL,CWE-611 -CVE-2017-7665,2022-05-17T02:40:53Z,"Cross-site Scripting in Apache NiFi",org.apache.nifi:nifi,0,0.7.4,MODERATE,CWE-79 -CVE-2017-7665,2022-05-17T02:40:53Z,"Cross-site Scripting in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.3.0,MODERATE,CWE-79 -CVE-2017-7666,2022-05-17T02:28:11Z,"Apache OpenMeetings vulnerable to Cross-Site Request Forgery","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH,CWE-352 -CVE-2017-7667,2022-05-17T02:40:53Z,"Origin Validation Error in Apache NiFi ",org.apache.nifi:nifi,0,0.7.4,HIGH,CWE-346 -CVE-2017-7667,2022-05-17T02:40:53Z,"Origin Validation Error in Apache NiFi ",org.apache.nifi:nifi,1.0.0,1.3.0,HIGH,CWE-346 -CVE-2017-7669,2022-05-17T02:41:57Z,"Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation","org.apache.hadoop:hadoop-common",0,2.8.1,HIGH,CWE-20 -CVE-2017-7669,2022-05-17T02:41:57Z,"Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation","org.apache.hadoop:hadoop-common",3.0.0-alpha1,3.0.0-alpha3,HIGH,CWE-20 -CVE-2017-7672,2018-10-16T19:36:43Z,"Apache Struts Improper Input Validation vulnerability","org.apache.struts:struts2-core",2.5.0,2.5.12,MODERATE,CWE-20 -CVE-2017-7673,2022-05-13T01:47:04Z,"Apache OpenMeetings has Inadequate Encryption Strength","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,CRITICAL,CWE-326 -CVE-2017-7674,2022-05-14T01:10:15Z,"Insufficient Verification of Data Authenticity in Apache Tomcat",org.apache.tomcat:tomcat,7.0.41,7.0.79,MODERATE,CWE-345 -CVE-2017-7674,2022-05-14T01:10:15Z,"Insufficient Verification of Data Authenticity in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0.RC1,8.0.45,MODERATE,CWE-345 -CVE-2017-7674,2022-05-14T01:10:15Z,"Insufficient Verification of Data Authenticity in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.16,MODERATE,CWE-345 -CVE-2017-7674,2022-05-14T01:10:15Z,"Insufficient Verification of Data Authenticity in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M22,MODERATE,CWE-345 -CVE-2017-7675,2022-05-14T00:58:29Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.16,HIGH,CWE-22 -CVE-2017-7675,2022-05-14T00:58:29Z,"Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.0.M22,HIGH,CWE-22 -CVE-2017-7676,2018-10-17T17:22:38Z,"Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character",org.apache.ranger:ranger,0,0.7.1,CRITICAL,CWE-20 -CVE-2017-7677,2018-10-17T17:22:49Z,"Moderate severity vulnerability that affects org.apache.ranger:ranger",org.apache.ranger:ranger,0,0.7.1,MODERATE,CWE-862 -CVE-2017-7678,2018-11-09T17:43:08Z,"Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11","org.apache.spark:spark-core_2.10",0,2.2.0,MODERATE,CWE-79 -CVE-2017-7678,2018-11-09T17:43:08Z,"Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11","org.apache.spark:spark-core_2.11",0,2.2.0,MODERATE,CWE-79 -CVE-2017-7680,2022-05-13T01:47:04Z,"Apache OpenMeetings allows flash content to be loaded from untrusted domains","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH, -CVE-2017-7681,2022-05-17T02:28:11Z,"Apache OpenMeetings vulnerable to SQL injection","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH,CWE-89 -CVE-2017-7682,2022-05-13T01:47:04Z,"Apache OpenMeetings vulnerable to parameter manipulation attacks","org.apache.openmeetings:openmeetings-parent",3.2.0,3.3.0,HIGH, -CVE-2017-7683,2022-05-17T02:28:11Z,"Apache OpenMeetings displays Tomcat version and detailed error stack trace","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH,CWE-200 -CVE-2017-7684,2022-05-13T01:47:06Z,"Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH,CWE-400 -CVE-2017-7685,2022-05-13T01:47:05Z,"Apache OpenMeetings responds to insecure HTTP methods","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,MODERATE, -CVE-2017-7686,2018-10-16T20:53:20Z,"Apache Ignite communicates to an external PHP server where sensitive information is sent","org.apache.ignite:ignite-core",0,2.1,HIGH,CWE-200 -CVE-2017-7687,2022-05-13T01:47:05Z,"Denial of service in Apache Mesos",org.apache.mesos:mesos,0,1.1.3,HIGH, -CVE-2017-7687,2022-05-13T01:47:05Z,"Denial of service in Apache Mesos",org.apache.mesos:mesos,1.2.0,1.2.2,HIGH, -CVE-2017-7687,2022-05-13T01:47:05Z,"Denial of service in Apache Mesos",org.apache.mesos:mesos,1.3.0,1.3.1,HIGH, -CVE-2017-7688,2022-05-13T01:47:05Z,"Apache OpenMeetings updates user password in insecure manner","org.apache.openmeetings:openmeetings-parent",1.0.0,3.3.0,HIGH, -CVE-2017-7957,2020-06-30T22:48:24Z,"Denial of service in XStream","com.thoughtworks.xstream:xstream",0,1.4.10,HIGH,CWE-20 -CVE-2017-8028,2022-05-13T01:12:09Z,"Improper Authentication in Pivotal Spring-LDAP","org.springframework.ldap:spring-ldap-core",1.3.0,2.3.2,HIGH,CWE-287 -CVE-2017-8031,2022-05-13T01:10:00Z,"Cloud Foundry UAA Denial of Service through client token revocation endpoint","org.cloudfoundry.identity:cloudfoundry-identity-server",0,3.20.1,MODERATE, -CVE-2017-8031,2022-05-13T01:10:00Z,"Cloud Foundry UAA Denial of Service through client token revocation endpoint","org.cloudfoundry.identity:cloudfoundry-identity-server",4.0.0,4.5.3,MODERATE, -CVE-2017-8031,2022-05-13T01:10:00Z,"Cloud Foundry UAA Denial of Service through client token revocation endpoint","org.cloudfoundry.identity:cloudfoundry-identity-server",4.6.0,4.7.1,MODERATE, -CVE-2017-8032,2022-05-13T01:07:27Z,"Cloud Foundry UAA Identity Zone Admin Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",0,3.6.13,MODERATE,CWE-269 -CVE-2017-8032,2022-05-13T01:07:27Z,"Cloud Foundry UAA Identity Zone Admin Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.10.0,3.20.0,MODERATE,CWE-269 -CVE-2017-8032,2022-05-13T01:07:27Z,"Cloud Foundry UAA Identity Zone Admin Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",3.7.0,3.9.15,MODERATE,CWE-269 -CVE-2017-8032,2022-05-13T01:07:27Z,"Cloud Foundry UAA Identity Zone Admin Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",4.0.0,4.4.0,MODERATE,CWE-269 -CVE-2017-8039,2022-05-13T01:47:15Z,"Insecure Default Initialization of Resource in Pivotal Spring Web Flow","org.springframework.webflow:spring-webflow",0,2.4.6,MODERATE,CWE-1188 -CVE-2017-8045,2022-05-17T00:16:13Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",0,1.5.7,CRITICAL,CWE-502 -CVE-2017-8045,2022-05-17T00:16:13Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",1.6.0,1.6.11,CRITICAL,CWE-502 -CVE-2017-8045,2022-05-17T00:16:13Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",1.7.0,1.7.4,CRITICAL,CWE-502 -CVE-2017-8046,2022-05-13T01:02:43Z,"Remote code execution in PATCH requests in Spring Data REST","org.springframework.data:spring-data-rest-core",0,2.6.9.RELEASE,CRITICAL,CWE-20 -CVE-2017-8046,2022-05-13T01:02:43Z,"Remote code execution in PATCH requests in Spring Data REST","org.springframework.data:spring-data-rest-core",3.0.0,3.0.1.RELEASE,CRITICAL,CWE-20 -CVE-2017-8446,2022-05-13T01:36:10Z,"Improper Privilege Management in X-Pack ","org.elasticsearch.plugin:x-pack",0,5.5.2,MODERATE,CWE-269 -CVE-2017-9096,2022-05-13T01:14:24Z,"Improper Restriction of XML External Entity Reference in iText",com.itextpdf:itextpdf,0,5.5.12,HIGH,CWE-611 -CVE-2017-9096,2022-05-13T01:14:24Z,"Improper Restriction of XML External Entity Reference in iText",com.itextpdf:itextpdf,7.0.0,7.0.3,HIGH,CWE-611 -CVE-2017-9096,2022-05-13T01:14:24Z,"Improper Restriction of XML External Entity Reference in iText",com.lowagie:itext,0,,HIGH,CWE-611 -CVE-2017-9735,2018-10-19T16:15:46Z,"Jetty vulnerable to exposure of sensitive information due to observable discrepancy","org.eclipse.jetty:jetty-server",0,9.2.22.v20170606,HIGH,CWE-200;CWE-203 -CVE-2017-9735,2018-10-19T16:15:46Z,"Jetty vulnerable to exposure of sensitive information due to observable discrepancy","org.eclipse.jetty:jetty-server",9.3.0,9.3.20.v20170531,HIGH,CWE-200;CWE-203 -CVE-2017-9735,2018-10-19T16:15:46Z,"Jetty vulnerable to exposure of sensitive information due to observable discrepancy","org.eclipse.jetty:jetty-server",9.4.0,9.4.6.v20170531,HIGH,CWE-200;CWE-203 -CVE-2017-9787,2018-10-16T19:37:07Z,"Spring AOP functionality (Struts) vulnerable to DoS attack","org.apache.struts:struts2-core",2.3.7,2.3.33,HIGH, -CVE-2017-9787,2018-10-16T19:37:07Z,"Spring AOP functionality (Struts) vulnerable to DoS attack","org.apache.struts:struts2-core",2.5.0,2.5.12,HIGH, -CVE-2017-9790,2022-05-13T01:48:07Z,"Use after free in Apache Mesos",org.apache.mesos:mesos,0,1.1.3,HIGH,CWE-416 -CVE-2017-9790,2022-05-13T01:48:07Z,"Use after free in Apache Mesos",org.apache.mesos:mesos,1.2.0,1.2.2,HIGH,CWE-416 -CVE-2017-9790,2022-05-13T01:48:07Z,"Use after free in Apache Mesos",org.apache.mesos:mesos,1.3.0,1.3.1,HIGH,CWE-416 -CVE-2017-9791,2022-05-13T01:26:13Z,"Code execution in Apache Struts 1 plugin","org.apache.struts:struts2-struts1-plugin",0,,CRITICAL,CWE-20 -CVE-2017-9793,2018-10-16T19:37:22Z,"The REST Plugin in Apache Struts is using an outdated XStream library","org.apache.struts:struts2-rest-plugin",0,2.3.34,HIGH,CWE-20 -CVE-2017-9793,2018-10-16T19:37:22Z,"The REST Plugin in Apache Struts is using an outdated XStream library","org.apache.struts:struts2-rest-plugin",2.5.0,2.5.13,HIGH,CWE-20 -CVE-2017-9794,2022-05-17T00:34:39Z,"Apache Geode gfsh query vulnerability","org.apache.geode:geode-core",1.0.0,1.2.1,MODERATE,CWE-200 -CVE-2017-9795,2022-05-14T00:57:16Z,"Apache Geode OQL method invocation vulnerability","org.apache.geode:geode-core",1.0.0,1.3.0,HIGH,CWE-200 -CVE-2017-9796,2022-05-14T03:46:41Z,"Apache Geode OQL bind parameter vulnerability","org.apache.geode:geode-core",1.0.0,1.3.0,MODERATE,CWE-200 -CVE-2017-9797,2022-05-13T01:48:08Z,"Apache Geode vulnerable to Exposure of Sensitive Information","org.apache.geode:geode-core",1.0.0,1.2.1,MODERATE,CWE-200 -CVE-2017-9799,2018-10-17T18:30:01Z,"Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user","org.apache.storm:storm-core",1.0.0,1.0.4,HIGH, -CVE-2017-9799,2018-10-17T18:30:01Z,"Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user","org.apache.storm:storm-core",1.1.0,1.1.1,HIGH, -CVE-2017-9801,2022-05-17T02:15:41Z,"Improper Input Validation in Apache Commons Email","org.apache.commons:commons-email",1.0,1.5,HIGH,CWE-20 -CVE-2017-9802,2022-05-14T02:45:32Z,"Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post","org.apache.sling:org.apache.sling.servlets.post",0,2.3.22,MODERATE,CWE-79 -CVE-2017-9803,2022-05-14T01:23:18Z,"Apache Solr Kerberos delegation token functionality flaws","org.apache.solr:solr-core",6.2.0,6.6.1,HIGH,CWE-287 -CVE-2017-9804,2018-10-16T19:37:33Z,"Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used","org.apache.struts:struts2-core",2.3.7,2.3.34,HIGH,CWE-20 -CVE-2017-9804,2018-10-16T19:37:33Z,"Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used","org.apache.struts:struts2-core",2.5.0,2.5.13,HIGH,CWE-20 -CVE-2017-9805,2018-10-16T19:37:56Z,"REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering","org.apache.struts:struts2-rest-plugin",2.1.2,2.3.34,HIGH,CWE-502 -CVE-2017-9805,2018-10-16T19:37:56Z,"REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering","org.apache.struts:struts2-rest-plugin",2.5.0,2.5.13,HIGH,CWE-502 -CVE-2018-1000008,2022-05-14T03:46:09Z,"XXE vulnerability in Jenkins PMD Plugin","org.jvnet.hudson.plugins:pmd",0,3.50,HIGH,CWE-611 -CVE-2018-1000009,2022-05-14T03:46:09Z,"XXE vulnerability in Jenkins Checkstyle Plugin","org.jvnet.hudson.plugins:checkstyle",0,3.50,HIGH,CWE-611 -CVE-2018-1000010,2022-05-14T03:46:09Z,"XXE vulnerability in Jenkins DRY Plugin","org.jvnet.hudson.plugins:dry",0,2.50,HIGH,CWE-611 -CVE-2018-1000011,2022-05-14T03:46:08Z,"XML External Entity Reference in Jenkins FindBugs Plugin","org.jvnet.hudson.plugins.findbugs:library",0,,HIGH,CWE-611 -CVE-2018-1000012,2022-05-14T03:45:49Z,"XXE vulnerability Jenkins Warnings Plugin","org.jvnet.hudson.plugins:warnings",0,4.65,HIGH,CWE-611 -CVE-2018-1000013,2022-05-14T03:45:49Z,"CSRF vulnerability in Jenkins Release plugin","org.jenkins-ci.plugins:release",0,2.10,HIGH,CWE-352 -CVE-2018-1000014,2022-05-14T03:45:49Z,"CSRF vulnerability in Jenkins Translation Assistance plugin","org.jenkins-ci.plugins:translation",0,1.16,HIGH,CWE-352 -CVE-2018-1000015,2022-05-13T01:18:43Z,"Incorrect permission checks in Pipeline: Nodes and Processes plugin","org.jenkins-ci.plugins.workflow:workflow-durable-task-step",0,2.18,MODERATE,CWE-862 -CVE-2018-1000054,2022-05-14T03:38:33Z,"Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference","org.jvnet.hudson.plugins:ccm",0,3.2,HIGH,CWE-611 -CVE-2018-1000055,2022-05-14T03:40:06Z,"XXE vulnerability in Jenkins Android Lint Plugin","org.jvnet.hudson.plugins:android-lint",0,2.6,HIGH,CWE-611 -CVE-2018-1000056,2022-05-14T03:40:06Z,"Improper Restriction of XML External Entity Reference in Jenkins JUnit Plugin","org.jenkins-ci.plugins:junit",0,1.24,HIGH,CWE-611 -CVE-2018-1000057,2022-05-13T01:48:30Z,"Jenkins Credentials Binding Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:credentials-binding",0,1.15,MODERATE,CWE-522 -CVE-2018-1000058,2022-05-14T03:40:05Z,"Arbitrary code execution due to incomplete sandbox protection in Pipeline: Supporting APIs Plugin","org.jenkins-ci.plugins.workflow:workflow-support",0,2.18,HIGH,CWE-502 -CVE-2018-1000067,2022-05-13T01:01:03Z,"Server-Side Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.89.4,MODERATE,CWE-918 -CVE-2018-1000067,2022-05-13T01:01:03Z,"Server-Side Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.90,2.107,MODERATE,CWE-918 -CVE-2018-1000068,2022-05-13T01:01:02Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.89.4,MODERATE,CWE-200 -CVE-2018-1000068,2022-05-13T01:01:02Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.90,2.107,MODERATE,CWE-200 -CVE-2018-1000073,2022-05-13T01:18:44Z,"RubyGems Link Following vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,HIGH,CWE-59 -CVE-2018-1000074,2022-05-14T01:01:12Z,"RubyGems Deserialization of Untrusted Data vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,HIGH,CWE-502 -CVE-2018-1000075,2022-05-13T01:48:31Z,"RubyGems Infinite Loop vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,HIGH,CWE-835 -CVE-2018-1000076,2022-05-14T01:01:12Z,"RubyGems Improper Verification of Cryptographic Signature vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,CRITICAL,CWE-347 -CVE-2018-1000077,2022-05-14T01:01:09Z,"RubyGems Improper Input Validation vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,MODERATE,CWE-20 -CVE-2018-1000078,2022-05-14T01:01:09Z,"RubyGems Cross-site Scripting vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,MODERATE,CWE-79 -CVE-2018-1000079,2022-05-14T01:54:40Z,"RubyGems Path Traversal vulnerability",org.jruby:jruby-stdlib,0,9.1.16.0,MODERATE,CWE-22 -CVE-2018-1000104,2022-05-13T01:48:31Z,"Jenkins Coverity Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:coverity",0,1.11.0,LOW,CWE-522 -CVE-2018-1000105,2022-05-13T01:48:31Z,"Incorrect Authorization in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.27.5,MODERATE,CWE-863 -CVE-2018-1000106,2022-05-13T01:48:31Z,"Incorrect Authorization in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.27.5,MODERATE,CWE-863 -CVE-2018-1000107,2022-05-13T01:48:31Z,"Improper authorization in Jenkins Job and Node Ownership Plugin","com.synopsys.jenkinsci:ownership",0,0.12.0,MODERATE,CWE-285 -CVE-2018-1000108,2022-05-14T03:33:40Z,"Reflected cross-site-scripting vulnerability in report URL of Jenkins CppNCSS Plugin","org.jenkins-ci.plugins:cppncss",0,1.2,MODERATE,CWE-79 -CVE-2018-1000109,2022-05-13T01:48:31Z,"Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs","org.jenkins-ci.plugins:google-play-android-publisher",0,1.7,MODERATE,CWE-863 -CVE-2018-1000110,2022-05-13T01:48:31Z,"Incorrect Authorization in Jenkins Git Plugin","org.jenkins-ci.plugins:git",0,3.8.0,MODERATE,CWE-863 -CVE-2018-1000111,2022-05-13T01:48:32Z,"Jenkins Subversion Plugin Incorrect Authorization vulnerability","org.jenkins-ci.plugins:subversion",0,2.10.3,MODERATE,CWE-863 -CVE-2018-1000112,2022-05-13T01:48:32Z,"Incorrect Authorization in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",0,2.3,MODERATE,CWE-863 -CVE-2018-1000113,2022-05-14T03:33:40Z,"Stored cross-site scripting vulnerability in Jenkins TestLink Plugin","org.jenkins-ci.plugins:testlink",0,2.13,MODERATE,CWE-79 -CVE-2018-1000114,2022-05-13T01:48:32Z,"Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes","org.jenkins-ci.plugins:promoted-builds",0,3.0,MODERATE,CWE-863 -CVE-2018-1000129,2022-05-14T01:27:45Z,"Cross-site Scripting in Jolokia agent",org.jolokia:jolokia-core,1.3.7,1.5.0,MODERATE,CWE-79 -CVE-2018-1000130,2022-05-14T01:27:09Z,"Injection in Jolokia agent",org.jolokia:jolokia-core,1.3.7,1.5.0,HIGH,CWE-74 -CVE-2018-1000134,2022-05-13T01:48:32Z,"Weak Password Requirements in UnboundID LDAP SDK","com.unboundid:unboundid-ldapsdk",1.1.0,4.0.5,CRITICAL,CWE-521 -CVE-2018-1000142,2022-05-14T03:23:44Z,"Jenkins GitHub Pull Request Builder Plugin allows attacker with local file system access to obtain GitHub credentials","org.jenkins-ci.plugins:ghprb",0,1.40.0,MODERATE,CWE-200 -CVE-2018-1000143,2022-05-14T03:23:44Z,"Jenkins GitHub Pull Request Builder Plugin ","org.jenkins-ci.plugins:ghprb",0,1.32.1,LOW,CWE-200 -CVE-2018-1000144,2022-05-14T03:23:50Z,"Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability","org.jenkins-ci.plugins:cucumber-living-documentation",0,1.1.0,MODERATE,CWE-79 -CVE-2018-1000145,2022-05-13T01:48:33Z,"Jenkins Perforce Plugin uses ineffective credentials encryption","org.jvnet.hudson.plugins:perforce",0,,MODERATE,CWE-200 -CVE-2018-1000146,2022-05-13T01:48:33Z,"Liquibase Runner Plugin allows users to load arbitrary Java code into controller JVM ","org.jenkins-ci.plugins:liquibase-runner",0,1.4.3,HIGH, -CVE-2018-1000147,2022-05-14T03:23:45Z,"Jenkins Perforce Plugin exposure of sensitive information vulnerability exists","org.jvnet.hudson.plugins:perforce",0,,MODERATE,CWE-200 -CVE-2018-1000148,2022-05-14T03:23:41Z,"Jenkins Copy To Slave Plugin allows access to arbitrary files on the Jenkins controller file system ","org.jenkins-ci.plugins:copy-to-slave",0,,MODERATE,CWE-200 -CVE-2018-1000149,2022-05-13T01:18:44Z,"Jenkins Ansible Plugin man in the middle vulnerability","org.jenkins-ci.plugins:ansible",0,1.0,MODERATE, -CVE-2018-1000150,2022-05-14T03:23:45Z,"Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users","org.jenkins-ci.plugins:reverse-proxy-auth-plugin",0,1.6.0,LOW,CWE-200 -CVE-2018-1000151,2022-05-14T03:23:45Z,"Jenkins vSphere Plugin disables SSL/TLS certificate validation by default","org.jenkins-ci.plugins:vsphere-cloud",0,2.17,MODERATE,CWE-295 -CVE-2018-1000152,2022-05-13T01:48:33Z,"Jenkins vSphere Plugin incorrect authorization vulnerability","org.jenkins-ci.plugins:vsphere-cloud",0,2.17,MODERATE,CWE-863 -CVE-2018-1000153,2022-05-14T03:23:41Z,"Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:vsphere-cloud",0,2.17,HIGH,CWE-352 -CVE-2018-1000169,2022-05-14T00:55:17Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.107.2,MODERATE,CWE-200 -CVE-2018-1000169,2022-05-14T00:55:17Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.108,2.116,MODERATE,CWE-200 -CVE-2018-1000170,2022-05-14T01:04:36Z,"Cross-site Scripting in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.107.2,MODERATE,CWE-79 -CVE-2018-1000170,2022-05-14T01:04:36Z,"Cross-site Scripting in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.108,2.116,MODERATE,CWE-79 -CVE-2018-1000173,2022-05-14T03:18:40Z,"Jenkins Google Login Plugin Session Fixation vulnerability","org.jenkins-ci.plugins:google-login",0,1.3.1,MODERATE,CWE-384 -CVE-2018-1000174,2022-05-14T03:18:40Z,"Jenkins Google Login Plugin Open Redirect vulnerability","org.jenkins-ci.plugins:google-login",0,1.3.1,MODERATE,CWE-601 -CVE-2018-1000175,2022-05-14T03:18:39Z,"Jenkins HTML Publisher Plugin path traversal vulnerability","org.jenkins-ci.plugins:htmlpublisher",0,1.16,MODERATE,CWE-22 -CVE-2018-1000176,2022-05-14T03:18:39Z,"Jenkins Email Extension Plugin showed plain text SMTP password in configuration form field","org.jenkins-ci.plugins:email-ext",0,2.62,MODERATE,CWE-200 -CVE-2018-1000177,2022-05-14T03:18:39Z,"Stored XSS vulnerability in Jenkins S3 Publisher Plugin","org.jenkins-ci.plugins:s3",0,0.11.0,MODERATE,CWE-79 -CVE-2018-1000180,2018-10-16T17:44:39Z,"Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator","org.bouncycastle:bcprov-jdk14",0,1.60,HIGH,CWE-327 -CVE-2018-1000180,2018-10-16T17:44:39Z,"Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator","org.bouncycastle:bcprov-jdk15",0,1.60,HIGH,CWE-327 -CVE-2018-1000182,2022-05-14T03:13:26Z,"Server-Side Request Forgery in Jenkins Git Plugin","org.jenkins-ci.plugins:git",0,3.9.1,MODERATE,CWE-918 -CVE-2018-1000183,2022-05-14T03:13:13Z,"Jenkins GitHub Plugin exposure of sensitive information vulnerability exists","com.coravy.hudson.plugins.github:github",0,1.29.1,MODERATE,CWE-200 -CVE-2018-1000184,2022-05-14T03:13:13Z,"Jenkins GitHub Plugin server-side request forgery vulnerability exists","com.coravy.hudson.plugins.github:github",0,1.29.1,MODERATE,CWE-918 -CVE-2018-1000185,2022-05-14T03:13:13Z,"Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery","org.jenkins-ci.plugins:github-branch-source",0,2.3.5,MODERATE,CWE-918 -CVE-2018-1000186,2022-05-14T03:13:13Z,"Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability","org.jenkins-ci.plugins:ghprb",0,1.42.0,LOW,CWE-200 -CVE-2018-1000187,2022-05-14T03:13:13Z,"Exposure of Sensitive Information in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",0,1.7.1,MODERATE,CWE-200 -CVE-2018-1000188,2022-05-14T03:13:13Z,"Jenkins CAS Plugin Server-Side Request Forgery vulnerability","org.jenkins-ci.plugins:cas-plugin",0,1.4.2,MODERATE,CWE-918 -CVE-2018-1000189,2022-05-13T01:48:34Z,"CSRF vulnerability and missing permission checks in Jenkins AbsInt Astrée Plugin","org.jenkins-ci.plugins:absint-astree",0,1.0.7,HIGH, -CVE-2018-1000190,2022-05-14T03:13:12Z,"Exposure of sensitive information vulnerability in Jenkins Black Duck Hub Plugin","com.blackducksoftware.integration:blackduck-hub",0,4.0.1,MODERATE,CWE-200 -CVE-2018-1000191,2022-05-14T01:09:55Z,"Jenkins Black Duck Detect Plugin information exposure vulnerability","com.synopsys.integration:synopsys-detect",0,1.4.1,MODERATE,CWE-200 -CVE-2018-1000192,2022-05-13T01:01:02Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.107.3,MODERATE,CWE-200 -CVE-2018-1000192,2022-05-13T01:01:02Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.108,2.121,MODERATE,CWE-200 -CVE-2018-1000193,2022-05-13T01:01:02Z,"Injection in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.107.3,MODERATE,CWE-74 -CVE-2018-1000193,2022-05-13T01:01:02Z,"Injection in Jenkins","org.jenkins-ci.main:jenkins-core",2.108,2.121,MODERATE,CWE-74 -CVE-2018-1000194,2022-05-13T01:01:01Z,"Path Traversal in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.107.3,HIGH,CWE-22 -CVE-2018-1000194,2022-05-13T01:01:01Z,"Path Traversal in Jenkins","org.jenkins-ci.main:jenkins-core",2.108,2.121,HIGH,CWE-22 -CVE-2018-1000195,2022-05-13T01:01:01Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.107.3,MODERATE,CWE-352 -CVE-2018-1000195,2022-05-13T01:01:01Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.108,2.121,MODERATE,CWE-352 -CVE-2018-1000196,2022-05-14T03:13:12Z,"Jenkins Gitlab Hook Plugin stores and displays GitLab API token in plain text","org.jenkins-ci.ruby-plugins:gitlab-hook",0,,MODERATE,CWE-200 -CVE-2018-1000197,2022-05-13T01:48:34Z,"Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration","com.blackducksoftware.integration:blackduck-hub",0,3.1.0,HIGH,CWE-863 -CVE-2018-1000198,2022-05-14T03:13:12Z,"XML External Entity processing vulnerability in Jenkins Black Duck Hub Plugin","com.blackducksoftware.integration:blackduck-hub",0,4.0.0,MODERATE,CWE-611 -CVE-2018-1000202,2022-05-14T03:13:13Z,"Jenkins Groovy Postbuild Plugin vulnerable to Cross-site Scripting","org.jvnet.hudson.plugins:groovy-postbuild",0,2.4,MODERATE,CWE-79 -CVE-2018-1000401,2022-05-13T01:48:37Z,"Jenkins AWS CodePipeline Plugin has Insufficiently Protected Credentials","com.amazonaws:aws-codepipeline",0,0.37,HIGH,CWE-522 -CVE-2018-1000402,2022-05-14T03:00:09Z,"Jenkins AWS CodeDeploy Plugin has Insufficiently Protected Credentials",com.amazonaws:codedeploy,0,1.20,MODERATE,CWE-522 -CVE-2018-1000403,2022-05-13T01:48:37Z,"AWS CodeDeploy Plugin stored AWS Secret Key in plain text",com.amazonaws:codedeploy,0,1.20,HIGH,CWE-522 -CVE-2018-1000404,2022-05-13T01:48:36Z,"Insufficiently Protected Credentials in Jenkins AWS CodeBuild Plugin","com.amazonaws:aws-codebuild",0,0.27,HIGH,CWE-522 -CVE-2018-1000406,2022-05-14T01:04:36Z,"Path Traversal in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,MODERATE,CWE-22 -CVE-2018-1000406,2022-05-14T01:04:36Z,"Path Traversal in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,MODERATE,CWE-22 -CVE-2018-1000407,2022-05-14T01:04:36Z,"Cross-site Scripting in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,MODERATE,CWE-79 -CVE-2018-1000407,2022-05-14T01:04:36Z,"Cross-site Scripting in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,MODERATE,CWE-79 -CVE-2018-1000408,2022-05-13T01:48:36Z,"Improper Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,MODERATE,CWE-285 -CVE-2018-1000408,2022-05-13T01:48:36Z,"Improper Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,MODERATE,CWE-285 -CVE-2018-1000409,2022-05-14T01:04:36Z,"Session Fixation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,MODERATE,CWE-384 -CVE-2018-1000409,2022-05-14T01:04:36Z,"Session Fixation in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,MODERATE,CWE-384 -CVE-2018-1000410,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,HIGH,CWE-200 -CVE-2018-1000410,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,HIGH,CWE-200 -CVE-2018-1000411,2022-05-14T01:38:48Z,"Jenkins JUnit Plugin CSRF vulnerability","org.jenkins-ci.plugins:junit",0,1.26,MODERATE,CWE-352 -CVE-2018-1000412,2022-05-13T01:18:46Z,"Jenkins Jira Plugin Incorrect Authorization vulnerability","org.jenkins-ci.plugins:jira",0,3.0.2,MODERATE,CWE-863 -CVE-2018-1000413,2022-05-14T01:40:44Z,"Stored XSS vulnerability in Config File Provider Plugin ","org.jenkins-ci.plugins:config-file-provider",0,3.2,MODERATE,CWE-79 -CVE-2018-1000414,2022-05-14T01:39:42Z,"CSRF vulnerability in Config File Provider Plugin ","org.jenkins-ci.plugins:config-file-provider",0,3.2,HIGH,CWE-352 -CVE-2018-1000415,2022-05-14T01:38:17Z,"Cross-site Scripting in Jenkins Rebuilder Plugin","com.sonyericsson.hudson.plugins.rebuild:rebuild",0,1.29,MODERATE,CWE-79 -CVE-2018-1000416,2022-05-14T00:53:49Z,"Jenkins Job Config History Plugin reflected XSS vulnerability","org.jenkins-ci.plugins:jobConfigHistory",0,2.18.1,MODERATE,CWE-79 -CVE-2018-1000417,2022-05-14T01:39:42Z,"CSRF vulnerability in Email Extension Template Plugin ","org.jenkins-ci.plugins:email-ext",0,1.1,HIGH,CWE-352 -CVE-2018-1000418,2022-05-13T01:18:46Z,"Jenkins HipChat Plugin allows credential capture due to incorrect authorization","org.jvnet.hudson.plugins:hipchat",0,2.2.1,HIGH,CWE-863 -CVE-2018-1000419,2022-05-13T01:18:46Z,"Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs","org.jvnet.hudson.plugins:hipchat",0,2.2.1,MODERATE, -CVE-2018-1000420,2022-05-13T01:48:37Z,"Improper authorization vulnerability in Jenkins Mesos Plugin","org.jenkins-ci.plugins:mesos",0,0.18,MODERATE,CWE-863 -CVE-2018-1000421,2022-05-14T01:38:17Z,"Server-side request forgery vulnerability in Jenkins Mesos Plugin","org.jenkins-ci.plugins:mesos",0,0.18,MODERATE,CWE-918 -CVE-2018-1000422,2022-05-14T01:38:17Z,"Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability","org.jenkins-ci.plugins:crowd2",0,2.0.1,MODERATE,CWE-918 -CVE-2018-1000423,2022-05-13T01:18:46Z,"Jenkins Crowd 2 Integration Plugin stored credentials in plain text ","org.jenkins-ci.plugins:crowd2",0,2.0.1,HIGH,CWE-522 -CVE-2018-1000424,2022-05-13T01:18:46Z,"Jenkins Artifactory Plugin stored old directly entered credentials unencrypted on disk ","org.jenkins-ci.plugins:artifactory",0,2.16.2,HIGH,CWE-522 -CVE-2018-1000425,2022-05-13T01:18:46Z,"Jenkins SonarQube Scanner Plugin stored server authentication token in plain text","org.jenkins-ci.plugins:sonar",0,2.8.1,HIGH,CWE-522 -CVE-2018-1000426,2022-05-13T01:30:26Z,"Stored XSS vulnerability in Jenkins Git Changelog Plugin","de.wellnerbou.jenkins:git-changelog",0,2.7,MODERATE,CWE-79 -CVE-2018-1000529,2018-10-19T16:46:01Z,"Stored Cross Site Scripting in Grails Fields Plugin","org.grails.plugins:fields",0,2.2.8,MODERATE,CWE-79 -CVE-2018-1000529,2018-10-19T16:46:01Z,"Stored Cross Site Scripting in Grails Fields Plugin",org.grails:grails-core,0,3.3.6,MODERATE,CWE-79 -CVE-2018-1000600,2022-05-13T01:48:38Z,"CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials ","com.coravy.hudson.plugins.github:github",0,1.29.2,HIGH,CWE-200 -CVE-2018-1000601,2022-05-14T03:07:03Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin","org.jenkins-ci.plugins:credentials",0,2.1.17,MODERATE,CWE-200 -CVE-2018-1000601,2022-05-14T03:07:03Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin","org.jenkins-ci.plugins:ssh-credentials",0,1.14,MODERATE,CWE-200 -CVE-2018-1000602,2022-05-14T03:07:02Z,"Jenkins SAML Plugin Session Fixation vulnerability","org.jenkins-ci.plugins:saml",0,1.0.7,MODERATE,CWE-384 -CVE-2018-1000603,2022-05-13T01:48:38Z,"CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials ","org.jenkins-ci.plugins:openstack-cloud",0,2.37,HIGH,CWE-200 -CVE-2018-1000604,2022-05-14T03:05:27Z,"Jenkins Badge Plugin cross-site scripting vulnerability","org.jenkins-ci.plugins:badge",0,1.5,MODERATE,CWE-79 -CVE-2018-1000605,2022-05-14T02:56:39Z,"Jenkins CollabNet Plugin man in the middle vulnerability","org.jenkins-ci.plugins:collabnet",0,2.0.5,MODERATE,CWE-295 -CVE-2018-1000606,2022-05-14T03:05:26Z,"URLTrigger Plugin server-side request forgery vulnerability","org.jenkins-ci.plugins:urltrigger",0,0.43,MODERATE,CWE-918 -CVE-2018-1000607,2022-05-14T03:05:26Z,"Arbitrary file write vulnerability in Jenkins Fortify CloudScan Plugin","org.jenkins-ci.plugins:fortify-cloudscan-jenkins-plugin",0,1.5.2,MODERATE,CWE-20 -CVE-2018-1000608,2022-05-13T01:48:38Z,"Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password","org.jenkins-ci.plugins:zos-connector",0,2.0.0,LOW,CWE-522 -CVE-2018-1000609,2022-05-14T03:05:26Z,"Jenkins Configuration as Code Plugin vulnerable to Exposure of Sensitive Information","io.jenkins:configuration-as-code",0,0.8-alpha,MODERATE,CWE-200 -CVE-2018-1000610,2022-05-13T01:48:39Z,"Jenkins Configuration as Code Plugin has Insufficiently Protected Credentials","io.jenkins:configuration-as-code",0,0.8-alpha,HIGH,CWE-522 -CVE-2018-1000613,2018-10-17T16:23:12Z,"Deserialization of Untrusted Data in Bouncy castle","org.bouncycastle:bcprov-jdk15on",1.57,1.60,CRITICAL,CWE-470;CWE-502 -CVE-2018-1000632,2018-10-16T17:01:25Z,"Dom4j contains a XML Injection vulnerability",dom4j:dom4j,0,,HIGH,CWE-91 -CVE-2018-1000632,2018-10-16T17:01:25Z,"Dom4j contains a XML Injection vulnerability",org.dom4j:dom4j,0,2.0.3,HIGH,CWE-91 -CVE-2018-1000632,2018-10-16T17:01:25Z,"Dom4j contains a XML Injection vulnerability",org.dom4j:dom4j,2.1.0,2.1.1,HIGH,CWE-91 -CVE-2018-1000643,2018-10-18T17:22:26Z,"Moderate severity vulnerability that affects org.owasp.antisamy:antisamy","org.owasp.antisamy:antisamy",0,,MODERATE, -CVE-2018-1000644,2018-10-19T16:54:11Z,"Eclipse RDF4j vulnerable to XML External Entitiy","org.eclipse.rdf4j:rdf4j-runtime",0,2.4.0,CRITICAL,CWE-611 -CVE-2018-1000665,2022-05-14T02:01:21Z,"Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness",org.dojotoolkit:dojo,0,1.14,MODERATE,CWE-79 -CVE-2018-1000817,2022-05-13T01:48:39Z,"Asset Pipeline Grails Plugin vulnerable to Path Traversal","org.grails.plugins:asset-pipeline",0,2.14.1,HIGH,CWE-22 -CVE-2018-1000817,2022-05-13T01:48:39Z,"Asset Pipeline Grails Plugin vulnerable to Path Traversal","org.grails.plugins:asset-pipeline",2.15.0,2.15.1,HIGH,CWE-22 -CVE-2018-1000817,2022-05-13T01:48:39Z,"Asset Pipeline Grails Plugin vulnerable to Path Traversal","org.grails.plugins:asset-pipeline",3.0.0,3.0.6,HIGH,CWE-22 -CVE-2018-1000820,2018-12-20T22:02:02Z,"XML External Entity (XXE) vulnerability in neo4j.procedure:apoc",org.neo4j.procedure:apoc,0,3.4.0.4,CRITICAL,CWE-611 -CVE-2018-1000822,2018-12-20T22:02:09Z,"XML External Entity (XXE) vulnerability in codelibs fess",org.codelibs.fess:fess,0,12.3.2,CRITICAL,CWE-611 -CVE-2018-1000823,2018-12-20T22:02:17Z,"exist-db:exist-core XML External Entity (XXE) vulnerability",org.exist-db:exist-core,0,5.1.0,CRITICAL,CWE-611 -CVE-2018-1000836,2018-12-20T22:02:51Z,"XML External Entity (XXE) vulnerability in bw-calendar-engine","org.bedework.caleng:bw-calendar-engine",0,,CRITICAL,CWE-611 -CVE-2018-1000844,2018-12-21T17:48:26Z,"XML External Entity (XXE) vulnerability in Square Retrofit","com.squareup.retrofit2:retrofit",2.0.0,2.5.0,CRITICAL,CWE-611 -CVE-2018-1000850,2018-12-21T17:48:19Z,"Directory Traversal vulnerability in Square Retrofit","com.squareup.retrofit2:retrofit",2.0.0,2.5.0,HIGH,CWE-22 -CVE-2018-1000854,2018-12-21T17:46:23Z,"Remote Code Execution in esigate-core",org.esigate:esigate-core,0,5.3,CRITICAL,CWE-74 -CVE-2018-1000861,2022-05-13T01:01:00Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.4,CRITICAL,CWE-502 -CVE-2018-1000861,2022-05-13T01:01:00Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.154,CRITICAL,CWE-502 -CVE-2018-1000862,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.4,MODERATE,CWE-200 -CVE-2018-1000862,2022-05-14T01:04:36Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.154,MODERATE,CWE-200 -CVE-2018-1000863,2022-05-13T01:48:39Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.4,HIGH,CWE-22 -CVE-2018-1000863,2022-05-13T01:48:39Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.154,HIGH,CWE-22 -CVE-2018-1000864,2022-05-13T01:48:40Z,"Loop with Unreachable Exit Condition in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.4,MODERATE,CWE-835 -CVE-2018-1000864,2022-05-13T01:48:40Z,"Loop with Unreachable Exit Condition in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.154,MODERATE,CWE-835 -CVE-2018-1000865,2022-05-13T01:48:40Z,"Improper Privilege Management in Jenkins","org.jenkins-ci.plugins:script-security",0,1.48,HIGH,CWE-269 -CVE-2018-1000866,2022-05-13T01:48:40Z,"Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.60,HIGH,CWE-269 -CVE-2018-1000866,2022-05-13T01:48:40Z,"Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass","org.jenkins-ci.plugins:script-security",0,1.48,HIGH,CWE-269 -CVE-2018-1000873,2018-12-21T17:46:54Z,"Moderate severity vulnerability that affects com.fasterxml.jackson.datatype:jackson-datatype-jsr353","com.fasterxml.jackson.datatype:jackson-datatype-jsr310",0,2.9.8,MODERATE,CWE-20 -CVE-2018-1000997,2022-05-14T01:04:35Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.138.2,MODERATE,CWE-22 -CVE-2018-1000997,2022-05-14T01:04:35Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",2.140,2.146,MODERATE,CWE-22 -CVE-2018-1000997,2022-05-14T01:04:35Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.kohsuke.stapler:stapler-parent",0,1.250.2,MODERATE,CWE-22 -CVE-2018-1002200,2022-05-13T01:35:03Z,"Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver","org.codehaus.plexus:plexus-archiver",0,3.6.0,MODERATE,CWE-22 -CVE-2018-1002201,2022-05-13T01:30:44Z,"Improper Limitation of a Pathname to a Restricted Directory in zt-zip","org.zeroturnaround:zt-zip",0,1.13,MODERATE,CWE-22 -CVE-2018-1002202,2022-05-13T01:35:04Z,"Improper Limitation of a Pathname to a Restricted Directory in Zip4j",net.lingala.zip4j:zip4j,0,1.3.3,MODERATE,CWE-22 -CVE-2018-10054,2022-05-13T01:30:17Z,"Improper Input Validation in Datomic",com.datomic:datomic-free,0,0.9.5697,HIGH,CWE-20 -CVE-2018-10237,2020-06-15T20:35:11Z,"Denial of Service in Google Guava","com.google.guava:guava-jdk5",0,,MODERATE,CWE-502;CWE-770 -CVE-2018-10237,2020-06-15T20:35:11Z,"Denial of Service in Google Guava","com.googlecode.guava-osgi:guava-osgi",0,,MODERATE,CWE-502;CWE-770 -CVE-2018-10237,2020-06-15T20:35:11Z,"Denial of Service in Google Guava","de.mhus.ports:vaadin-shared-deps",0,,MODERATE,CWE-502;CWE-770 -CVE-2018-10237,2020-06-15T20:35:11Z,"Denial of Service in Google Guava","org.hudsonci.lib.guava:guava",0,,MODERATE,CWE-502;CWE-770 -CVE-2018-10237,2020-06-15T20:35:11Z,"Denial of Service in Google Guava",com.google.guava:guava,11.0,24.1.1-android,MODERATE,CWE-502;CWE-770 -CVE-2018-1047,2018-10-19T16:55:35Z,"Improper Input Validation in org.wildfly:wildfly-undertow","org.wildfly:wildfly-undertow",0,12.0.0,MODERATE,CWE-20;CWE-22 -CVE-2018-1048,2022-05-13T01:12:24Z,"Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow","org.jboss.eap:wildfly-undertow",7.1.0.GA,7.1.1.GA,HIGH,CWE-22 -CVE-2018-1051,2022-05-13T01:33:34Z,"Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider","org.jboss.resteasy:resteasy-yaml-provider",0,3.0.26.Final,HIGH,CWE-502 -CVE-2018-1051,2022-05-13T01:33:34Z,"Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider","org.jboss.resteasy:resteasy-yaml-provider",3.1.0,3.6.0.Final,HIGH,CWE-502 -CVE-2018-1067,2022-05-13T01:14:41Z,"Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow","org.jboss.eap:wildfly-undertow",0,7.1.2.GA,MODERATE,CWE-113 -CVE-2018-10862,2022-05-14T01:06:25Z,"Improper Limitation of a Pathname to a Restricted Directory in WildFly","org.wildfly.core:wildfly-server",0,6.0.0.Alpha3,MODERATE,CWE-22 -CVE-2018-10894,2022-05-13T01:34:55Z,"Keycloak Authentication Error","org.keycloak:keycloak-saml-adapter-core",0,4.4.0.Final,MODERATE,CWE-295 -CVE-2018-10894,2022-05-13T01:34:55Z,"Keycloak Authentication Error","org.keycloak:keycloak-services",0,4.4.0.Final,MODERATE,CWE-295 -CVE-2018-10899,2022-05-24T16:51:56Z,"Cross-Site Request Forgery in Jolokia",org.jolokia:jolokia-core,1.2,1.6.1,HIGH,CWE-352 -CVE-2018-10912,2018-10-18T16:49:54Z,"Moderate severity vulnerability that affects org.keycloak:keycloak-core","org.keycloak:keycloak-core",0,4.0.0,MODERATE,CWE-835 -CVE-2018-10936,2018-10-19T16:53:33Z,"Moderate severity vulnerability that affects org.postgresql:pgjdbc-aggregate","org.postgresql:pgjdbc-aggregate",0,42.2.5,MODERATE,CWE-297 -CVE-2018-11039,2018-10-16T17:35:54Z,"Spring Framework Cross Site Tracing (XST)","org.springframework:spring-web",4.3.0,4.3.18,MODERATE, -CVE-2018-11039,2018-10-16T17:35:54Z,"Spring Framework Cross Site Tracing (XST)","org.springframework:spring-web",5.0.0,5.0.7,MODERATE, -CVE-2018-11040,2018-10-16T17:43:45Z,"Moderate severity vulnerability that affects org.springframework:spring-core","org.springframework:spring-core",4.3.0.RELEASE,4.3.18.RELEASE,MODERATE,CWE-829 -CVE-2018-11040,2018-10-16T17:43:45Z,"Moderate severity vulnerability that affects org.springframework:spring-core","org.springframework:spring-core",5.0.0.RELEASE,5.0.7.RELEASE,MODERATE,CWE-829 -CVE-2018-11041,2022-05-14T03:05:26Z,"Cloud Foundry UAA open redirect","org.cloudfoundry.identity:cloudfoundry-identity-server",0,4.7.5,MODERATE,CWE-601 -CVE-2018-11041,2022-05-14T03:05:26Z,"Cloud Foundry UAA open redirect","org.cloudfoundry.identity:cloudfoundry-identity-server",4.11.0,4.12.3,MODERATE,CWE-601 -CVE-2018-11041,2022-05-14T03:05:26Z,"Cloud Foundry UAA open redirect","org.cloudfoundry.identity:cloudfoundry-identity-server",4.13.0,4.19.0,MODERATE,CWE-601 -CVE-2018-11041,2022-05-14T03:05:26Z,"Cloud Foundry UAA open redirect","org.cloudfoundry.identity:cloudfoundry-identity-server",4.8.0,4.10.1,MODERATE,CWE-601 -CVE-2018-11047,2022-05-13T01:49:00Z,"Cloud Foundry UAA accepts refresh token as access token on admin endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",0,4.5.7,HIGH,CWE-863 -CVE-2018-11047,2022-05-13T01:49:00Z,"Cloud Foundry UAA accepts refresh token as access token on admin endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",4.11.0,4.12.4,HIGH,CWE-863 -CVE-2018-11047,2022-05-13T01:49:00Z,"Cloud Foundry UAA accepts refresh token as access token on admin endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",4.13.0,4.19.2,HIGH,CWE-863 -CVE-2018-11047,2022-05-13T01:49:00Z,"Cloud Foundry UAA accepts refresh token as access token on admin endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",4.6.0,4.7.6,HIGH,CWE-863 -CVE-2018-11047,2022-05-13T01:49:00Z,"Cloud Foundry UAA accepts refresh token as access token on admin endpoints","org.cloudfoundry.identity:cloudfoundry-identity-server",4.8.0,4.10.2,HIGH,CWE-863 -CVE-2018-11087,2018-10-18T18:06:08Z,"Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp","org.springframework.amqp:spring-amqp",0,1.7.10,MODERATE,CWE-295 -CVE-2018-11087,2018-10-18T18:06:08Z,"Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp","org.springframework.amqp:spring-amqp",2.0.0,2.0.6,MODERATE,CWE-295 -CVE-2018-11087,2018-10-18T18:06:08Z,"Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp",com.rabbitmq:amqp-client,0,4.8.0,MODERATE,CWE-295 -CVE-2018-11087,2018-10-18T18:06:08Z,"Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp",com.rabbitmq:amqp-client,5.0.0,5.4.0,MODERATE,CWE-295 -CVE-2018-1114,2022-05-13T01:33:31Z,"Uncontrolled Resource Consumption in Undertow","io.undertow:undertow-core",0,1.4.25.Final,MODERATE,CWE-400 -CVE-2018-1114,2022-05-13T01:33:31Z,"Uncontrolled Resource Consumption in Undertow","io.undertow:undertow-core",2.0.0.Alpha1,2.0.5.Final,MODERATE,CWE-400 -CVE-2018-11307,2019-07-16T17:42:21Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.7.9.4,CRITICAL,CWE-502 -CVE-2018-11307,2019-07-16T17:42:21Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.2,CRITICAL,CWE-502 -CVE-2018-11307,2019-07-16T17:42:21Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.6,CRITICAL,CWE-502 -CVE-2018-1131,2022-05-13T01:33:29Z,"Deserialization of Untrusted Data in Infinispan","org.infinispan:infinispan-core",9.3.0.Alpha1,9.3.1.Final,HIGH,CWE-502 -CVE-2018-11650,2022-05-14T03:15:57Z,"Cross-site Scripting in Graylog Server","org.graylog2:graylog2-server",0,2.4.4,MODERATE,CWE-79 -CVE-2018-11651,2022-05-14T03:15:57Z,"Cross-site Scripting in Graylog","org.graylog2:graylog2-server",0,2.4.4,MODERATE,CWE-79 -CVE-2018-11688,2022-05-14T00:57:52Z,"Ignite Realtime Openfire vulnerable to cross-site scripting","org.igniterealtime.openfire:parent",0,3.9.2,MODERATE,CWE-79 -CVE-2018-11758,2022-05-14T02:02:28Z,"XML External Entity Reference in Apache Cayenne","org.apache.cayenne:cayenne-parent",0,3.1.3,HIGH,CWE-611 -CVE-2018-11758,2022-05-14T02:02:28Z,"XML External Entity Reference in Apache Cayenne","org.apache.cayenne:cayenne-parent",4.0,4.1,HIGH,CWE-611 -CVE-2018-11761,2018-10-17T15:49:36Z,"High severity vulnerability that affects org.apache.tika:tika-core","org.apache.tika:tika-core",0.1,1.19.1,HIGH,CWE-611 -CVE-2018-11762,2018-10-17T15:49:58Z,"Moderate severity vulnerability that affects org.apache.tika:tika-core","org.apache.tika:tika-core",0.9,1.19,MODERATE,CWE-22 -CVE-2018-11764,2022-02-10T20:28:06Z,"Authentication bypass in Apache Hadoop","org.apache.hadoop:hadoop-main",3.0.0,3.0.1,HIGH,CWE-306 -CVE-2018-11764,2022-02-10T20:28:06Z,"Authentication bypass in Apache Hadoop","org.apache.hadoop:hadoop-main",3.0.0-alpha4,3.0.1,HIGH,CWE-306 -CVE-2018-11764,2022-02-10T20:28:06Z,"Authentication bypass in Apache Hadoop","org.apache.hadoop:hadoop-main",3.0.0-beta1,3.0.1,HIGH,CWE-306 -CVE-2018-11765,2021-04-30T17:29:30Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-main",2.8.0,2.8.6,HIGH,CWE-287 -CVE-2018-11765,2021-04-30T17:29:30Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-main",2.9.0,2.9.3,HIGH,CWE-287 -CVE-2018-11765,2021-04-30T17:29:30Z,"Improper Authentication in Apache Hadoop","org.apache.hadoop:hadoop-main",3.0.0-alpha2,3.0.1,HIGH,CWE-287 -CVE-2018-11766,2018-12-21T17:50:26Z,"Arbitrary Command Execution in Hadoop","org.apache.hadoop:hadoop-main",2.7.4,2.7.7,HIGH, -CVE-2018-11767,2019-03-25T16:17:32Z,"Improper Privilege Management in org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",2.7.5,2.7.7,HIGH,CWE-269 -CVE-2018-11767,2019-03-25T16:17:32Z,"Improper Privilege Management in org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",2.8.3,2.8.5,HIGH,CWE-269 -CVE-2018-11767,2019-03-25T16:17:32Z,"Improper Privilege Management in org.apache.hadoop:hadoop-main","org.apache.hadoop:hadoop-main",2.9.0,2.9.2,HIGH,CWE-269 -CVE-2018-11768,2019-11-20T01:38:00Z,"user/group information can be corrupted across storing in fsimage and reading back from fsimage","org.apache.hadoop:hadoop-main",2.2.0,2.8.5,HIGH,CWE-119 -CVE-2018-11768,2019-11-20T01:38:00Z,"user/group information can be corrupted across storing in fsimage and reading back from fsimage","org.apache.hadoop:hadoop-main",2.9.0,2.9.2,HIGH,CWE-119 -CVE-2018-11768,2019-11-20T01:38:00Z,"user/group information can be corrupted across storing in fsimage and reading back from fsimage","org.apache.hadoop:hadoop-main",3.0.0,3.1.1,HIGH,CWE-119 -CVE-2018-11770,2018-11-09T17:41:46Z,"org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability","org.apache.spark:spark-core_2.10",1.0.0,,MODERATE,CWE-287 -CVE-2018-11770,2018-11-09T17:41:46Z,"org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability","org.apache.spark:spark-core_2.11",1.0.0,,MODERATE,CWE-287 -CVE-2018-11771,2018-10-19T16:41:27Z,"Moderate severity vulnerability that affects org.apache.commons:commons-compress","org.apache.commons:commons-compress",1.7,1.18,MODERATE,CWE-835 -CVE-2018-11775,2018-10-19T16:42:27Z,"Improper Certificate Validation in Apache activemq-client","org.apache.activemq:activemq-client",0,5.15.6,HIGH,CWE-295 -CVE-2018-11776,2018-10-18T19:24:38Z,"Apache Struts vulnerable to remote command execution (RCE) due to improper input validation","org.apache.struts:struts2-core",2.0.4,2.3.35,HIGH,CWE-20 -CVE-2018-11776,2018-10-18T19:24:38Z,"Apache Struts vulnerable to remote command execution (RCE) due to improper input validation","org.apache.struts:struts2-core",2.5,2.5.17,HIGH,CWE-20 -CVE-2018-11777,2018-11-21T22:25:04Z,"Improper Authentication in hive:hive-exec","org.apache.hive:hive-exec",0,2.3.4,HIGH, -CVE-2018-11777,2018-11-21T22:25:04Z,"Improper Authentication in hive:hive-exec","org.apache.hive:hive-exec",3.0.0,3.1.1,HIGH, -CVE-2018-11778,2018-10-17T17:22:23Z,"UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow",org.apache.ranger:ranger,0,1.2.0,HIGH,CWE-787 -CVE-2018-11779,2019-08-01T19:17:53Z,"Deserialization of Untrusted Data in Apache Storm","org.apache.storm:storm-kafka",1.1.0,1.2.3,CRITICAL,CWE-502 -CVE-2018-11779,2019-08-01T19:17:53Z,"Deserialization of Untrusted Data in Apache Storm","org.apache.storm:storm-kafka-client",1.1.0,1.2.3,CRITICAL,CWE-502 -CVE-2018-11784,2018-10-17T16:31:02Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",7.0.23,7.0.91,MODERATE,CWE-601 -CVE-2018-11784,2018-10-17T16:31:02Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.34,MODERATE,CWE-601 -CVE-2018-11784,2018-10-17T16:31:02Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.12,MODERATE,CWE-601 -CVE-2018-11786,2018-12-21T17:49:33Z,"Improper Privilege Management in Apache Karaf","org.apache.karaf:apache-karaf",0,4.2.0,HIGH,CWE-269 -CVE-2018-11787,2019-01-07T19:14:51Z,"Improper Authentication in Apache Karaf","org.apache.karaf:apache-karaf",0,3.0.9,HIGH,CWE-287 -CVE-2018-11787,2019-01-07T19:14:51Z,"Improper Authentication in Apache Karaf","org.apache.karaf:apache-karaf",4.0.0,4.0.9,HIGH,CWE-287 -CVE-2018-11787,2019-01-07T19:14:51Z,"Improper Authentication in Apache Karaf","org.apache.karaf:apache-karaf",4.1.0,4.1.1,HIGH,CWE-287 -CVE-2018-11788,2019-01-07T19:14:49Z,"XML External Entity Reference in Apache Karaf","org.apache.karaf.specs:org.apache.karaf.specs.java.xml",0,4.1.7,CRITICAL,CWE-611 -CVE-2018-11788,2019-01-07T19:14:49Z,"XML External Entity Reference in Apache Karaf","org.apache.karaf.specs:org.apache.karaf.specs.java.xml",4.2.0,4.2.2,CRITICAL,CWE-611 -CVE-2018-11793,2019-03-06T17:36:22Z,"Stack Overflow in Apache Mesos",org.apache.mesos:mesos,0,1.4.3,HIGH,CWE-119 -CVE-2018-11793,2019-03-06T17:36:22Z,"Stack Overflow in Apache Mesos",org.apache.mesos:mesos,1.5.0,1.5.2,HIGH,CWE-119 -CVE-2018-11793,2019-03-06T17:36:22Z,"Stack Overflow in Apache Mesos",org.apache.mesos:mesos,1.6.0,1.6.2,HIGH,CWE-119 -CVE-2018-11793,2019-03-06T17:36:22Z,"Stack Overflow in Apache Mesos",org.apache.mesos:mesos,1.7.0,1.7.1,HIGH,CWE-119 -CVE-2018-11796,2018-10-17T15:43:25Z,"Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack","org.apache.tika:tika-core",0.1,1.19.1,HIGH,CWE-611 -CVE-2018-11797,2018-10-17T18:22:29Z,"In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation",org.apache.pdfbox:pdfbox,1.8.0,1.8.16,MODERATE,CWE-400 -CVE-2018-11797,2018-10-17T18:22:29Z,"In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation",org.apache.pdfbox:pdfbox,2.0.0,2.0.12,MODERATE,CWE-400 -CVE-2018-11798,2019-01-17T13:56:33Z,"Apache Thrift Node.js static web server sandbox escape","org.apache.thrift:libthrift",0.9.2,0.12.0,MODERATE,CWE-538 -CVE-2018-11799,2018-12-20T22:01:18Z,"Moderate severity vulnerability that affects org.apache.oozie:oozie-core","org.apache.oozie:oozie-core",0,5.1.0,MODERATE,CWE-20 -CVE-2018-11802,2022-02-09T23:19:26Z,"Incorrect Authorization in Apache Solr","org.apache.solr:solr-core",0,7.7.0,MODERATE,CWE-863 -CVE-2018-11802,2022-02-09T23:19:26Z,"Incorrect Authorization in Apache Solr","org.apache.solr:solr-parent",0,7.7.0,MODERATE,CWE-863 -CVE-2018-11804,2022-05-14T01:50:10Z,"Improper Input Validation in Apache Spark","org.apache.spark:spark-core",1.3.0,,HIGH,CWE-20 -CVE-2018-1190,2022-05-13T01:10:01Z,"Pivotal Cloud Foundry UAA XSS on UAA OpenID Connect check session iframe endpoint","org.cloudfoundry.identity:cloudfoundry-identity-server",3.0.0,3.20.2,MODERATE,CWE-79 -CVE-2018-1192,2022-05-14T03:41:29Z,"Cloud Foundry UAA SessionID present in Audit Event Logs","org.cloudfoundry.identity:cloudfoundry-identity-server",0,4.5.5,HIGH,CWE-200 -CVE-2018-1192,2022-05-14T03:41:29Z,"Cloud Foundry UAA SessionID present in Audit Event Logs","org.cloudfoundry.identity:cloudfoundry-identity-server",4.6.0,4.7.4,HIGH,CWE-200 -CVE-2018-1192,2022-05-14T03:41:29Z,"Cloud Foundry UAA SessionID present in Audit Event Logs","org.cloudfoundry.identity:cloudfoundry-identity-server",4.8.0,4.8.3,HIGH,CWE-200 -CVE-2018-1196,2018-10-18T18:05:57Z,"Moderate severity vulnerability that affects org.springframework.boot:spring-boot","org.springframework.boot:spring-boot",1.5.0,1.5.10,MODERATE,CWE-59 -CVE-2018-1199,2018-10-17T20:01:54Z,"Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core","org.springframework.security:spring-security-core",4.1.0,4.1.5,MODERATE,CWE-20 -CVE-2018-1199,2018-10-17T20:01:54Z,"Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core","org.springframework.security:spring-security-core",4.2.0,4.2.4,MODERATE,CWE-20 -CVE-2018-1199,2018-10-17T20:01:54Z,"Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core","org.springframework.security:spring-security-core",5.0.0,5.0.1,MODERATE,CWE-20 -CVE-2018-1199,2018-10-17T20:01:54Z,"Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core","org.springframework:spring-core",4.3.0,4.3.14,MODERATE,CWE-20 -CVE-2018-1199,2018-10-17T20:01:54Z,"Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core","org.springframework:spring-core",5.0.0,5.0.3,MODERATE,CWE-20 -CVE-2018-12022,2019-03-25T18:03:09Z,"jackson-databind Deserialization of Untrusted Data vulnerability","com.fasterxml.jackson.core:jackson-databind",0,2.7.9.4,HIGH,CWE-502 -CVE-2018-12022,2019-03-25T18:03:09Z,"jackson-databind Deserialization of Untrusted Data vulnerability","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.2,HIGH,CWE-502 -CVE-2018-12022,2019-03-25T18:03:09Z,"jackson-databind Deserialization of Untrusted Data vulnerability","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.6,HIGH,CWE-502 -CVE-2018-12023,2020-06-15T18:44:51Z,"Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.4,HIGH,CWE-502 -CVE-2018-12023,2020-06-15T18:44:51Z,"Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.2,HIGH,CWE-502 -CVE-2018-12023,2020-06-15T18:44:51Z,"Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.6,HIGH,CWE-502 -CVE-2018-12036,2022-05-14T03:12:09Z,"Path Traversal in OWASP Dependency-Check","org.owasp:dependency-check-maven",0,3.2.0,HIGH,CWE-22 -CVE-2018-1229,2022-05-13T01:33:25Z,"Cross-site Scripting in Pivotal Spring Batch Admin","org.springframework.batch:spring-batch-admin-manager",0,,MODERATE,CWE-79 -CVE-2018-12418,2018-10-17T00:04:05Z,"Junrar vulnerable to Infinite Loop",com.github.junrar:junrar,0,1.0.1,MODERATE,CWE-835 -CVE-2018-12432,2022-05-14T03:10:57Z,"Cross-site Scripting in JavaMelody","net.bull.javamelody:javamelody-core",0,1.61.0,MODERATE,CWE-79 -CVE-2018-12532,2022-05-13T01:19:02Z,"RichFaces vulnerable to Expression Language Injection","org.richfaces:richfaces-core",4.5.3.Final,,CRITICAL,CWE-917 -CVE-2018-12533,2022-05-13T01:19:02Z,"Arbitrary code execution in Richfaces","org.richfaces:richfaces-core",3.1.0,,CRITICAL,CWE-917 -CVE-2018-12536,2018-10-19T16:15:56Z,"Eclipse Jetty Server generates error message containing sensitive information","org.eclipse.jetty:jetty-server",9.0.0,9.3.24.v20180605,MODERATE,CWE-209 -CVE-2018-12536,2018-10-19T16:15:56Z,"Eclipse Jetty Server generates error message containing sensitive information","org.eclipse.jetty:jetty-server",9.4.0,9.4.11.v20180605,MODERATE,CWE-209 -CVE-2018-12537,2018-10-19T17:43:36Z,"Moderate severity vulnerability that affects io.vertx:vertx-core",io.vertx:vertx-core,3.0.0,3.5.2,MODERATE,CWE-93 -CVE-2018-12538,2018-10-16T17:44:11Z,"Access and integrity issue within Eclipse Jetty","org.eclipse.jetty:jetty-server",9.4.0,9.4.11.v20180605,HIGH,CWE-384;CWE-6 -CVE-2018-12540,2018-10-17T16:19:43Z,"High severity vulnerability that affects io.vertx:vertx-web",io.vertx:vertx-web,3.0.0,3.5.3,HIGH,CWE-352 -CVE-2018-12541,2018-10-17T16:19:59Z,"Excessive memory allocation",io.vertx:vertx-core,3.0.0,3.5.4,MODERATE,CWE-119;CWE-789 -CVE-2018-12542,2018-10-17T16:20:45Z,"Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location",io.vertx:vertx-web,3.0.0,3.5.4,CRITICAL,CWE-22 -CVE-2018-12544,2018-10-17T16:20:32Z,"Moderate severity vulnerability that affects io.vertx:vertx-core",io.vertx:vertx-core,3.5.0,3.5.4,MODERATE,CWE-611 -CVE-2018-12545,2019-03-28T18:33:38Z,"Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server","org.eclipse.jetty:jetty-server",9.3.0,9.3.25.v20180904,HIGH,CWE-400 -CVE-2018-12545,2019-03-28T18:33:38Z,"Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server","org.eclipse.jetty:jetty-server",9.4.0,9.4.12.v20180830,HIGH,CWE-400 -CVE-2018-1256,2022-05-13T01:07:05Z,"Issuer validation regression in Spring Cloud SSO Connector","io.pivotal.spring.cloud:spring-cloud-sso-connector",2.1.2.RELEASE,2.1.3.RELEASE,HIGH, -CVE-2018-1257,2018-10-17T20:02:20Z,"Denial of Service in org.springframework:spring-core","org.springframework:spring-core",0,4.3.17,MODERATE, -CVE-2018-1257,2018-10-17T20:02:20Z,"Denial of Service in org.springframework:spring-core","org.springframework:spring-core",5.0.0,5.0.6,MODERATE, -CVE-2018-1258,2018-10-17T20:05:49Z,"Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass","org.springframework:spring-core",5.0.5.RELEASE,5.0.6.RELEASE,HIGH,CWE-863 -CVE-2018-1259,2018-10-17T17:23:36Z,"Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references","org.springframework.data:spring-data-commons",1.13.0,1.13.12,HIGH,CWE-611 -CVE-2018-1259,2018-10-17T17:23:36Z,"Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references","org.springframework.data:spring-data-commons",2.0.0,2.0.7,HIGH,CWE-611 -CVE-2018-1260,2018-10-18T18:05:34Z,"Spring Security OAuth vulnerable to remote code execution (RCE)","org.springframework.security.oauth:spring-security-oauth2",1.0.0,,CRITICAL,CWE-94 -CVE-2018-1260,2018-10-18T18:05:34Z,"Spring Security OAuth vulnerable to remote code execution (RCE)","org.springframework.security.oauth:spring-security-oauth2",2.0.0,2.0.15,CRITICAL,CWE-94 -CVE-2018-1260,2018-10-18T18:05:34Z,"Spring Security OAuth vulnerable to remote code execution (RCE)","org.springframework.security.oauth:spring-security-oauth2",2.1.0,2.1.2,CRITICAL,CWE-94 -CVE-2018-1260,2018-10-18T18:05:34Z,"Spring Security OAuth vulnerable to remote code execution (RCE)","org.springframework.security.oauth:spring-security-oauth2",2.2.0,2.2.2,CRITICAL,CWE-94 -CVE-2018-1260,2018-10-18T18:05:34Z,"Spring Security OAuth vulnerable to remote code execution (RCE)","org.springframework.security.oauth:spring-security-oauth2",2.3.0,2.3.3,CRITICAL,CWE-94 -CVE-2018-1261,2018-10-18T18:05:46Z,"Path traversal in org.springframework.integration:spring-integration-zip","org.springframework.integration:spring-integration-zip",0,1.0.1,MODERATE,CWE-22 -CVE-2018-1262,2022-05-13T01:07:03Z,"UAA privilege escalation across identity zones","org.cloudfoundry.identity:cloudfoundry-identity-server",4.12.0,4.12.2,HIGH, -CVE-2018-1262,2022-05-13T01:07:03Z,"UAA privilege escalation across identity zones","org.cloudfoundry.identity:cloudfoundry-identity-server",4.13.0,4.13.4,HIGH, -CVE-2018-1263,2022-05-13T01:07:04Z,"spring-integration-zip Arbitrary File Write","org.springframework.integration:spring-integration-zip",0,1.0.2,MODERATE,CWE-22 -CVE-2018-1270,2018-10-17T20:05:59Z,"Spring Framework allows applications to expose STOMP over WebSocket endpoints","org.springframework:spring-core",0,4.3.16,CRITICAL,CWE-358;CWE-94 -CVE-2018-1270,2018-10-17T20:05:59Z,"Spring Framework allows applications to expose STOMP over WebSocket endpoints","org.springframework:spring-core",5.0.0,5.0.5,CRITICAL,CWE-358;CWE-94 -CVE-2018-1271,2018-10-17T20:07:03Z,"Path Traversal in org.springframework:spring-core","org.springframework:spring-core",0,4.3.15,MODERATE,CWE-22 -CVE-2018-1271,2018-10-17T20:07:03Z,"Path Traversal in org.springframework:spring-core","org.springframework:spring-core",5.0.0,5.0.5,MODERATE,CWE-22 -CVE-2018-1272,2018-10-17T20:27:47Z,"Possible privilege escalation in org.springframework:spring-core","org.springframework:spring-core",0,4.3.15,HIGH, -CVE-2018-1272,2018-10-17T20:27:47Z,"Possible privilege escalation in org.springframework:spring-core","org.springframework:spring-core",5.0.0,5.0.5,HIGH, -CVE-2018-1273,2018-10-17T17:23:24Z,"Spring Data Commons remote code injection vulnerability","org.springframework.data:spring-data-commons",1.13.0,1.13.11,CRITICAL,CWE-20;CWE-94 -CVE-2018-1273,2018-10-17T17:23:24Z,"Spring Data Commons remote code injection vulnerability","org.springframework.data:spring-data-commons",2.0.0,2.0.6,CRITICAL,CWE-20;CWE-94 -CVE-2018-1274,2018-10-17T17:23:44Z,"Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation","org.springframework.data:spring-data-commons",0,1.13.11,HIGH,CWE-770 -CVE-2018-1274,2018-10-17T17:23:44Z,"Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation","org.springframework.data:spring-data-commons",2.0.0,2.0.6,HIGH,CWE-770 -CVE-2018-1275,2018-10-17T20:28:00Z,"Improperly Implemented Security Check for Standard in org.springframework:spring-core","org.springframework:spring-core",0,4.3.16,CRITICAL,CWE-358;CWE-94 -CVE-2018-1275,2018-10-17T20:28:00Z,"Improperly Implemented Security Check for Standard in org.springframework:spring-core","org.springframework:spring-core",5.0.0,5.0.5,CRITICAL,CWE-358;CWE-94 -CVE-2018-1282,2018-11-21T22:24:34Z,"SQL Injection in hive-jdbc","org.apache.hive:hive-jdbc",0.7.1,2.3.3,CRITICAL,CWE-89 -CVE-2018-1284,2018-11-21T22:24:22Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache hive","org.apache.hive:hive-exec",0.6.0,2.3.3,LOW,CWE-200 -CVE-2018-1284,2018-11-21T22:24:22Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache hive","org.apache.hive:hive-service",0.6.0,2.3.3,LOW,CWE-200 -CVE-2018-1284,2018-11-21T22:24:22Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache hive",org.apache.hive:hive,0.6.0,2.3.3,LOW,CWE-200 -CVE-2018-1286,2022-05-13T01:49:39Z,"Apache OpenMeetings may allow authenticated attacker to deny service for privileged users","org.apache.openmeetings:openmeetings-parent",3.0.0,4.0.2,MODERATE,CWE-287 -CVE-2018-1287,2022-05-13T01:49:40Z,"Missing certificate validation in Apache JMeter","org.apache.jmeter:ApacheJMeter",0,4.0,CRITICAL,CWE-347 -CVE-2018-1288,2022-05-13T01:02:18Z,"Improper Control of Generation of Code in Apache Kafka",org.apache.kafka:kafka,0.11.0.0,0.11.0.3,MODERATE,CWE-94 -CVE-2018-1288,2022-05-13T01:02:18Z,"Improper Control of Generation of Code in Apache Kafka",org.apache.kafka:kafka,0.9.0.0,0.10.2.2,MODERATE,CWE-94 -CVE-2018-1288,2022-05-13T01:02:18Z,"Improper Control of Generation of Code in Apache Kafka",org.apache.kafka:kafka,1.0.0,1.0.1,MODERATE,CWE-94 -CVE-2018-1294,2022-05-14T01:28:26Z,"Improper Input Validation Apache Commons Email","org.apache.commons:commons-email",0,1.5,HIGH,CWE-20 -CVE-2018-1295,2018-10-16T20:53:44Z,"Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization","org.apache.ignite:ignite-core",0,2.4,CRITICAL,CWE-502 -CVE-2018-1296,2019-02-12T17:26:12Z,"Exposure of Sensitive Information to an Unauthorized Actor in Hadoop","org.apache.hadoop:hadoop-main",0,2.7.6,HIGH,CWE-200 -CVE-2018-1296,2019-02-12T17:26:12Z,"Exposure of Sensitive Information to an Unauthorized Actor in Hadoop","org.apache.hadoop:hadoop-main",2.8.0,2.8.4,HIGH,CWE-200 -CVE-2018-1296,2019-02-12T17:26:12Z,"Exposure of Sensitive Information to an Unauthorized Actor in Hadoop","org.apache.hadoop:hadoop-main",2.9.0,2.9.1,HIGH,CWE-200 -CVE-2018-1297,2022-05-13T01:49:41Z,"Missing certificate validation in Apache JMeter","org.apache.jmeter:ApacheJMeter",0,4.0,CRITICAL,CWE-319 -CVE-2018-12972,2022-05-13T01:49:41Z,"OpenTSDB vulnerable to OS Command Injection",net.opentsdb:opentsdb,0,,CRITICAL,CWE-78 -CVE-2018-12973,2022-05-14T03:06:10Z,"OpenTSDB Cross-site Scripting vulnerability",net.opentsdb:opentsdb,0,,MODERATE,CWE-79 -CVE-2018-1298,2018-10-19T16:41:46Z,"Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j","org.apache.qpid:apache-qpid-broker-j",7.0.0,7.0.1,MODERATE,CWE-20 -CVE-2018-13003,2022-05-14T03:06:10Z,"OpenTSDB Cross-site Scripting vulnerability",net.opentsdb:opentsdb,0,,MODERATE,CWE-79 -CVE-2018-1304,2018-10-17T16:31:17Z,"Apache Tomcat unauthorized access vulnerability","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.86,MODERATE, -CVE-2018-1304,2018-10-17T16:31:17Z,"Apache Tomcat unauthorized access vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.0.51,MODERATE, -CVE-2018-1304,2018-10-17T16:31:17Z,"Apache Tomcat unauthorized access vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.28,MODERATE, -CVE-2018-1304,2018-10-17T16:31:17Z,"Apache Tomcat unauthorized access vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.5,MODERATE, -CVE-2018-1305,2018-10-17T16:31:48Z,"Apache Tomcat information exposure vulnerability","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.85,MODERATE, -CVE-2018-1305,2018-10-17T16:31:48Z,"Apache Tomcat information exposure vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.28,MODERATE, -CVE-2018-1305,2018-10-17T16:31:48Z,"Apache Tomcat information exposure vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0M1,9.0.5,MODERATE, -CVE-2018-1306,2022-05-14T01:29:43Z,"Exposure of Sensitive Information in Apache Pluto","org.apache.portals.pluto:pluto-container",3.0.0,3.0.1,HIGH,CWE-200 -CVE-2018-1307,2018-10-19T16:42:15Z,"Apache juddi-client vulnerable to XML External Entity (XXE)","org.apache.juddi:juddi-client",3.2,3.3.5,HIGH,CWE-611 -CVE-2018-1308,2018-10-17T19:55:46Z,"There is a XML external entity expansion (XXE) vulnerability in Apache Solr ","org.apache.solr:solr-core",1.2,6.6.3,HIGH,CWE-611 -CVE-2018-1308,2018-10-17T19:55:46Z,"There is a XML external entity expansion (XXE) vulnerability in Apache Solr ","org.apache.solr:solr-core",7.0.0,7.3.0,HIGH,CWE-611 -CVE-2018-1309,2022-05-14T03:16:17Z,"Improper Restriction of XML External Entity Reference in Apache NiFi","org.apache.nifi:nifi-standard-processors",0.1.0,1.6.0,CRITICAL,CWE-611 -CVE-2018-1310,2022-05-14T03:16:19Z,"Apache NiFi JMS Deserialization issue",org.apache.nifi:nifi,0,1.6.0,HIGH,CWE-502 -CVE-2018-1313,2022-05-13T01:02:18Z,"Improper Access Control in Apache Derby",org.apache.derby:derby,10.3.1.4,10.14.2.0,MODERATE,CWE-284 -CVE-2018-1314,2018-11-21T22:24:50Z,"Moderate severity vulnerability that affects org.apache.hive:hive-jdbc","org.apache.hive:hive-jdbc",0,2.3.4,MODERATE,CWE-862 -CVE-2018-1314,2018-11-21T22:24:50Z,"Moderate severity vulnerability that affects org.apache.hive:hive-jdbc","org.apache.hive:hive-jdbc",3.0.0,3.1.1,MODERATE,CWE-862 -CVE-2018-1315,2018-11-21T22:24:08Z,"Incorrect Permission Assignment for Critical Resource in Apache hive","org.apache.hive:hive-exec",2.1.0,2.3.3,LOW,CWE-732 -CVE-2018-1315,2018-11-21T22:24:08Z,"Incorrect Permission Assignment for Critical Resource in Apache hive","org.apache.hive:hive-service",2.1.0,2.3.3,LOW,CWE-732 -CVE-2018-1315,2018-11-21T22:24:08Z,"Incorrect Permission Assignment for Critical Resource in Apache hive",org.apache.hive:hive,2.1.0,2.3.3,LOW,CWE-732 -CVE-2018-1316,2022-05-14T03:35:05Z,"Apache ODE Path Traversal vulnerability",org.apache.ode:ode,0,1.3.3,HIGH,CWE-22 -CVE-2018-1317,2019-04-24T16:06:52Z,"Improper Authentication in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.8.0,HIGH,CWE-287 -CVE-2018-1320,2019-01-17T13:56:40Z,"Improper Input Validation in Apache Thrift","org.apache.thrift:libthrift",0.10.0,0.12.0,HIGH,CWE-20;CWE-295 -CVE-2018-1320,2019-01-17T13:56:40Z,"Improper Input Validation in Apache Thrift","org.apache.thrift:libthrift",0.5.0,0.9.3-1,HIGH,CWE-20;CWE-295 -CVE-2018-1321,2018-11-06T23:17:27Z,"High severity vulnerability that affects org.apache.syncope:syncope-core","org.apache.syncope:syncope-core",0,1.2.11,HIGH,CWE-20 -CVE-2018-1321,2018-11-06T23:17:27Z,"High severity vulnerability that affects org.apache.syncope:syncope-core","org.apache.syncope:syncope-core",2.0.0,2.0.8,HIGH,CWE-20 -CVE-2018-1322,2018-11-06T23:17:25Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope","org.apache.syncope:syncope-core",0,1.2.11,MODERATE,CWE-200 -CVE-2018-1322,2018-11-06T23:17:25Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope","org.apache.syncope:syncope-core",2.0.0,2.0.8,MODERATE,CWE-200 -CVE-2018-1324,2019-03-14T15:41:12Z,"Apache Commons Compress vulnerable to denial of service due to infinite loop","com.liferay:com.liferay.portal.tools.bundle.support",3.2.7,3.7.4,MODERATE,CWE-835 -CVE-2018-1324,2019-03-14T15:41:12Z,"Apache Commons Compress vulnerable to denial of service due to infinite loop","org.apache.commons:commons-compress",1.11,1.16,MODERATE,CWE-835 -CVE-2018-1325,2022-05-14T00:58:29Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",0,6.29.1,MODERATE,CWE-79 -CVE-2018-1325,2022-05-14T00:58:29Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",7.0.0,7.10.2,MODERATE,CWE-79 -CVE-2018-1325,2022-05-14T00:58:29Z,"Cross-site Scripting in wicket-jquery-ui","com.googlecode.wicket-jquery-ui:wicket-jquery-ui-parent",8.0.0-M1,8.0.0-M9.2,MODERATE,CWE-79 -CVE-2018-1327,2018-10-16T19:35:26Z,"Apache Struts REST Plugin can potentially allow a DoS attack","org.apache.struts:struts2-rest-plugin",2.1.1,2.5.16,HIGH,CWE-91 -CVE-2018-1328,2019-04-24T16:07:36Z,"Cross-site Scripting in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.8.0,MODERATE,CWE-79 -CVE-2018-1330,2022-05-14T01:38:24Z,"Crash when decoding malformed HTTP requests or malformed JSON payload",org.apache.mesos:mesos,1.4.0,1.6.0,HIGH,CWE-248 -CVE-2018-1331,2018-10-17T19:48:06Z,"Code execution in org.apache.storm:storm-core","org.apache.storm:storm-core",0,1.1.3,HIGH, -CVE-2018-1331,2018-10-17T19:48:06Z,"Code execution in org.apache.storm:storm-core","org.apache.storm:storm-core",1.2.0,1.2.2,HIGH, -CVE-2018-1332,2018-10-17T19:48:18Z,"Moderate severity vulnerability that affects org.apache.storm:storm-core","org.apache.storm:storm-core",0,1.1.3,MODERATE,CWE-200 -CVE-2018-1332,2018-10-17T19:48:18Z,"Moderate severity vulnerability that affects org.apache.storm:storm-core","org.apache.storm:storm-core",1.2.0,1.2.2,MODERATE,CWE-200 -CVE-2018-1334,2019-03-14T15:41:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark","org.apache.spark:spark-core_2.10",1.0.0,2.1.3,MODERATE,CWE-200 -CVE-2018-1334,2019-03-14T15:41:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark","org.apache.spark:spark-core_2.10",2.2.0,2.2.2,MODERATE,CWE-200 -CVE-2018-1334,2019-03-14T15:41:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark","org.apache.spark:spark-core_2.11",1.0.0,2.1.3,MODERATE,CWE-200 -CVE-2018-1334,2019-03-14T15:41:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark","org.apache.spark:spark-core_2.11",2.2.0,2.2.2,MODERATE,CWE-200 -CVE-2018-1334,2019-03-14T15:41:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark","org.apache.spark:spark-core_2.11",2.3.0,2.3.1,MODERATE,CWE-200 -CVE-2018-1335,2018-10-17T15:43:43Z,"Command injection in org.apache.tika:tika-core","org.apache.tika:tika-core",1.7,1.18,HIGH, -CVE-2018-1336,2018-10-17T16:32:18Z,"In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder ","org.apache.tomcat.embed:tomcat-embed-core",7.0.28,7.0.87,HIGH,CWE-835 -CVE-2018-1336,2018-10-17T16:32:18Z,"In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder ","org.apache.tomcat.embed:tomcat-embed-core",8.0.0RC1,8.0.51,HIGH,CWE-835 -CVE-2018-1336,2018-10-17T16:32:18Z,"In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder ","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.31,HIGH,CWE-835 -CVE-2018-1336,2018-10-17T16:32:18Z,"In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder ","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M9,9.0.8,HIGH,CWE-835 -CVE-2018-1337,2018-11-09T17:49:49Z,"Credential leak in org.apache.directory.api:apache-ldap-api","org.apache.directory.api:apache-ldap-api",0,1.0.2,CRITICAL,CWE-200 -CVE-2018-1338,2018-10-17T15:50:45Z,"Moderate severity vulnerability that affects org.apache.tika:tika-core","org.apache.tika:tika-core",0,1.18,MODERATE,CWE-835 -CVE-2018-1339,2018-10-17T15:43:59Z,"org.apache.tika:tika-parsers has an Infinite Loop vulnerability","org.apache.tika:tika-parsers",0,1.18,MODERATE,CWE-835 -CVE-2018-1340,2022-05-13T01:49:47Z,"Missing Encryption of Sensitive Data in Apache Guacamole","org.apache.guacamole:guacamole-common",0,1.0.0,HIGH,CWE-311 -CVE-2018-13439,2022-05-14T03:00:29Z,"WeChat Pay Java SDK allows XXE","com.github.wxpay:wxpay-sdk",0,,HIGH,CWE-611 -CVE-2018-13864,2022-05-13T01:30:27Z,"Play Framework's Assets controller vulnerable to directory traversal","com.typesafe.play:play_2.12",2.6.12,2.6.16,HIGH,CWE-22 -CVE-2018-14040,2022-05-13T01:07:54Z,"Bootstrap vulnerable to Cross-Site Scripting (XSS)",org.webjars:bootstrap,2.3.0,3.4.0,MODERATE,CWE-79 -CVE-2018-14040,2022-05-13T01:07:54Z,"Bootstrap vulnerable to Cross-Site Scripting (XSS)",org.webjars:bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14041,2018-09-13T15:49:56Z,"Bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14042,2018-09-13T15:50:32Z,"Bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,2.3.0,3.4.0,MODERATE,CWE-79 -CVE-2018-14042,2018-09-13T15:50:32Z,"Bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14371,2022-05-14T02:59:22Z,"Path Traversal in Eclipse Mojarra","org.glassfish:mojarra-parent",0,2.3.7,HIGH,CWE-22 -CVE-2018-14380,2022-05-14T02:59:36Z,"Cross-site Scripting in Graylog Server","org.graylog2:graylog2-server",0,2.4.6,MODERATE,CWE-79 -CVE-2018-14637,2018-12-21T17:48:45Z,"Improper Authentication in Keycloak","org.keycloak:keycloak-core",0,4.6.0,HIGH,CWE-285;CWE-287 -CVE-2018-14642,2022-05-13T01:12:21Z,"Exposure of Sensitive Information to an Unauthorized Actor in Undertow","io.undertow:undertow-core",0,2.0.19.FINAL,MODERATE,CWE-200 -CVE-2018-14655,2022-05-13T01:34:29Z,"Keycloak vulnerable to cross-site scripting via the state parameter","org.keycloak:keycloak-parent",0,,MODERATE,CWE-79 -CVE-2018-14655,2022-05-13T01:34:29Z,"Keycloak vulnerable to cross-site scripting via the state parameter","org.keycloak:keycloak-parent",4.0.0.Beta1,,MODERATE,CWE-79 -CVE-2018-14657,2022-05-13T01:12:25Z,"Keycloak Improper Bruteforce Detection","org.keycloak:keycloak-parent",0,4.6.0.Final,HIGH,CWE-307 -CVE-2018-14658,2022-05-13T01:34:29Z,"Keycloak Open Redirect","org.keycloak:keycloak-core",0,,MODERATE,CWE-601 -CVE-2018-14667,2022-05-13T01:17:53Z,"Richfaces vulnerable to arbitrary code execution","org.richfaces:richfaces-core",0,3.3.4,CRITICAL,CWE-94 -CVE-2018-14718,2019-01-04T19:06:55Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,CRITICAL,CWE-502 -CVE-2018-14718,2019-01-04T19:06:55Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-502 -CVE-2018-14718,2019-01-04T19:06:55Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502 -CVE-2018-14718,2019-01-04T19:06:55Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.7,CRITICAL,CWE-502 -CVE-2018-14719,2019-01-04T19:09:49Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.7.9.5,CRITICAL,CWE-502 -CVE-2018-14719,2019-01-04T19:09:49Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502 -CVE-2018-14719,2019-01-04T19:09:49Z,"Arbitrary Code Execution in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.7,CRITICAL,CWE-502 -CVE-2018-14720,2019-01-04T19:09:46Z,"XML External Entity Reference (XXE) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-502;CWE-611 -CVE-2018-14720,2019-01-04T19:09:46Z,"XML External Entity Reference (XXE) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502;CWE-611 -CVE-2018-14720,2019-01-04T19:09:46Z,"XML External Entity Reference (XXE) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.7,CRITICAL,CWE-502;CWE-611 -CVE-2018-14721,2019-01-04T19:07:06Z,"Server-Side Request Forgery (SSRF) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-918 -CVE-2018-14721,2019-01-04T19:07:06Z,"Server-Side Request Forgery (SSRF) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-918 -CVE-2018-14721,2019-01-04T19:07:06Z,"Server-Side Request Forgery (SSRF) in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.7,CRITICAL,CWE-918 -CVE-2018-15531,2018-10-17T18:28:00Z,"JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.","net.bull.javamelody:javamelody-core",0,1.74.0,CRITICAL,CWE-611 -CVE-2018-15756,2020-06-15T19:34:50Z,"Denial of Service in Spring Framework","org.springframework:spring-core",4.2.0.RELEASE,4.3.20.RELEASE,HIGH, -CVE-2018-15756,2020-06-15T19:34:50Z,"Denial of Service in Spring Framework","org.springframework:spring-core",5.0.0.RELEASE,5.0.10.RELEASE,HIGH, -CVE-2018-15756,2020-06-15T19:34:50Z,"Denial of Service in Spring Framework","org.springframework:spring-core",5.1.0.RELEASE,5.1.1.RELEASE,HIGH, -CVE-2018-15758,2018-10-19T22:00:28Z,"Authorization bypass in org.springframework.security.oauth:spring-security-oauth2","org.springframework.security.oauth:spring-security-oauth2",2.0.0,2.0.16,HIGH,CWE-269 -CVE-2018-15758,2018-10-19T22:00:28Z,"Authorization bypass in org.springframework.security.oauth:spring-security-oauth2","org.springframework.security.oauth:spring-security-oauth2",2.1.0,2.1.3,HIGH,CWE-269 -CVE-2018-15758,2018-10-19T22:00:28Z,"Authorization bypass in org.springframework.security.oauth:spring-security-oauth2","org.springframework.security.oauth:spring-security-oauth2",2.2.0,2.2.3.RELEASE,HIGH,CWE-269 -CVE-2018-15758,2018-10-19T22:00:28Z,"Authorization bypass in org.springframework.security.oauth:spring-security-oauth2","org.springframework.security.oauth:spring-security-oauth2",2.3.0,2.3.4.RELEASE,HIGH,CWE-269 -CVE-2018-15761,2022-05-13T01:34:08Z,"Cloud Foundry UAA Privilege Escalation","org.cloudfoundry.identity:cloudfoundry-identity-server",0,4.23.0,HIGH, -CVE-2018-15795,2018-11-29T21:30:30Z,"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker","org.springframework.credhub:spring-credhub-core",0,1.1.0,HIGH,CWE-338 -CVE-2018-15801,2018-12-20T22:01:31Z,"Spring Security vulnerable to Authorization Bypass","org.springframework.security:spring-security-core",5.1.0,5.1.2,HIGH,CWE-345 -CVE-2018-15801,2018-12-20T22:01:31Z,"Spring Security vulnerable to Authorization Bypass","org.springframework.security:spring-security-oauth2-jose",5.1.0,5.1.2,HIGH,CWE-345 -CVE-2018-15890,2019-07-26T16:10:39Z,"Deserialization of Untrusted Data in EthereumJ","org.ethereum:ethereumj-core",0,,CRITICAL,CWE-502 -CVE-2018-16115,2018-10-22T20:44:26Z,"Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor","com.typesafe.akka:akka-actor_2.11",2.5.0,2.5.16,CRITICAL,CWE-338 -CVE-2018-16115,2018-10-22T20:44:26Z,"Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actor","com.typesafe.akka:akka-actor_2.12",2.5.0,2.5.16,CRITICAL,CWE-338 -CVE-2018-16131,2018-10-22T20:37:07Z,"High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12","com.typesafe.akka:akka-http-core_2.11",10.1.0,10.1.4,HIGH,CWE-400 -CVE-2018-16131,2018-10-22T20:37:07Z,"High severity vulnerability that affects com.typesafe.akka:akka-http-core_2.11 and com.typesafe.akka:akka-http-core_2.12","com.typesafe.akka:akka-http-core_2.12",10.1.0,10.1.4,HIGH,CWE-400 -CVE-2018-16153,2021-12-14T21:43:48Z,"Opencast publishes global system account credentials","org.opencastproject:opencast-common",0,10.6,HIGH,CWE-200;CWE-522 -CVE-2018-16277,2022-05-14T01:59:15Z,"XWiki XSS Vulnerability","org.xwiki.platform:xwiki-platform",0,,MODERATE,CWE-79 -CVE-2018-17184,2018-11-06T23:16:18Z,"Improper Control of Interaction Frequency in Apache syncope-core","org.apache.syncope:syncope-core",0,2.0.11,MODERATE,CWE-799 -CVE-2018-17184,2018-11-06T23:16:18Z,"Improper Control of Interaction Frequency in Apache syncope-core","org.apache.syncope:syncope-core",2.1.0,2.1.2,MODERATE,CWE-799 -CVE-2018-17186,2018-11-06T23:15:46Z,"Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core","org.apache.syncope:syncope-core",0,2.0.11,HIGH,CWE-611 -CVE-2018-17186,2018-11-06T23:15:46Z,"Improper Restriction of XML External Entity Reference in org.apache.syncope:syncope-core","org.apache.syncope:syncope-core",2.1.0,2.1.2,HIGH,CWE-611 -CVE-2018-17187,2018-11-21T22:22:21Z,"Improper Certificate Validation in proton-j",org.apache.qpid:proton-j,0.3,0.30.0,HIGH,CWE-295 -CVE-2018-17190,2018-11-21T22:19:30Z,"Remote Code Execution in spark-core","org.apache.spark:spark-core_2.10",0,,CRITICAL, -CVE-2018-17190,2018-11-21T22:19:30Z,"Remote Code Execution in spark-core","org.apache.spark:spark-core_2.11",0,,CRITICAL, -CVE-2018-17192,2018-12-20T22:02:24Z,"Improper Restriction of Rendered UI Layers or Frames in Apache nifif",org.apache.nifi:nifi,1.0.0,1.8.0,MODERATE,CWE-1021 -CVE-2018-17193,2018-12-20T22:02:39Z,"Cross site scripting in org.apache.nifi:nifi",org.apache.nifi:nifi,1.0.0,1.8.0,MODERATE,CWE-79 -CVE-2018-17194,2018-12-20T22:02:32Z,"Apache NiFi Improper Input Validation vulnerability","org.apache.nifi:nifi-framework-cluster",1.0.0,1.8.0,HIGH,CWE-20 -CVE-2018-17195,2018-12-20T22:02:45Z,"Cleartext Transmission of Sensitive Information in Apache nifi",org.apache.nifi:nifi,1.0.0,1.8.0,HIGH,CWE-319;CWE-863 -CVE-2018-17196,2022-05-24T16:50:01Z,"Improper Input Validation in Apache Kafka",org.apache.kafka:kafka,0.11.0.0,2.1.1,HIGH,CWE-20 -CVE-2018-17197,2018-12-26T17:45:07Z,"Apache Tika Denial of Service due to Infinite Loop in Tika's SQLite3Parser","org.apache.tika:tika-parsers",1.8,1.20,MODERATE,CWE-835 -CVE-2018-17201,2019-05-14T04:01:06Z,"Improper Input Validation in Apache Sanselan","org.apache.sanselan:sanselan",0,,HIGH,CWE-20 -CVE-2018-17202,2019-05-14T04:00:47Z,"Infinite Loop in Apache Sanselan","org.apache.sanselan:sanselan",0,,HIGH,CWE-835 -CVE-2018-17244,2022-05-13T01:34:04Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",6.4.0,6.4.3,MODERATE,CWE-200 -CVE-2018-17247,2022-05-13T01:34:04Z,"Improper Restriction of XML External Entity Reference in Elasticsearch","org.elasticsearch:elasticsearch",6.5.0,6.5.2,MODERATE,CWE-611 -CVE-2018-17297,2018-10-17T19:54:53Z,"Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal",cn.hutool:hutool-all,0,4.1.12,HIGH,CWE-22 -CVE-2018-17297,2018-10-17T19:54:53Z,"Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal",cn.hutool:hutool-core,0,4.1.12,HIGH,CWE-22 -CVE-2018-17297,2018-10-17T19:54:53Z,"Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal",cn.hutool:hutool-parent,0,4.1.12,HIGH,CWE-22 -CVE-2018-17366,2022-05-14T02:00:08Z,"Mingsoft MCMS CSRF vulnerability",net.mingsoft:ms-mcms,0,,HIGH,CWE-352 -CVE-2018-17605,2022-05-14T01:44:59Z,"Asset Pipeline plugin for Grails vulnerable to Path Traversal","org.grails.plugins:asset-pipeline",0,3.0.4,HIGH,CWE-22 -CVE-2018-17785,2018-10-17T19:52:52Z,"In blynk-server a Directory Traversal exists","com.github.blynkkk:blynk-server",0,0.39.7,HIGH,CWE-22 -CVE-2018-18240,2022-05-13T01:19:33Z,"Pippo RCE Vulnerability",ro.pippo:pippo-core,0,1.12.0,CRITICAL,CWE-502 -CVE-2018-18240,2022-05-13T01:19:33Z,"Pippo RCE Vulnerability",ro.pippo:pippo-session,0,1.12.0,CRITICAL,CWE-502 -CVE-2018-18389,2018-10-17T17:31:26Z,"Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication","org.neo4j:neo4j-enterprise",3.4.0,3.4.9,CRITICAL,CWE-287 -CVE-2018-18531,2018-10-23T16:08:56Z,"Use of Insufficiently Random Values in penggle:kaptcha","com.github.penggle:kaptcha",0,,CRITICAL,CWE-330 -CVE-2018-18628,2018-10-24T19:46:20Z,"Deserialization of Untrusted Data in Pippo",ro.pippo:pippo-core,0,1.12.0,CRITICAL,CWE-502 -CVE-2018-18830,2018-11-01T14:48:29Z,"Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434 -CVE-2018-18831,2018-11-01T14:47:04Z,"Path Traversal in minsoft:ms-mcms",net.mingsoft:ms-mcms,0,,HIGH,CWE-22 -CVE-2018-18853,2018-11-09T17:42:26Z,"Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields",io.spray:spray-json_2.10,0,1.3.5,HIGH,CWE-400 -CVE-2018-18853,2018-11-09T17:42:26Z,"Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields",io.spray:spray-json_2.11,0,1.3.5,HIGH,CWE-400 -CVE-2018-18853,2018-11-09T17:42:26Z,"Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields",io.spray:spray-json_2.12,0,1.3.5,HIGH,CWE-400 -CVE-2018-18854,2018-11-09T17:41:35Z,"Uncontrolled Resource Consumption in spray-json",io.spray:spray-json_2.10,0,1.3.5,HIGH,CWE-400 -CVE-2018-18854,2018-11-09T17:41:35Z,"Uncontrolled Resource Consumption in spray-json",io.spray:spray-json_2.11,0,1.3.5,HIGH,CWE-400 -CVE-2018-18854,2018-11-09T17:41:35Z,"Uncontrolled Resource Consumption in spray-json",io.spray:spray-json_2.12,0,1.3.5,HIGH,CWE-400 -CVE-2018-18855,2022-06-28T23:23:20Z,"Uncontrolled Resource Consumption in Spray JSON",io.spray:spray-json,0,1.3.5,MODERATE,CWE-400 -CVE-2018-18893,2019-01-04T17:43:36Z,"Jinjava calls getClass","com.hubspot.jinjava:jinjava",0,2.4.6,MODERATE, -CVE-2018-19360,2019-01-04T19:06:57Z,"Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-502 -CVE-2018-19360,2019-01-04T19:06:57Z,"Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502 -CVE-2018-19360,2019-01-04T19:06:57Z,"Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.8,CRITICAL,CWE-502 -CVE-2018-19361,2019-01-04T19:07:01Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-502 -CVE-2018-19361,2019-01-04T19:07:01Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502 -CVE-2018-19361,2019-01-04T19:07:01Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.8,CRITICAL,CWE-502 -CVE-2018-19362,2019-01-04T19:07:03Z,"com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,CRITICAL,CWE-502 -CVE-2018-19362,2019-01-04T19:07:03Z,"com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.5,CRITICAL,CWE-502 -CVE-2018-19362,2019-01-04T19:07:03Z,"com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.3,CRITICAL,CWE-502 -CVE-2018-19362,2019-01-04T19:07:03Z,"com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.8,CRITICAL,CWE-502 -CVE-2018-19413,2022-05-14T01:43:42Z,"Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API","org.sonarsource.sonarqube:sonar-plugin-api",0,7.5,MODERATE,CWE-200 -CVE-2018-19859,2022-05-14T01:14:50Z,"OpenRefine Directory Traversal",org.openrefine:main,0,3.2-beta,MODERATE,CWE-22 -CVE-2018-19907,2018-12-19T19:24:18Z,"OS Command Injection in craftercms:crafter-studio","org.craftercms:crafter-studio",0,,HIGH,CWE-78 -CVE-2018-1999001,2022-05-13T01:01:00Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,HIGH,CWE-20 -CVE-2018-1999001,2022-05-13T01:01:00Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.132,HIGH,CWE-20 -CVE-2018-1999002,2022-05-13T01:01:02Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,HIGH,CWE-20 -CVE-2018-1999002,2022-05-13T01:01:02Z,"Improper Input Validation in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.132,HIGH,CWE-20 -CVE-2018-1999003,2022-05-13T01:00:59Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,MODERATE,CWE-863 -CVE-2018-1999003,2022-05-13T01:00:59Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.133,MODERATE,CWE-863 -CVE-2018-1999004,2022-05-13T01:01:02Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,MODERATE,CWE-863 -CVE-2018-1999004,2022-05-13T01:01:02Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.132,MODERATE,CWE-863 -CVE-2018-1999005,2022-05-13T01:01:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,MODERATE,CWE-79 -CVE-2018-1999005,2022-05-13T01:01:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.132,MODERATE,CWE-79 -CVE-2018-1999006,2022-05-14T01:05:26Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.2,MODERATE,CWE-200 -CVE-2018-1999006,2022-05-14T01:05:26Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.132,MODERATE,CWE-200 -CVE-2018-1999007,2022-05-13T01:01:02Z,"Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin","org.jenkins-ci.main:jenkins-core",0,2.121.2,MODERATE,CWE-79 -CVE-2018-1999007,2022-05-13T01:01:02Z,"Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin","org.jenkins-ci.main:jenkins-core",2.122,2.132,MODERATE,CWE-79 -CVE-2018-1999007,2022-05-13T01:01:02Z,"Cross-site scripting vulnerability exists in Jenkins and Stapler Plugin","org.kohsuke.stapler:stapler-parent",0,1.250.1,MODERATE,CWE-79 -CVE-2018-1999025,2022-05-14T02:57:12Z,"Jenkins TraceTronic ECU-TEST Plugin Man in the middle vulnerability","de.tracetronic.jenkins.plugins:ecutest",0,2.4,HIGH,CWE-295 -CVE-2018-1999026,2022-05-14T02:57:12Z,"Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability","de.tracetronic.jenkins.plugins:ecutest",0,2.4,MODERATE,CWE-918 -CVE-2018-1999027,2022-05-14T01:09:56Z,"Jenkins SaltStack Plugin allows attackers to capture credentials with a known credentials ID stored in Jenkins","org.jenkins-ci.plugins:saltstack",0,3.1.7,MODERATE,CWE-352 -CVE-2018-1999028,2022-05-13T01:50:55Z,"Jenkins Accurev Plugin CSRF vulnerability and missing permission checks","org.jenkins-ci.plugins:accurev",0,0.7.17,HIGH,CWE-200 -CVE-2018-1999029,2022-05-14T02:57:57Z,"Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin","org.jenkins-ci.plugins:shelve-project-plugin",0,2.0,MODERATE,CWE-79 -CVE-2018-1999030,2022-05-13T01:50:55Z,"Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks","org.jenkins-ci.plugins:maven-artifact-choicelistprovider",0,1.3.2,MODERATE,CWE-200 -CVE-2018-1999031,2022-05-14T02:57:57Z,"Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key","org.jenkins-ci.plugins:meliora-testlab",0,1.15,LOW,CWE-200 -CVE-2018-1999032,2022-05-13T01:50:55Z,"Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks","org.jenkins-ci.plugins:pangolin-testrail-connector",0,2.2,MODERATE,CWE-269 -CVE-2018-1999033,2022-05-13T01:30:26Z,"Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin","org.jenkins-ci.plugins:anchore-container-scanner",0,1.0.17,MODERATE,CWE-200 -CVE-2018-1999034,2022-05-14T02:56:39Z,"Jenkins Inedo ProGet Plugin globally and unconditionally disabled SSL/TLS certificate validation","com.inedo.proget:inedo-proget",0,1.0,HIGH,CWE-295 -CVE-2018-1999035,2022-05-14T02:56:40Z,"Jenkins Inedo BuildMaster Plugin globally and unconditionally disabled SSL/TLS certificate validation","com.inedo.buildmaster:inedo-buildmaster",0,2.0,HIGH,CWE-295 -CVE-2018-1999036,2022-05-13T01:50:55Z,"Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log","org.jenkins-ci.plugins:ssh-agent",0,1.16,LOW,CWE-532 -CVE-2018-1999037,2022-05-14T02:45:30Z,"Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource","org.jenkins-ci.plugins:resource-disposer",0,0.12,LOW,CWE-20 -CVE-2018-1999038,2022-05-14T02:21:29Z,"Jenkins Publisher Over CIFS Plugin confused deputy vulnerability","org.jenkins-ci.plugins:publish-over-cifs",0,0.11,MODERATE,CWE-441 -CVE-2018-1999039,2022-05-14T02:21:28Z,"Server-Side Request Forgery (SSRF) in Jenkins Confluence Publisher Plugin","org.jenkins-ci.plugins:confluence-publisher",0,2.0.2,MODERATE,CWE-918 -CVE-2018-1999040,2022-05-13T01:50:55Z,"Exposure of Sensitive Information in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",0,1.10.2,HIGH,CWE-200 -CVE-2018-1999041,2022-05-14T02:57:33Z,"Exposure of sensitive information vulnerability","com.tinfoilsecurity.plugins:tinfoil-scan",0,2.0,MODERATE,CWE-200 -CVE-2018-1999042,2022-05-14T01:04:56Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.3,MODERATE,CWE-502 -CVE-2018-1999042,2022-05-14T01:04:56Z,"Deserialization of Untrusted Data in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.138,MODERATE,CWE-502 -CVE-2018-1999043,2022-05-13T01:50:55Z,"Missing Release of Resource after Effective Lifetime in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.3,HIGH,CWE-772 -CVE-2018-1999043,2022-05-13T01:50:55Z,"Missing Release of Resource after Effective Lifetime in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.138,HIGH,CWE-772 -CVE-2018-1999044,2022-05-13T01:50:55Z,"Infinite Loop in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.138,MODERATE,CWE-835 -CVE-2018-1999045,2022-05-14T01:04:56Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.3,MODERATE,CWE-287 -CVE-2018-1999045,2022-05-14T01:04:56Z,"Improper Authentication in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.138,MODERATE,CWE-287 -CVE-2018-1999046,2022-05-14T01:04:56Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.3,MODERATE,CWE-200 -CVE-2018-1999046,2022-05-14T01:04:56Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.138,MODERATE,CWE-200 -CVE-2018-1999047,2022-05-13T01:50:56Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.121.3,MODERATE,CWE-863 -CVE-2018-1999047,2022-05-13T01:50:56Z,"Incorrect Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.122,2.138,MODERATE,CWE-863 -CVE-2018-20000,2018-12-19T19:24:52Z,"Improper Restriction of XML External Entity Reference in bedework:bw-webdav",org.bedework:bw-webdav,4.0.1,4.0.3,HIGH,CWE-611 -CVE-2018-20059,2018-12-19T19:24:39Z,"Improper Restriction of XML External Entity Reference in pippo-core",ro.pippo:pippo-core,0,1.12.0,CRITICAL,CWE-611 -CVE-2018-20094,2018-12-19T19:25:04Z,"XXL-CONF Path Traversal vulnerability","com.xuxueli:xxl-conf-admin",0,,HIGH,CWE-22 -CVE-2018-20227,2022-05-14T01:42:52Z,"RDF4J vulnerable to zip slip",org.eclipse.rdf4j:rdf4j,0,2.5.0,HIGH,CWE-22 -CVE-2018-20242,2019-02-12T17:26:07Z,"Cross-site Scripting in jspwiki-war","org.apache.jspwiki:jspwiki-war",0,2.11.0.M1,MODERATE,CWE-79 -CVE-2018-20433,2019-01-07T19:14:34Z,"XML External Entity Reference in mchange:c3p0",com.mchange:c3p0,0,0.9.5.3,CRITICAL,CWE-611 -CVE-2018-20594,2019-01-04T17:43:30Z,"Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons","org.hswebframework.web:hsweb-commons",0,,MODERATE,CWE-79 -CVE-2018-20595,2019-01-04T17:43:22Z,"Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons","org.hswebframework.web:hsweb-commons",0,,HIGH,CWE-352 -CVE-2018-20676,2019-01-17T13:57:34Z,"XSS vulnerability that affects bootstrap",org.webjars:bootstrap,0,3.4.0,MODERATE,CWE-79 -CVE-2018-20677,2019-01-17T13:57:56Z,"bootstrap Cross-site Scripting vulnerability",org.webjars:bootstrap,0,3.4.0,MODERATE,CWE-79 -CVE-2018-21234,2022-02-10T23:03:26Z,"Deserialization of Untrusted Data in Jodd",org.jodd:jodd-json,0,5.0.4,CRITICAL,CWE-502 -CVE-2018-25007,2021-04-19T14:53:09Z,"Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11",com.vaadin:flow-server,1.0.0,1.0.6,LOW,CWE-754 -CVE-2018-25068,2023-01-06T21:30:40Z,"globalpom-utils has Insecure Temporary File","com.anrisoftware.globalpom:globalpomutils",0,4.5.1,CRITICAL,CWE-377;CWE-668 -CVE-2018-3258,2022-05-13T01:52:26Z,"Improper Privilege Management in MySQL Connectors Java","mysql:mysql-connector-java",0,8.0.13,HIGH,CWE-269 -CVE-2018-3824,2022-05-13T01:32:17Z,"Elasticsearch subject to cross site scripting","org.elasticsearch:elasticsearch",0,5.6.9,MODERATE,CWE-79 -CVE-2018-3824,2022-05-13T01:32:17Z,"Elasticsearch subject to cross site scripting","org.elasticsearch:elasticsearch",6.0.0,6.2.4,MODERATE,CWE-79 -CVE-2018-3831,2022-05-13T01:27:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",5.6.0,5.6.12,HIGH,CWE-200 -CVE-2018-3831,2022-05-13T01:27:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",6.0.0,6.4.1,HIGH,CWE-200 -CVE-2018-5382,2022-05-13T01:01:01Z,"Improper Validation of Integrity Check Value in Bouncy Castle","org.bouncycastle:bcprov-jdk15on",0,1.50,MODERATE,CWE-354 -CVE-2018-5968,2020-06-30T20:40:50Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.7.9.5,HIGH,CWE-184;CWE-502 -CVE-2018-5968,2020-06-30T20:40:50Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.1,HIGH,CWE-184;CWE-502 -CVE-2018-5968,2020-06-30T20:40:50Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.4,HIGH,CWE-184;CWE-502 -CVE-2018-6356,2022-05-13T01:01:01Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.89.4,MODERATE,CWE-22 -CVE-2018-6356,2022-05-13T01:01:01Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",2.90,2.107,MODERATE,CWE-22 -CVE-2018-7489,2018-10-16T17:45:18Z,"FasterXML jackson-databind allows unauthenticated remote code execution ","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.5,CRITICAL,CWE-184;CWE-502 -CVE-2018-7489,2018-10-16T17:45:18Z,"FasterXML jackson-databind allows unauthenticated remote code execution ","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.3,CRITICAL,CWE-184;CWE-502 -CVE-2018-7489,2018-10-16T17:45:18Z,"FasterXML jackson-databind allows unauthenticated remote code execution ","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.1,CRITICAL,CWE-184;CWE-502 -CVE-2018-7489,2018-10-16T17:45:18Z,"FasterXML jackson-databind allows unauthenticated remote code execution ","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.5,CRITICAL,CWE-184;CWE-502 -CVE-2018-8006,2018-10-30T20:48:58Z,"Apache ActiveMQ web console vulnerable to Cross-site Scripting","org.apache.activemq:activemq-web-console",5.0.0,5.15.6,MODERATE,CWE-79 -CVE-2018-8008,2018-10-16T17:35:24Z,"ZipSlip in org.apache.storm:storm-core","org.apache.storm:storm-core",0,1.0.7,MODERATE,CWE-22 -CVE-2018-8008,2018-10-16T17:35:24Z,"ZipSlip in org.apache.storm:storm-core","org.apache.storm:storm-core",1.1.0,1.1.3,MODERATE,CWE-22 -CVE-2018-8008,2018-10-16T17:35:24Z,"ZipSlip in org.apache.storm:storm-core","org.apache.storm:storm-core",1.2.0,1.2.2,MODERATE,CWE-22 -CVE-2018-8009,2018-12-21T17:50:29Z,"Path Traversal in Hadoop","org.apache.hadoop:hadoop-main",0,2.7.7,HIGH,CWE-22 -CVE-2018-8009,2018-12-21T17:50:29Z,"Path Traversal in Hadoop","org.apache.hadoop:hadoop-main",2.8.0,2.8.5,HIGH,CWE-22 -CVE-2018-8009,2018-12-21T17:50:29Z,"Path Traversal in Hadoop","org.apache.hadoop:hadoop-main",2.9.0,2.9.2,HIGH,CWE-22 -CVE-2018-8009,2018-12-21T17:50:29Z,"Path Traversal in Hadoop","org.apache.hadoop:hadoop-main",3.0.0,3.0.3,HIGH,CWE-22 -CVE-2018-8009,2018-12-21T17:50:29Z,"Path Traversal in Hadoop","org.apache.hadoop:hadoop-main",3.1.0,3.1.1,HIGH,CWE-22 -CVE-2018-8010,2018-10-17T19:56:04Z,"There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files","org.apache.solr:solr-core",6.6.0,6.6.4,MODERATE,CWE-611 -CVE-2018-8010,2018-10-17T19:56:04Z,"There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files","org.apache.solr:solr-core",7.0.0,7.3.1,MODERATE,CWE-611 -CVE-2018-8012,2022-05-13T01:05:57Z,"Missing Authorization in Apache ZooKeeper","org.apache.zookeeper:zookeeper",0,3.4.10,HIGH,CWE-862 -CVE-2018-8012,2022-05-13T01:05:57Z,"Missing Authorization in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.5.0-alpha,3.5.4-beta,HIGH,CWE-862 -CVE-2018-8013,2022-05-13T01:14:24Z,"Deserialization of Untrusted Data in Apache Batik","org.apache.xmlgraphics:batik",1.0,1.10,CRITICAL,CWE-502 -CVE-2018-8014,2018-10-17T16:32:32Z,"The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins","org.apache.tomcat.embed:tomcat-embed-core",7.0.41,7.0.88,CRITICAL,CWE-1188 -CVE-2018-8014,2018-10-17T16:32:32Z,"The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins","org.apache.tomcat.embed:tomcat-embed-core",8.0.0RC1,8.0.53,CRITICAL,CWE-1188 -CVE-2018-8014,2018-10-17T16:32:32Z,"The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.32,CRITICAL,CWE-1188 -CVE-2018-8014,2018-10-17T16:32:32Z,"The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.9,CRITICAL,CWE-1188 -CVE-2018-8015,2022-05-13T01:20:37Z,"Apache ORC vulnerable to Uncontrolled Recursion",org.apache.orc:orc,1.0.0,1.4.4,HIGH,CWE-674 -CVE-2018-8016,2022-05-13T01:53:28Z,"Missing Authentication for Critical Function in Apache Cassandra","org.apache.cassandra:cassandra-all",3.8,3.11.2,CRITICAL,CWE-306 -CVE-2018-8017,2018-10-17T15:50:31Z,"Comparison errorr in org.apache.tika:tika-core","org.apache.tika:tika-core",1.2,1.19,MODERATE,CWE-835 -CVE-2018-8018,2018-10-16T20:53:54Z,"Code execution via deserialization in org.apache.ignite:ignite-core","org.apache.ignite:ignite-core",0,2.6,CRITICAL,CWE-502 -CVE-2018-8023,2018-10-17T19:54:14Z,"Moderate severity vulnerability that affects org.apache.mesos:mesos",org.apache.mesos:mesos,0,1.4.2,MODERATE,CWE-200 -CVE-2018-8023,2018-10-17T19:54:14Z,"Moderate severity vulnerability that affects org.apache.mesos:mesos",org.apache.mesos:mesos,1.5.0,1.5.2,MODERATE,CWE-200 -CVE-2018-8023,2018-10-17T19:54:14Z,"Moderate severity vulnerability that affects org.apache.mesos:mesos",org.apache.mesos:mesos,1.6.0,1.6.1,MODERATE,CWE-200 -CVE-2018-8024,2019-03-14T15:40:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL","org.apache.spark:spark-core_2.10",2.1.0,2.1.3,MODERATE,CWE-200 -CVE-2018-8024,2019-03-14T15:40:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL","org.apache.spark:spark-core_2.10",2.2.0,2.2.2,MODERATE,CWE-200 -CVE-2018-8024,2019-03-14T15:40:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL","org.apache.spark:spark-core_2.11",2.1.0,2.1.3,MODERATE,CWE-200 -CVE-2018-8024,2019-03-14T15:40:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL","org.apache.spark:spark-core_2.11",2.2.0,2.2.2,MODERATE,CWE-200 -CVE-2018-8024,2019-03-14T15:40:57Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL","org.apache.spark:spark-core_2.11",2.3.0,2.3.1,MODERATE,CWE-200 -CVE-2018-8025,2018-10-18T18:05:02Z,"Race condition in org.apache.hbase:hbase-thrift","org.apache.hbase:hbase-thrift",0,1.2.6.1,HIGH,CWE-362 -CVE-2018-8025,2018-10-18T18:05:02Z,"Race condition in org.apache.hbase:hbase-thrift","org.apache.hbase:hbase-thrift",1.3.0,1.3.2.1,HIGH,CWE-362 -CVE-2018-8025,2018-10-18T18:05:02Z,"Race condition in org.apache.hbase:hbase-thrift","org.apache.hbase:hbase-thrift",1.4.0,1.4.5,HIGH,CWE-362 -CVE-2018-8025,2018-10-18T18:05:02Z,"Race condition in org.apache.hbase:hbase-thrift","org.apache.hbase:hbase-thrift",2.0.0,2.0.1,HIGH,CWE-362 -CVE-2018-8026,2018-10-17T19:55:34Z,"XML external entity expansion in org.apache.solr:solr-core","org.apache.solr:solr-core",6.0.0,6.6.5,MODERATE,CWE-611 -CVE-2018-8026,2018-10-17T19:55:34Z,"XML external entity expansion in org.apache.solr:solr-core","org.apache.solr:solr-core",7.0.0,7.4.0,MODERATE,CWE-611 -CVE-2018-8027,2018-10-16T23:06:25Z,"Apache is vulnerable to XXE in XSD validation processor","org.apache.camel:camel-core",2.20.0,2.20.4,CRITICAL,CWE-611 -CVE-2018-8027,2018-10-16T23:06:25Z,"Apache is vulnerable to XXE in XSD validation processor","org.apache.camel:camel-core",2.21.0,2.21.1,CRITICAL,CWE-611 -CVE-2018-8028,2022-05-13T01:53:29Z,"Apache Sentry may allow attacker to access/remove data from Sentry protected table",org.apache.sentry:sentry,0,2.0.1,HIGH,CWE-862 -CVE-2018-8029,2019-05-31T16:09:15Z,"Privilege escalation vulnerability in Apache Hadoop","org.apache.hadoop:hadoop-main",2.2.0,2.8.4,HIGH,CWE-285 -CVE-2018-8029,2019-05-31T16:09:15Z,"Privilege escalation vulnerability in Apache Hadoop","org.apache.hadoop:hadoop-main",2.9.0,2.9.2,HIGH,CWE-285 -CVE-2018-8029,2019-05-31T16:09:15Z,"Privilege escalation vulnerability in Apache Hadoop","org.apache.hadoop:hadoop-main",3.0.0,3.1.1,HIGH,CWE-285 -CVE-2018-8030,2018-10-16T19:50:39Z,"Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents","org.apache.qpid:apache-qpid-broker-j",7.0.0,7.1.0,HIGH,CWE-20 -CVE-2018-8031,2022-05-14T01:30:10Z,"Apache TomEE console vulnerable to Cross-site Scripting","org.apache.tomee:tomee-webapp",0,7.0.5,MODERATE,CWE-79 -CVE-2018-8032,2018-10-16T20:51:15Z,"Moderate severity vulnerability that affects apache axis",axis:axis,0,,MODERATE,CWE-79 -CVE-2018-8032,2018-10-16T20:51:15Z,"Moderate severity vulnerability that affects apache axis",org.apache.axis:axis,0,,MODERATE,CWE-79 -CVE-2018-8034,2018-10-17T16:32:43Z,"The host name verification missing in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.35,7.0.90,HIGH,CWE-295 -CVE-2018-8034,2018-10-17T16:32:43Z,"The host name verification missing in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.0.53,HIGH,CWE-295 -CVE-2018-8034,2018-10-17T16:32:43Z,"The host name verification missing in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.32,HIGH,CWE-295 -CVE-2018-8034,2018-10-17T16:32:43Z,"The host name verification missing in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.10,HIGH,CWE-295 -CVE-2018-8035,2019-05-14T04:00:37Z,"Cross-site Scripting in Apache UIMA","org.apache.uima:uima-ducc-web",0,3.0.0,MODERATE,CWE-79 -CVE-2018-8036,2022-05-13T01:53:29Z,"Loop with Unreachable Exit Condition in Apache PDFBox",org.apache.pdfbox:pdfbox,1.8.0,1.8.15,MODERATE,CWE-835 -CVE-2018-8036,2022-05-13T01:53:29Z,"Loop with Unreachable Exit Condition in Apache PDFBox",org.apache.pdfbox:pdfbox,2.0.0RC1,2.0.11,MODERATE,CWE-835 -CVE-2018-8037,2018-10-17T16:33:02Z,"Apache Tomcat Race Condition vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.5,8.5.32,MODERATE,CWE-362 -CVE-2018-8037,2018-10-17T16:33:02Z,"Apache Tomcat Race Condition vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M9,9.0.10,MODERATE,CWE-362 -CVE-2018-8038,2018-10-18T16:56:47Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-jetty8",0,1.4.4,HIGH,CWE-20 -CVE-2018-8038,2018-10-18T16:56:47Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-jetty9",0,1.4.4,HIGH,CWE-20 -CVE-2018-8038,2018-10-18T16:56:47Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring",0,1.4.4,HIGH,CWE-20 -CVE-2018-8038,2018-10-18T16:56:47Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring2",0,1.4.4,HIGH,CWE-20 -CVE-2018-8038,2018-10-18T16:56:47Z,"High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3","org.apache.cxf.fediz:fediz-spring3",0,1.4.4,HIGH,CWE-20 -CVE-2018-8039,2018-10-19T16:40:01Z,"Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*","org.apache.cxf:apache-cxf",0,3.1.16,HIGH,CWE-755 -CVE-2018-8039,2018-10-19T16:40:01Z,"Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*","org.apache.cxf:apache-cxf",3.2.0,3.2.5,HIGH,CWE-755 -CVE-2018-8039,2018-10-19T16:40:01Z,"Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*",org.apache.cxf:cxf,0,3.1.16,HIGH,CWE-755 -CVE-2018-8039,2018-10-19T16:40:01Z,"Apache CXF TLS hostname verification does not work correctly with com.sun.net.ssl.*",org.apache.cxf:cxf,3.2.0,3.2.5,HIGH,CWE-755 -CVE-2018-8041,2018-10-16T23:07:57Z,"Apache Camel's Mail is vulnerable to path traversal","org.apache.camel:camel-mail",2.20.0,2.20.4,MODERATE,CWE-22 -CVE-2018-8041,2018-10-16T23:07:57Z,"Apache Camel's Mail is vulnerable to path traversal","org.apache.camel:camel-mail",2.21.0,2.21.2,MODERATE,CWE-22 -CVE-2018-8041,2018-10-16T23:07:57Z,"Apache Camel's Mail is vulnerable to path traversal","org.apache.camel:camel-mail",2.22.0,2.22.1,MODERATE,CWE-22 -CVE-2018-8088,2022-05-13T01:04:09Z,"Improper Access Control in SLF4J",org.slf4j:slf4j-ext,0,1.7.26,CRITICAL,CWE-284 -CVE-2018-8088,2022-05-13T01:04:09Z,"Improper Access Control in SLF4J",org.slf4j:slf4j-ext,1.8.0-alpha0,1.8.0-beta4,CRITICAL,CWE-284 -CVE-2018-8718,2022-05-14T01:29:12Z,"Cross-Site Request Forgery in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",0,1.21,HIGH,CWE-352 -CVE-2018-9159,2018-10-19T16:56:00Z,"Moderate severity vulnerability that affects com.sparkjava:spark-core",com.sparkjava:spark-core,0,2.7.2,MODERATE,CWE-22 -CVE-2019-0186,2022-05-24T16:44:43Z,"Cross-site Scripting in Apache Pluto Chatroom demo","org.apache.portals.pluto:chatRoomDemo",3.0.0,3.1.0,MODERATE,CWE-79 -CVE-2019-0187,2019-03-07T18:47:57Z,"Unauthenticated Remote Code Execution in Apache JMeter","org.apache.jmeter:ApacheJMeter",0,5.1,CRITICAL,CWE-327;CWE-502 -CVE-2019-0188,2019-05-29T18:15:50Z,"XML External Entity injection in Apache Camel","org.apache.camel:camel-core",0,2.24.0,HIGH,CWE-611 -CVE-2019-0188,2019-05-29T18:15:50Z,"XML External Entity injection in Apache Camel","org.apache.camel:camel-xmljson",0,,HIGH,CWE-611 -CVE-2019-0191,2019-03-25T16:16:44Z,"Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf","org.apache.karaf:apache-karaf",0,4.2.3,MODERATE,CWE-22 -CVE-2019-0191,2019-03-25T16:16:44Z,"Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf",org.apache.karaf:karaf,0,4.2.3,MODERATE,CWE-22 -CVE-2019-0192,2019-03-14T15:39:45Z,"Critical severity vulnerability that affects org.apache.solr:solr-core","org.apache.solr:solr-core",5.0.0,7.0.0,CRITICAL,CWE-502 -CVE-2019-0192,2019-03-14T15:39:45Z,"Critical severity vulnerability that affects org.apache.solr:solr-core","org.apache.solr:solr-core",6.0.0,7.0.0,CRITICAL,CWE-502 -CVE-2019-0193,2019-08-01T19:17:35Z,"XML External Entity (XXE) Injection in Apache Solr","org.apache.solr:solr-core",0,8.2.0,HIGH,CWE-94 -CVE-2019-0194,2019-05-02T15:21:34Z,"Path Traversal in Apache Camel","org.apache.camel:camel-core",2.21.0,2.21.5,HIGH,CWE-22 -CVE-2019-0194,2019-05-02T15:21:34Z,"Path Traversal in Apache Camel","org.apache.camel:camel-core",2.22.0,2.22.3,HIGH,CWE-22 -CVE-2019-0194,2019-05-02T15:21:34Z,"Path Traversal in Apache Camel","org.apache.camel:camel-core",2.23.0,2.23.1,HIGH,CWE-22 -CVE-2019-0195,2022-05-24T22:00:35Z,"Deserialization of Untrusted Data in Apache Tapestry","org.apache.tapestry:tapestry-core",5.4.0,5.4.5,CRITICAL,CWE-502 -CVE-2019-0199,2020-06-15T18:51:09Z,"Apache Tomcat Denial of Service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.38,HIGH,CWE-400 -CVE-2019-0199,2020-06-15T18:51:09Z,"Apache Tomcat Denial of Service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.16,HIGH,CWE-400 -CVE-2019-0200,2019-03-07T18:48:08Z,"Improper Input Validation in Apache Qpid Broker-J","org.apache.qpid:apache-qpid-broker-j",0,7.0.7,HIGH,CWE-20 -CVE-2019-0200,2019-03-07T18:48:08Z,"Improper Input Validation in Apache Qpid Broker-J","org.apache.qpid:apache-qpid-broker-j",7.1.0,7.1.1,HIGH,CWE-20 -CVE-2019-0201,2019-05-29T18:54:11Z,"Access control bypass in Apache ZooKeeper","org.apache.zookeeper:zookeeper",1.0.0,3.4.14,MODERATE,CWE-862 -CVE-2019-0201,2019-05-29T18:54:11Z,"Access control bypass in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.5.0,3.5.5,MODERATE,CWE-862 -CVE-2019-0202,2022-05-24T16:51:28Z,"Exposure of Sensitive Information in Apache Storm Logviewer","org.apache.storm:storm-core",0.9.1-incubating,1.2.3,HIGH,CWE-200 -CVE-2019-0204,2022-05-13T01:04:24Z,"Docker image code execution with Apache Mesos",org.apache.mesos:mesos,0,1.4.3,HIGH, -CVE-2019-0204,2022-05-13T01:04:24Z,"Docker image code execution with Apache Mesos",org.apache.mesos:mesos,1.5.0,1.5.3,HIGH, -CVE-2019-0204,2022-05-13T01:04:24Z,"Docker image code execution with Apache Mesos",org.apache.mesos:mesos,1.6.0,1.6.2,HIGH, -CVE-2019-0204,2022-05-13T01:04:24Z,"Docker image code execution with Apache Mesos",org.apache.mesos:mesos,1.7.0,1.7.2,HIGH, -CVE-2019-0205,2022-05-24T17:00:01Z,"Loop with Unreachable Exit Condition in Apache Thrift","org.apache.thrift:libthrift",0,0.13.0,HIGH,CWE-835 -CVE-2019-0207,2019-11-18T17:19:03Z,"Path traversal attack on Windows platforms","org.apache.tapestry:tapestry-core",5.4.0,5.4.5,HIGH,CWE-22 -CVE-2019-0212,2019-04-02T15:47:00Z,"Improper Authorization in org.apache.hbase:hbase",org.apache.hbase:hbase,2.0.0,2.0.5,HIGH,CWE-285 -CVE-2019-0212,2019-04-02T15:47:00Z,"Improper Authorization in org.apache.hbase:hbase",org.apache.hbase:hbase,2.1.0,2.1.4,HIGH,CWE-285 -CVE-2019-0213,2019-05-14T04:00:31Z,"Cross-site scripting in Apache Archiva","org.apache.archiva:archiva",0,2.2.4,MODERATE,CWE-79 -CVE-2019-0214,2019-05-14T04:00:21Z,"Improper Input Validation in Apache Archiva","org.apache.archiva:archiva",2.2.0,2.2.4,MODERATE,CWE-20 -CVE-2019-0221,2019-05-30T03:30:42Z,"Cross-site scripting in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.94,MODERATE,CWE-79 -CVE-2019-0221,2019-05-30T03:30:42Z,"Cross-site scripting in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.40,MODERATE,CWE-79 -CVE-2019-0221,2019-05-30T03:30:42Z,"Cross-site scripting in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.17,MODERATE,CWE-79 -CVE-2019-0222,2019-04-02T15:46:42Z,"Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client","org.apache.activemq:activemq-client",5.0.0,5.15.9,HIGH,CWE-94 -CVE-2019-0223,2022-05-24T16:44:10Z,"Improper Certificate Validation in Apache Qpid Proton",org.apache.qpid:proton-j,0.9,0.27.1,HIGH,CWE-295 -CVE-2019-0224,2019-04-02T15:46:48Z,"Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main","org.apache.jspwiki:jspwiki-main",2.9.0,2.11.0.M3,MODERATE,CWE-79 -CVE-2019-0225,2019-04-08T16:23:36Z,"Improper Limitation of a Pathname ('Path Traversal') in org.apache.jspwiki:jspwiki-war","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M3,HIGH,CWE-22 -CVE-2019-0226,2022-05-24T16:45:24Z,"Apache Karaf vulnerable to relative path traversal","org.apache.karaf.config:org.apache.karaf.config.core",0,4.2.5,MODERATE,CWE-22 -CVE-2019-0227,2019-05-14T04:02:24Z,"Server Side Request Forgery in Apache Axis",axis:axis,0,,HIGH,CWE-918 -CVE-2019-0227,2019-05-14T04:02:24Z,"Server Side Request Forgery in Apache Axis",org.apache.axis:axis,0,,HIGH,CWE-918 -CVE-2019-0228,2019-07-05T21:12:54Z,"Vulnerability that affects org.apache.pdfbox:pdfbox",org.apache.pdfbox:pdfbox,2.0.14,2.0.15,CRITICAL,CWE-611 -CVE-2019-0230,2021-12-02T14:50:51Z,"Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.5.22,CRITICAL,CWE-1321;CWE-915 -CVE-2019-0231,2022-05-24T16:57:28Z,"Cleartext Transmission of Sensitive Information in Apache MINA","org.apache.mina:mina-core",0,2.0.21,HIGH,CWE-319 -CVE-2019-0231,2022-05-24T16:57:28Z,"Cleartext Transmission of Sensitive Information in Apache MINA","org.apache.mina:mina-core",2.1.0,2.1.1,HIGH,CWE-319 -CVE-2019-0232,2019-04-18T14:27:35Z,"Apache Tomcat OS Command Injection vulnerability","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.94,HIGH,CWE-78 -CVE-2019-0232,2019-04-18T14:27:35Z,"Apache Tomcat OS Command Injection vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.40,HIGH,CWE-78 -CVE-2019-0232,2019-04-18T14:27:35Z,"Apache Tomcat OS Command Injection vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.17,HIGH,CWE-78 -CVE-2019-0233,2022-05-24T17:28:11Z,"Improper Preservation of Permissions in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.5.22,HIGH,CWE-281 -CVE-2019-1003000,2022-05-13T01:15:19Z,"Protection Mechanism Failure in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.50,HIGH,CWE-693 -CVE-2019-1003001,2022-05-13T01:15:20Z,"Jenkins Groovy Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins.workflow:workflow-cps-parent",0,2.61.1,HIGH, -CVE-2019-1003001,2022-05-13T01:15:20Z,"Jenkins Groovy Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:pipeline-model-definition",0,1.3.4.1,HIGH, -CVE-2019-1003001,2022-05-13T01:15:20Z,"Jenkins Groovy Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:script-security",0,1.50,HIGH, -CVE-2019-1003002,2022-05-13T01:15:20Z,"Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability","org.jenkinsci.plugins:pipeline-model-definition",0,1.3.4.1,HIGH, -CVE-2019-1003003,2022-05-13T01:05:22Z,"Improper Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.150.2,HIGH,CWE-285 -CVE-2019-1003003,2022-05-13T01:05:22Z,"Improper Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.151,2.159,HIGH,CWE-285 -CVE-2019-1003004,2022-05-13T01:05:22Z,"Improper Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.159,HIGH,CWE-285 -CVE-2019-1003005,2022-05-13T01:00:55Z,"Sandbox Bypass in Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.51,HIGH,CWE-693 -CVE-2019-1003006,2022-05-13T01:15:21Z,"Jenkins Groovy Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:groovy",0,2.1,HIGH,CWE-862 -CVE-2019-1003007,2022-05-13T01:31:35Z,"Sandbox Bypass via CSRF in Jenkins Warnings Plugin ","org.jvnet.hudson.plugins:warnings",0,5.0.1,HIGH,CWE-352 -CVE-2019-1003008,2022-05-13T01:31:35Z,"Jenkins Warnings Next Generation Plugin cross-site request forgery vulnerability","io.jenkins.plugins:warnings-ng",0,,HIGH,CWE-352 -CVE-2019-1003009,2022-05-13T01:31:35Z,"Jenkins Active Directory Plugin Improper certificate validation with StartTLS","org.jenkins-ci.plugins:active-directory",0,2.11,HIGH,CWE-295 -CVE-2019-1003010,2022-05-14T01:06:45Z,"Cross-Site Request Forgery in Jenkins Git Plugin","org.jenkins-ci.plugins:git",0,3.9.2,MODERATE,CWE-352 -CVE-2019-1003011,2022-05-13T01:15:21Z,"Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS","org.jenkins-ci.plugins:token-macro",0,2.6,MODERATE,CWE-674 -CVE-2019-1003012,2022-05-13T01:31:35Z,"Cross-Site Request Forgery in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.10.2,MODERATE,CWE-352 -CVE-2019-1003013,2022-05-13T01:31:35Z,"Cross-site Scripting in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.10.2,MODERATE,CWE-79 -CVE-2019-1003014,2022-05-13T01:31:35Z,"Jenkins Config File Provider Plugin XSS vulnerability","org.jenkins-ci.plugins:config-file-provider",0,3.5,MODERATE,CWE-79 -CVE-2019-1003015,2022-05-13T01:31:35Z,"XXE vulnerability in Jenkins Job Import Plugin","org.jenkins-ci.plugins:job-import-plugin",0,3.0,CRITICAL,CWE-611 -CVE-2019-1003016,2022-05-13T01:31:34Z,"Jenkins Job Import Plugin vulnerable to exposure of sensitive information","org.jenkins-ci.plugins:job-import-plugin",0,3.0,MODERATE,CWE-352 -CVE-2019-1003017,2022-05-13T01:31:34Z,"Jenkins Job Import Plugin CSRF vulnerability","org.jenkins-ci.plugins:job-import-plugin",0,3.1,MODERATE,CWE-352 -CVE-2019-1003018,2022-05-13T01:31:35Z,"GitHub Authentication Plugin showed plain text client secret in configuration form ","org.jenkins-ci.plugins:github-oauth",0,0.31,MODERATE,CWE-200 -CVE-2019-1003019,2022-05-13T01:31:34Z,"GitHub Authentication Plugin session fixation vulnerability","org.jenkins-ci.plugins:github-oauth",0,0.31,MODERATE,CWE-384 -CVE-2019-1003020,2022-05-13T01:31:34Z,"Jenkins Kanboard Plugin vulnerable to Server-side request forgery (SSRF)","org.jenkins-ci.plugins:kanboard",0,1.5.11,MODERATE,CWE-918 -CVE-2019-1003021,2022-05-13T01:31:34Z,"Jenkins OpenId Connect Authentication Plugin showed plain text client secret in configuration form","org.jenkins-ci.plugins:oic-auth",0,1.5,MODERATE,CWE-200 -CVE-2019-1003022,2022-05-13T01:31:34Z,"Jenkins Monitoring Plugin vulnerable to Denial of service vulnerability","org.jvnet.hudson.plugins:monitoring",0,1.75.0,MODERATE,CWE-352 -CVE-2019-1003023,2022-05-13T01:31:34Z,"XSS vulnerability in Jenkins Warnings Next Generation Plugin","io.jenkins.plugins:warnings-ng",0,2.0.0,MODERATE,CWE-79 -CVE-2019-1003024,2022-05-13T01:15:21Z,"Jenkins Script Security Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:script-security",0,1.53,HIGH, -CVE-2019-1003025,2022-05-13T01:15:21Z,"Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information","org.jenkins-ci.plugins:cloudfoundry",0,2.3.2,MODERATE,CWE-862 -CVE-2019-1003026,2022-05-13T01:31:34Z,"Jenkins Mattermost Notification Plugin vulnerable to SSRF","org.jenkins-ci.plugins:mattermost",0,2.6.3,MODERATE,CWE-918 -CVE-2019-1003027,2022-05-13T01:31:34Z,"SSRF vulnerability due to missing permission check in Jenkins OctopusDeploy Plugin ","hudson.plugins.octopusdeploy:octopusdeploy",0,1.9.0,MODERATE,CWE-918 -CVE-2019-1003028,2022-05-13T01:31:33Z,"SSRF vulnerability due to missing permission check in Jenkins JMS Messaging Plugin","org.jenkins-ci.plugins:jms-messaging",0,1.1.2,MODERATE,CWE-918 -CVE-2019-1003029,2022-05-13T01:00:55Z,"Sandbox bypass in Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.54,CRITICAL,CWE-693 -CVE-2019-1003030,2022-05-13T01:14:26Z,"Sandbox bypass in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.64,CRITICAL,CWE-693 -CVE-2019-1003031,2022-05-13T01:15:07Z,"Script security sandbox bypass in Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",0,1.14,CRITICAL,CWE-693 -CVE-2019-1003032,2022-05-13T01:15:06Z,"Script security sandbox bypass in Jenkins Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.65,CRITICAL,CWE-693 -CVE-2019-1003033,2022-05-13T01:15:06Z,"Jenkins Groovy Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:groovy",0,2.2,HIGH,CWE-693 -CVE-2019-1003034,2022-05-13T01:15:07Z,"Script security sandbox bypass in Jenkins Job DSL Plugin","org.jenkins-ci.plugins:job-dsl",0,1.72,CRITICAL,CWE-693 -CVE-2019-1003035,2022-05-13T01:15:07Z,"Information disclosure in Azure VM Agents Plugin ","org.jenkins-ci.plugins:azure-vm-agents",0,0.8.1,MODERATE,CWE-862 -CVE-2019-1003036,2022-05-13T01:15:08Z,"Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration ","org.jenkins-ci.plugins:azure-vm-agents",0,0.8.1,MODERATE,CWE-862 -CVE-2019-1003037,2022-05-13T01:15:07Z,"Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin","org.jenkins-ci.plugins:azure-vm-agents",0,0.8.1,MODERATE,CWE-862 -CVE-2019-1003038,2022-05-13T01:15:07Z,"Jenkins Repository Connector Plugin has insufficiently protected credentials","org.jenkins-ci.plugins:repository-connector",0,1.2.5,LOW,CWE-522 -CVE-2019-1003039,2022-05-13T01:15:09Z,"Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials","org.jenkins-ci.plugins:appdynamics-dashboard",0,1.0.15,MODERATE,CWE-522 -CVE-2019-1003040,2022-05-13T01:15:09Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.56,CRITICAL,CWE-470 -CVE-2019-1003041,2022-05-13T01:15:09Z,"Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.65,CRITICAL,CWE-470 -CVE-2019-1003042,2022-05-13T01:25:43Z,"Jenkins Lockable Resources Plugin XSS vulnerability","org.6wind.jenkins:lockable-resources",0,2.5,MODERATE,CWE-79 -CVE-2019-1003043,2022-05-13T01:15:08Z,"Jenkins Slack Notification Plugin missing permission check","org.jenkins-ci.plugins:slack",0,2.20,MODERATE,CWE-862 -CVE-2019-1003044,2022-05-13T01:25:43Z,"Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks","org.jenkins-ci.plugins:slack",0,2.20,HIGH,CWE-352 -CVE-2019-1003045,2022-05-13T01:15:08Z,"ECS Publisher Plugin stored and displayed API token in plain text",de.eacg:ecs-publisher,0,1.0.1,MODERATE,CWE-522 -CVE-2019-1003046,2022-05-13T01:25:43Z,"Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,3.0.11,MODERATE,CWE-352 -CVE-2019-1003047,2022-05-13T01:15:08Z,"SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin ","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,3.0.11,MODERATE,CWE-862 -CVE-2019-1003048,2022-05-13T01:15:11Z,"Jenkins PRQA Plugin stored password in plain text ","com.programmingresearch:prqa-plugin",0,3.1.2,LOW,CWE-311 -CVE-2019-1003049,2022-05-13T01:01:01Z,"Insufficient Session Expiration in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.164.2,HIGH,CWE-613 -CVE-2019-1003049,2022-05-13T01:01:01Z,"Insufficient Session Expiration in Jenkins","org.jenkins-ci.main:jenkins-core",2.165,2.172,HIGH,CWE-613 -CVE-2019-1003050,2022-05-13T01:01:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.164.2,MODERATE,CWE-79 -CVE-2019-1003050,2022-05-13T01:01:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.165,2.172,MODERATE,CWE-79 -CVE-2019-1003051,2022-05-13T01:17:48Z,"Jenkins IRC Plugin stores credentials in plain text","org.jvnet.hudson.plugins:ircbot",0,,LOW,CWE-311 -CVE-2019-1003052,2022-05-13T01:17:48Z,"Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text","org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin",0,,LOW,CWE-311 -CVE-2019-1003053,2022-05-13T01:17:45Z,"Jenkins HockeyApp Plugin stores credentials in plain text","org.jenkins-ci.plugins:hockeyapp",0,,HIGH,CWE-311 -CVE-2019-1003054,2022-05-13T01:17:44Z,"Jenkins Jira Issue Updater Plugin stores credentials in plain text","info.bluefloyd.jenkins:jenkins-jira-issue-updater",0,,MODERATE,CWE-311 -CVE-2019-1003055,2022-05-13T01:17:44Z,"Jenkins FTP publisher Plugin stores credentials in plain text","org.jvnet.hudson.plugins:ftppublisher",0,,LOW,CWE-311 -CVE-2019-1003056,2022-05-13T01:17:45Z,"Jenkins WebSphere Deployer Plugin stores credentials in plain text","org.jenkins-ci.plugins:websphere-deployer",0,,MODERATE,CWE-311 -CVE-2019-1003057,2022-05-13T01:17:45Z,"Jenkins Bitbucket Approve Plugin stores credentials in plain text","org.jenkins-ci.plugins:bitbucket-approve",0,,LOW,CWE-311 -CVE-2019-1003058,2022-05-13T01:25:43Z,"CSRF vulnerability in Jenkins FTP publisher Plugin","org.jvnet.hudson.plugins:ftppublisher",0,,MODERATE,CWE-352 -CVE-2019-1003059,2022-05-13T01:17:45Z,"Missing permission check in Jenkins FTP publisher Plugin","org.jvnet.hudson.plugins:ftppublisher",0,,MODERATE,CWE-862 -CVE-2019-1003060,2022-05-13T01:17:45Z,"Jenkins OWASP ZAP Plugin stores unencrypted credentials","org.jenkins-ci.plugins:zap",0,,LOW,CWE-311 -CVE-2019-1003061,2022-05-13T01:17:44Z,"Jenkins CloudFormation Plugin stores credentials in plain text","org.jenkins-ci.plugins:jenkins-cloudformation-plugin",0,,MODERATE,CWE-311 -CVE-2019-1003062,2022-05-13T01:17:43Z,"Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text","org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher",0,,LOW,CWE-311 -CVE-2019-1003063,2022-05-13T01:17:44Z,"Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text","org.jenkins-ci.plugins:snsnotify",0,2.37,LOW,CWE-311 -CVE-2019-1003064,2022-05-13T01:17:44Z,"Jenkins aws-device-farm Plugin stores credentials in plain text","org.jenkins-ci.plugins:aws-device-farm",0,1.26,LOW,CWE-311 -CVE-2019-1003065,2022-05-13T01:17:43Z,"Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text","org.jenkins-ci.plugins:cloudshare-docker",0,,LOW,CWE-311 -CVE-2019-1003066,2022-05-13T01:17:43Z,"Jenkins Bugzilla Plugin stores credentials in plain text","org.jvnet.hudson.plugins:bugzilla",0,,LOW,CWE-311 -CVE-2019-1003067,2022-05-13T01:17:44Z,"Jenkins Trac Publisher Plugin stores credentials in plain text","org.jenkins-ci.plugins:trac-publisher-plugin",0,,MODERATE,CWE-311 -CVE-2019-1003068,2022-05-13T01:17:44Z,"Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data","com.inkysea.vmware.vra:vmware-vrealize-automation-plugin",0,,MODERATE,CWE-311 -CVE-2019-1003069,2022-05-13T01:17:44Z,"Jenkins Aqua Security Scanner Plugin stores credentials in plain text","org.jenkins-ci.plugins:aqua-security-scanner",0,3.0.16,LOW,CWE-311 -CVE-2019-1003070,2022-05-13T01:17:44Z,"Jenkins veracode-scanner Plugin stores credentials in plain text","org.jenkins-ci.plugins:veracode-scanner",0,,LOW,CWE-311 -CVE-2019-1003071,2022-05-13T01:17:42Z,"Jenkins Octopus Deploy Plugin stores credentials in plain text","hudson.plugins.octopusdeploy:octopusdeploy",0,1.9.0,LOW,CWE-311 -CVE-2019-1003072,2022-05-13T01:17:42Z,"Jenkins wildFly Deployer Plugin stores credentials in plain text","org.jenkins-ci.plugins:wildfly-deployer",0,,MODERATE,CWE-311 -CVE-2019-1003073,2022-05-13T01:17:42Z,"Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text ","org.jenkins-ci.plugins:vsts-cd",0,,MODERATE,CWE-311 -CVE-2019-1003074,2022-05-13T01:17:42Z,"Jenkins hyper.sh Commons Plugin stores credentials in plain text","sh.hyper.plugins:hyper-commons",0,,LOW,CWE-311 -CVE-2019-1003075,2022-05-13T01:17:42Z,"Jenkins Audit to Database Plugin stores credentials in plain text ","org.jenkins-ci.plugins:audit2db",0,,LOW,CWE-311 -CVE-2019-1003076,2022-05-13T01:25:43Z,"CSRF vulnerability in Jenkins Audit to Database Plugin","org.jenkins-ci.plugins:audit2db",0,,MODERATE,CWE-352 -CVE-2019-1003077,2022-05-13T01:17:42Z,"Missing permission check in Jenkins Audit to Database Plugin","org.jenkins-ci.plugins:audit2db",0,,MODERATE,CWE-862 -CVE-2019-1003078,2022-05-13T01:25:43Z,"Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability","org.jenkins-ci.plugins:labmanager",0,,MODERATE,CWE-352 -CVE-2019-1003079,2022-05-13T01:25:16Z,"Missing permission check in Jenkins VMware Lab Manager Slaves Plugin","org.jenkins-ci.plugins:labmanager",0,,MODERATE,CWE-862 -CVE-2019-1003080,2022-05-13T01:25:43Z,"CSRF vulnerability in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-352 -CVE-2019-1003081,2022-05-13T01:25:16Z,"CSRF vulnerability in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-862 -CVE-2019-1003082,2022-05-13T01:25:42Z,"CSRF vulnerability in Jenkins Gearman Plugin","org.jenkins-ci.plugins:gearman-plugin",0,0.4.0,MODERATE,CWE-352 -CVE-2019-1003083,2022-05-13T01:25:16Z,"Missing permission check in Jenkins Gearman Plugin","org.jenkins-ci.plugins:gearman-plugin",0,0.4.0,MODERATE,CWE-862 -CVE-2019-1003084,2022-05-13T01:25:42Z,"CSRF vulnerability in Zephyr Enterprise Test Management Plugin","org.jenkins-ci.plugins:zephyr-enterprise-test-management",0,1.8,MODERATE,CWE-352 -CVE-2019-1003085,2022-05-13T01:25:16Z,"Jenkins Zephyr Enterprise Test Management Plugin missing permission check","org.jenkins-ci.plugins:zephyr-enterprise-test-management",0,1.8,MODERATE,CWE-862 -CVE-2019-1003086,2022-05-13T01:25:42Z,"CSRF vulnerability in Jenkins sinatra-chef-builder Plugin","org.jenkins-ci.plugins:sinatra-chef-builder",0,,MODERATE,CWE-352 -CVE-2019-1003087,2022-05-13T01:25:16Z,"Missing permission check in Jenkins sinatra-chef-builder Plugin","org.jenkins-ci.plugins:sinatra-chef-builder",0,,MODERATE,CWE-862 -CVE-2019-1003088,2022-05-13T01:17:42Z,"Jenkins Fabric-beta-publisher Plugin stores credentials in plain text","egor-n:fabric-beta-publisher",0,,MODERATE,CWE-311 -CVE-2019-1003089,2022-05-13T01:17:42Z,"Jenkins Upload to pgyer Plugin stores credentials in plain text ","ren.helloworld:upload-pgyer",0,1.33,MODERATE,CWE-311 -CVE-2019-1003090,2022-05-13T01:25:41Z,"CSRF vulnerability in Jenkins SOASTA CloudTest Plugin","com.soasta.jenkins:cloudtest",0,,MODERATE,CWE-352 -CVE-2019-1003091,2022-05-13T01:25:16Z,"Missing permission check in Jenkins SOASTA CloudTest Plugin","com.soasta.jenkins:cloudtest",0,,MODERATE,CWE-862 -CVE-2019-1003092,2022-05-13T01:25:41Z,"Cross-site request forgery vulnerability in Jenkins Nomad Plugin","org.jenkins-ci.plugins:nomad",0,0.5.1,MODERATE,CWE-352 -CVE-2019-1003093,2022-05-13T01:25:16Z,"Jenkins Nomad Plugin missing permission check","org.jenkins-ci.plugins:nomad",0,0.6.3,MODERATE,CWE-862 -CVE-2019-1003094,2022-05-13T01:17:42Z,"Jenkins Open STF Plugin stores credentials in plain text ","org.jenkins-ci.plugins:open-stf",0,,MODERATE,CWE-311 -CVE-2019-1003095,2022-05-13T01:17:42Z,"Jenkins Perfecto Mobile Plugin stores credentials in plain text","org.jenkins-ci.plugins:perfectomobile",0,,MODERATE,CWE-311 -CVE-2019-1003096,2022-05-13T01:25:15Z,"Jenkins TestFairy Plugin stores credentials in plain text","org.jenkins-ci.plugins:TestFairy",0,4.17.2,MODERATE,CWE-522 -CVE-2019-1003097,2022-05-13T01:25:16Z,"Jenkins Crowd Integration Plugin stores credentials in plain text","com.ds.tools.hudson:crowd",0,,MODERATE,CWE-522 -CVE-2019-1003098,2022-05-13T01:25:41Z,"Jenkins OpenID Plugin CSRF vulnerability","org.jenkins-ci.plugins:openid",0,2.4,MODERATE,CWE-352 -CVE-2019-1003099,2022-05-13T01:25:16Z,"Jenkins openid Plugin missing permission check","org.jenkins-ci.plugins:openid",0,2.4,MODERATE,CWE-862 -CVE-2019-10070,2020-01-08T17:26:53Z,"Stored XSS in Apache Atlas","org.apache.atlas:apache-atlas",0,0.8.4,MODERATE,CWE-79 -CVE-2019-10070,2020-01-08T17:26:53Z,"Stored XSS in Apache Atlas","org.apache.atlas:apache-atlas",1.0.0,1.2.0,MODERATE,CWE-79 -CVE-2019-10071,2019-09-26T21:30:34Z,"Timing attack on HMAC signature comparison in Apache Tapestry","org.apache.tapestry:tapestry-core",5.4,5.4.5,CRITICAL,CWE-203;CWE-697 -CVE-2019-10072,2019-06-26T01:09:40Z,"Improper Locking in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.41,HIGH,CWE-667 -CVE-2019-10072,2019-06-26T01:09:40Z,"Improper Locking in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.20,HIGH,CWE-667 -CVE-2019-10076,2019-06-06T15:29:22Z,"Cross-Site Scripting in JSPWiki","org.apache.jspwiki:jspwiki-main",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10076,2019-06-06T15:29:22Z,"Cross-Site Scripting in JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10077,2019-06-06T15:29:25Z,"Cross-site Scripting in JSPWiki","org.apache.jspwiki:jspwiki-main",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10077,2019-06-06T15:29:25Z,"Cross-site Scripting in JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10078,2019-06-06T15:29:29Z,"Cross-site Scriptin in JSPWiki","org.apache.jspwiki:jspwiki-main",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10078,2019-06-06T15:29:29Z,"Cross-site Scriptin in JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M4,MODERATE,CWE-79 -CVE-2019-10080,2019-12-02T18:17:36Z,"Apache NiFi information disclosure by XXE","org.apache.nifi:nifi-security",1.3.0,1.10.0,MODERATE,CWE-611 -CVE-2019-10080,2019-12-02T18:17:36Z,"Apache NiFi information disclosure by XXE",org.apache.nifi:nifi,1.3.0,1.10.0,MODERATE,CWE-611 -CVE-2019-10083,2019-12-02T18:18:37Z,"Apache NiFi process group information disclosure","org.apache.nifi:nifi-web-api",1.3.0,1.10.0,MODERATE,CWE-200 -CVE-2019-10083,2019-12-02T18:18:37Z,"Apache NiFi process group information disclosure",org.apache.nifi:nifi,1.3.0,1.10.0,MODERATE,CWE-200 -CVE-2019-10086,2020-06-15T20:36:17Z,"Insecure Deserialization in Apache Commons Beanutils","commons-beanutils:commons-beanutils",0,1.9.4,HIGH,CWE-502 -CVE-2019-10087,2019-10-11T18:41:50Z,"Cross-site scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-10088,2019-08-06T01:43:40Z,"Allocation of Resources Without Limits or Throttling in Apache Tika","org.apache.tika:tika-core",1.7,1.22,HIGH,CWE-770 -CVE-2019-10089,2019-10-11T18:41:54Z,"Cross-site scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-10090,2019-10-11T18:41:44Z,"Cross-site scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-10091,2022-02-10T20:51:04Z,"Apache Geode SSL endpoint verification vulnerability","org.apache.geode:geode-core",0,1.10.0,HIGH,CWE-295 -CVE-2019-10093,2019-08-06T01:43:38Z,"Allocation of Resources Without Limits or Throttling in Apache Tika","org.apache.tika:tika-parsers",1.19,1.22,MODERATE,CWE-770 -CVE-2019-10094,2019-08-06T01:43:35Z,"Allocation of Resources Without Limits or Throttling in Apache Tika","org.apache.tika:tika-core",1.7,1.22,HIGH,CWE-770 -CVE-2019-10095,2021-09-07T22:56:43Z,"Bash command injection in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.10.0,CRITICAL,CWE-77;CWE-78 -CVE-2019-10099,2019-08-08T15:18:22Z,"Sensitive data written to disk unencrypted in Spark","org.apache.spark:spark-core_2.11",0,2.3.3,HIGH,CWE-312 -CVE-2019-1010206,2022-05-24T22:00:16Z,"kevinsawicki/http-request Missing certificate validation","com.github.kevinsawicki:http-request",0,,MODERATE,CWE-295 -CVE-2019-1010260,2019-04-08T15:18:54Z,"High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core","com.github.shyiko.ktlint:ktlint-core",0,0.30.0,HIGH,CWE-319 -CVE-2019-10158,2020-01-21T21:18:44Z,"Improper implementation of the session fixation protection in Infinispan","org.infinispan:infinispan-core",0,9.4.15.Final,CRITICAL,CWE-384 -CVE-2019-10169,2022-05-24T22:28:29Z,"Keycloak code execution via UMA policy abuse","org.keycloak:keycloak-authz-client",0,8.0.0,HIGH,CWE-267 -CVE-2019-10170,2021-10-21T17:46:27Z,"Privilege Defined With Unsafe Actions in Keycloak","org.keycloak:keycloak-core",0,8.0.0,HIGH,CWE-267 -CVE-2019-10172,2020-02-04T22:39:19Z,"Improper Restriction of XML External Entity Reference in jackson-mapper-asl","org.codehaus.jackson:jackson-mapper-asl",0,,HIGH,CWE-611 -CVE-2019-10173,2019-07-26T16:09:47Z,"Deserialization of Untrusted Data and Code Injection in xstream","com.thoughtworks.xstream:xstream",0,1.4.11,CRITICAL,CWE-502;CWE-94 -CVE-2019-10174,2022-05-24T17:01:50Z,"Use of Externally-Controlled Input to Select Classes or Code in Infinispan","org.infinispan:infinispan-core",0,8.2.12.Final,HIGH,CWE-470 -CVE-2019-10174,2022-05-24T17:01:50Z,"Use of Externally-Controlled Input to Select Classes or Code in Infinispan","org.infinispan:infinispan-core",9.0.0.Final,9.4.17.Final,HIGH,CWE-470 -CVE-2019-10184,2019-08-01T19:18:16Z,"Undertow Missing Authorization when requesting a protected directory without trailing slash","io.undertow:undertow-servlet",0,2.0.23,HIGH,CWE-862 -CVE-2019-10199,2019-09-23T18:32:27Z,"Improper Input Validation and Cross-Site Request Forgery in Keycloak","org.keycloak:keycloak-core",0,7.0.0,HIGH,CWE-20;CWE-352 -CVE-2019-10201,2019-09-23T18:32:16Z,"Improper Verification of Cryptographic Signature in keycloak","org.keycloak:keycloak-core",0,7.0.0,MODERATE,CWE-347 -CVE-2019-10202,2022-05-24T16:57:28Z,"Deserialization of Untrusted Data in org.codehaus.jackson:jackson-mapper-asl","org.codehaus.jackson:jackson-mapper-asl",0,,CRITICAL,CWE-502 -CVE-2019-10212,2019-11-20T01:33:54Z,"Potential to access user credentials from the log files when debug logging enabled","io.undertow:undertow-core",0,2.0.20,CRITICAL,CWE-532 -CVE-2019-10219,2020-01-08T17:01:52Z,"The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks","org.hibernate.validator:hibernate-validator",6.1.0.Alpha1,6.1.0.Alpha6,MODERATE,CWE-79 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-autoconfigure",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-boot-starter",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-boot-starter-ddi-api",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-boot-starter-dmf-api",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-api",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-boot-starter-mgmt-ui",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-parent",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-starters",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-ui",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10240,2019-04-15T16:19:23Z,"Cleartext Transmission of Sensitive Information, Inclusion of Functionality from Untrusted Control Sphere , and Download of Code Without Integrity Check in Eclipse hawkBit ","org.eclipse.hawkbit:hawkbit-update-server",0,0.3.0M2,HIGH,CWE-319;CWE-494;CWE-829 -CVE-2019-10241,2019-04-23T16:06:02Z,"Cross-site Scripting in Eclipse Jetty","org.eclipse.jetty:jetty-server",0,9.2.27.v20190403,MODERATE,CWE-79 -CVE-2019-10241,2019-04-23T16:06:02Z,"Cross-site Scripting in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.3.0,9.3.26.v20190403,MODERATE,CWE-79 -CVE-2019-10241,2019-04-23T16:06:02Z,"Cross-site Scripting in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.4.0,9.4.16.v20190411,MODERATE,CWE-79 -CVE-2019-10246,2019-04-23T16:07:18Z,"Information Exposure vulnerability in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.2.0,9.2.28.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10246,2019-04-23T16:07:18Z,"Information Exposure vulnerability in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.3.0,9.3.27.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10246,2019-04-23T16:07:18Z,"Information Exposure vulnerability in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.4.0,9.4.17.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10247,2019-04-23T16:07:12Z,"Installation information leak in Eclipse Jetty","org.eclipse.jetty:jetty-server",7.0.0,9.2.28.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10247,2019-04-23T16:07:12Z,"Installation information leak in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.3.0,9.3.27.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10247,2019-04-23T16:07:12Z,"Installation information leak in Eclipse Jetty","org.eclipse.jetty:jetty-server",9.4.0,9.4.17.v20190418,MODERATE,CWE-200;CWE-213 -CVE-2019-10248,2022-05-24T16:44:08Z,"Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS","org.eclipse.vorto:org.eclipse.vorto.core",0,0.11.0,HIGH,CWE-494;CWE-669;CWE-829 -CVE-2019-10249,2022-05-24T16:45:13Z,"Potentially compromised builds ","org.eclipse.xtend:org.eclipse.xtend.core",0,2.18.0,HIGH,CWE-319 -CVE-2019-10249,2022-05-24T16:45:13Z,"Potentially compromised builds ","org.eclipse.xtext:org.eclipse.xtext",0,2.18.0,HIGH,CWE-319 -CVE-2019-10277,2022-05-13T01:15:02Z,"Jenkins StarTeam Plugin stores credentials in plain text ",hudson.plugins:starteam,0,,HIGH,CWE-522 -CVE-2019-10278,2022-05-13T01:31:33Z,"CSRF vulnerability in jenkins-reviewbot Plugin","org.jenkins-ci.plugins:jenkins-reviewbot",0,,MODERATE,CWE-352 -CVE-2019-10279,2022-05-13T01:15:04Z,"Missing permission check in Jenkins jenkins-reviewbot Plugin","org.jenkins-ci.plugins:jenkins-reviewbot",0,,MODERATE,CWE-862 -CVE-2019-10280,2022-05-13T01:15:01Z,"Jenkins Assembla Auth Plugin stores credentials in plain text ","org.jenkins-ci.plugins:assembla-auth",0,1.13,HIGH,CWE-522 -CVE-2019-10281,2022-05-13T01:15:02Z,"Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text","org.jenkins-ci.plugins:relution-publisher",0,,LOW,CWE-522 -CVE-2019-10282,2022-05-13T01:15:02Z,"Jenkins Klaros-Testmanagement Plugin stores credentials in plain text","hudson.plugins.klaros:klaros-testmanagement",0,2.1.0,MODERATE,CWE-522 -CVE-2019-10283,2022-05-13T01:15:05Z,"Jenkins mabl Plugin stores credentials in plain text","com.mabl.integration.jenkins:mabl-integration",0,0.0.13,MODERATE,CWE-522 -CVE-2019-10284,2022-05-13T01:15:05Z,"Jenkins Diawi Upload Plugin stores credentials in plain text ","org.jenkins-ci.plugins:diawi-upload",0,,MODERATE,CWE-522 -CVE-2019-10285,2022-05-13T01:15:04Z,"Jenkins Minio Storage Plugin stores credentials in plain text","org.jenkins-ci.plugins:minio-storage",0,,LOW,CWE-522 -CVE-2019-10286,2022-05-13T01:15:05Z,"Jenkins DeployHub Plugin stores credentials in plain text",com.openmake:deployhub,0,8.0.14,MODERATE,CWE-522 -CVE-2019-10287,2022-05-13T01:15:06Z,"Jenkins youtrack-plugin Plugin stored credentials in plain text","org.jenkins-ci.plugins:youtrack-plugin",0,0.7.2,LOW,CWE-522 -CVE-2019-10288,2022-05-13T01:15:06Z,"Jenkins Jabber Server Plugin stores credentials in plain text","de.e-nexus:jabber-server-plugin",0,,LOW,CWE-522 -CVE-2019-10289,2022-05-13T01:31:33Z,"CSRF vulnerability in Jenkins Netsparker Enterprise Scan Plugin","org.jenkins-ci.plugins:netsparker-cloud-scan",0,1.1.6,MODERATE,CWE-352 -CVE-2019-10290,2022-05-13T01:15:02Z,"Missing permission check in Jenkins Netsparker Cloud Scan Plugin","org.jenkins-ci.plugins:netsparker-cloud-scan",0,1.1.6,MODERATE,CWE-862 -CVE-2019-10291,2022-05-13T01:15:03Z,"Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text","org.jenkins-ci.plugins:netsparker-cloud-scan",0,1.1.6,LOW,CWE-522 -CVE-2019-10295,2022-05-13T01:15:02Z,"Jenkins crittercism-dsym Plugin stores API key in plain text","org.jenkins-ci.plugins:crittercism-dsym",0,,MODERATE,CWE-522 -CVE-2019-10296,2022-05-13T01:15:02Z,"Jenkins Serena SRA Deploy Plugin stores credentials in plain text","com.urbancode.ds.jenkins.plugins:sra-deploy",0,,LOW,CWE-522 -CVE-2019-10297,2022-05-13T01:15:03Z,"Jenkins Sametime Plugin stores credentials in plain text","org.jenkins-ci.plugins:sametime",0,,LOW,CWE-522 -CVE-2019-10298,2022-05-13T01:15:03Z,"Jenkins Koji Plugin stores credentials in plain text","org.jenkins-ci.plugins:koji",0,,LOW,CWE-522 -CVE-2019-10299,2022-05-13T01:15:03Z,"Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text","com.cloudcoreo.plugins:cloudcoreo-deploytime",0,,LOW,CWE-522 -CVE-2019-10300,2022-05-24T16:43:53Z,"Jenkins GitLab Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:gitlab-plugin",0,1.5.12,HIGH,CWE-352 -CVE-2019-10301,2022-05-24T16:43:53Z,"Jenkins GitLab Plugin missing permission checks","org.jenkins-ci.plugins:gitlab-plugin",0,1.5.12,HIGH,CWE-862 -CVE-2019-10302,2022-05-24T16:43:53Z,"Jenkins jira-ext Plugin stores credentials unencrypted","org.jenkins-ci.plugins:jira-ext",0,0.9,HIGH,CWE-256;CWE-522 -CVE-2019-10303,2022-05-24T16:43:53Z,"Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text","org.jenkins-ci.plugins:azure-publishersettings-credentials",0,1.5,LOW,CWE-522 -CVE-2019-10304,2022-05-24T16:43:53Z,"Jenkins XebiaLabs XL Deploy Plugin vulnerable to Cross-site request forgery (CSRF)","com.xebialabs.deployit.ci:deployit-plugin",0,7.5.5,MODERATE,CWE-352 -CVE-2019-10305,2022-05-24T16:43:53Z,"Missing permission check in Jenkins XebiaLabs XL Deploy Plugin","com.xebialabs.deployit.ci:deployit-plugin",0,7.5.5,MODERATE,CWE-862 -CVE-2019-10306,2022-05-24T16:43:54Z,"Sandbox bypass in ontrack Jenkins Plugin","org.jenkins-ci.plugins:ontrack",0,3.4.1,CRITICAL,CWE-863 -CVE-2019-10307,2022-05-24T16:44:54Z,"Jenkins Static Analysis Utilities Plugin is vulnerable to Cross-site request forgery vulnerability","org.jvnet.hudson.plugins:analysis-core",0,1.96,MODERATE,CWE-352 -CVE-2019-10308,2022-05-24T16:44:55Z,"Missing permission check in Jenkins Static Analysis Utilities Plugin","org.jvnet.hudson.plugins:analysis-core",0,1.96,MODERATE,CWE-862 -CVE-2019-10309,2022-05-24T16:44:54Z,"Jenkins Self-Organizing Swarm Plug-in Modules Plugin XXE vulnerability via UDP broadcast response","org.jenkins-ci.plugins:swarm",0,,MODERATE,CWE-611 -CVE-2019-10310,2022-05-24T16:44:55Z,"Jenkins Ansible Tower Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:ansible-tower",0,0.9.2,MODERATE,CWE-352 -CVE-2019-10311,2022-05-24T16:44:55Z,"Jenkins Ansible Tower Plugin missing permission check","org.jenkins-ci.plugins:ansible-tower",0,0.9.2,HIGH,CWE-862 -CVE-2019-10312,2022-05-24T16:44:55Z,"Missing permission check in Jenkins Ansible Tower Plugin","org.jenkins-ci.plugins:ansible-tower",0,0.9.2,MODERATE,CWE-862 -CVE-2019-10313,2022-05-24T16:44:55Z,"Jenkins Twitter Plugin stores credentials in plain text ","org.jenkins-ci.plugins:twitter",0,,LOW,CWE-522 -CVE-2019-10314,2022-05-24T16:44:55Z,"Jenkins Koji Plugin globally and unconditionally disables SSL/TLS certificate validation","org.jenkins-ci.plugins:koji",0,,MODERATE,CWE-295 -CVE-2019-10315,2022-05-24T16:44:55Z,"Jenkins GitHub Authentication Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:github-oauth",0,0.32,MODERATE,CWE-352 -CVE-2019-10316,2022-05-24T16:44:55Z,"Jenkins Aqua MicroScanner Plugin stored credentials in plain text ","org.jenkins-ci.plugins:aqua-microscanner",0,1.0.6,LOW,CWE-522 -CVE-2019-10317,2022-05-24T16:44:55Z,"Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation ","org.jvnet.hudson.plugins:sitemonitor",0,0.6,MODERATE,CWE-295 -CVE-2019-10318,2022-05-24T16:44:56Z,"Jenkins Azure AD Plugin stored the client secret unencrypted","org.jenkins-ci.plugins:azure-ad",0,0.3.4,LOW,CWE-522 -CVE-2019-10320,2022-05-24T16:46:09Z,"Insertion of Sensitive Information into Externally-Accessible File or Directory in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",0,2.1.19,MODERATE,CWE-200;CWE-538 -CVE-2019-10321,2022-05-24T22:00:02Z,"Jenkins Artifactory Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:artifactory",0,,MODERATE,CWE-352 -CVE-2019-10322,2022-05-24T22:00:02Z,"Jenkins Artifactory Plugin missing permission check","org.jenkins-ci.plugins:artifactory",0,,MODERATE,CWE-862 -CVE-2019-10323,2022-05-24T22:00:02Z,"Jenkins Artifactory Plugin missing permission check","org.jenkins-ci.plugins:artifactory",0,,MODERATE,CWE-862 -CVE-2019-10324,2022-05-24T22:00:03Z,"Cross-site request forgery vulnerability in Jenkins Artifactory Plugin","org.jenkins-ci.plugins:artifactory",0,3.2.3,MODERATE,CWE-352 -CVE-2019-10325,2022-05-24T22:00:03Z,"Jenkins Warnings NG Plugin Cross-site scripting vulnerability","io.jenkins.plugins:warnings-ng",0,5.1.0,MODERATE,CWE-79 -CVE-2019-10326,2022-05-24T22:00:03Z,"Jenkins Warnings NG Plugin cross-site request forgery vulnerability","io.jenkins.plugins:warnings-ng",0,5.1.0,MODERATE,CWE-352 -CVE-2019-10327,2022-05-24T22:00:03Z,"XML External Entity processing vulnerability in Pipeline Maven Integration Jenkins Plugin","org.jenkins-ci.plugins:pipeline-maven",0,3.7.1,HIGH,CWE-611 -CVE-2019-10328,2022-05-24T22:00:03Z,"Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin","org.jenkins-ci.plugins:workflow-remote-loader",0,1.5,CRITICAL,CWE-183;CWE-693 -CVE-2019-10329,2022-05-24T22:00:03Z,"Plaintext password storage in Jenkins InfluxDB Plugin","org.jenkins-ci.plugins:influxdb",0,1.22,HIGH,CWE-256;CWE-522 -CVE-2019-10330,2022-05-24T22:00:03Z,"Improper handling of untrusted branches in Gitea Jenkins Plugin","org.jenkins-ci.plugins:gitea",0,1.1.2,HIGH,CWE-693;CWE-862 -CVE-2019-10331,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-352 -CVE-2019-10332,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin missing permission check","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-862 -CVE-2019-10333,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin Missing permission checks","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-862 -CVE-2019-10334,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin globally and unconditionally disabled SSL/TLS certificate validation","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-295 -CVE-2019-10335,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin is vulnerable to stored cross site scripting vulnerability","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-79 -CVE-2019-10336,2022-05-24T16:47:43Z,"Jenkins ElectricFlow Plugin is vulnerable to reflected cross site scripting vulnerability","org.jenkins-ci.plugins:electricflow",0,1.1.7,MODERATE,CWE-79 -CVE-2019-10337,2022-05-24T16:47:43Z,"Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin","org.jenkins-ci.plugins:token-macro",0,2.8,HIGH,CWE-611 -CVE-2019-10338,2022-05-24T16:47:43Z,"Jenkins JX Resources Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:jx-resources",0,1.0.37,MODERATE,CWE-352 -CVE-2019-10339,2022-05-24T16:47:43Z,"Jenkins JX Resources Plugin missing permission check ","org.jenkins-ci.plugins:jx-resources",0,1.0.37,MODERATE,CWE-862 -CVE-2019-10340,2022-05-24T16:50:03Z,"Jenkins Docker Plugin contains Cross-Site Request Forgery","io.jenkins.docker:docker-plugin",0,1.1.7,HIGH,CWE-352 -CVE-2019-10341,2022-05-24T16:50:03Z,"Missing permission check in Jenkins Docker Plugin","io.jenkins.docker:docker-plugin",0,1.1.7,MODERATE,CWE-862 -CVE-2019-10342,2022-05-24T16:50:04Z,"Missing permission check in Jenkins Docker Plugin","io.jenkins.docker:docker-plugin",0,1.1.7,MODERATE,CWE-862 -CVE-2019-10343,2022-05-24T16:51:50Z,"Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.25,MODERATE,CWE-532 -CVE-2019-10344,2022-05-24T16:51:50Z,"Missing Authorization in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.25,MODERATE,CWE-285;CWE-862 -CVE-2019-10345,2022-05-24T16:51:50Z,"Plaintext Storage of a Password in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.25,MODERATE,CWE-256;CWE-522;CWE-532 -CVE-2019-10346,2022-05-24T16:50:03Z,"Jenkins Embeddable Build Status Plugin contains Cross-site Scripting","io.jenkins.plugins:embeddable-build-status-plugin",0,2.0.2,MODERATE,CWE-79 -CVE-2019-10347,2022-05-24T16:50:03Z,"Stored credentials unencrypted in Jenkins Mashup Portlets Plugin","javagh.jenkins:mashup-portlets-plugin",0,1.1.0,HIGH,CWE-522 -CVE-2019-10348,2022-05-24T16:50:04Z,"Jenkins Gogs Plugin stored credentials in plain text","org.jenkins-ci.plugins:gogs-webhook",0,1.0.15,MODERATE,CWE-312 -CVE-2019-10349,2022-05-24T16:50:04Z,"Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting","org.jenkins-ci.plugins:depgraph-view",0,0.14,MODERATE,CWE-79 -CVE-2019-10350,2022-05-24T16:50:04Z,"Jenkins Port Allocator Plugin stores credentials in plain text","org.jenkins-ci.plugins:port-allocator",0,,MODERATE,CWE-312 -CVE-2019-10351,2022-05-24T16:50:05Z,"Jenkins Caliper CI Plugin stores credentials in plain text","com.brianfromoregon:caliper-ci",0,,MODERATE,CWE-312 -CVE-2019-10352,2022-05-24T16:50:30Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.2,MODERATE,CWE-22 -CVE-2019-10352,2022-05-24T16:50:30Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.186,MODERATE,CWE-22 -CVE-2019-10353,2022-05-24T16:50:30Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.2,HIGH,CWE-352 -CVE-2019-10353,2022-05-24T16:50:30Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.186,HIGH,CWE-352 -CVE-2019-10354,2022-05-24T16:50:30Z,"Missing Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.2,MODERATE,CWE-425;CWE-862 -CVE-2019-10354,2022-05-24T16:50:30Z,"Missing Authorization in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.186,MODERATE,CWE-425;CWE-862 -CVE-2019-10354,2022-05-24T16:50:30Z,"Missing Authorization in Jenkins","org.kohsuke.stapler:stapler-parent",0,1.257.1,MODERATE,CWE-425;CWE-862 -CVE-2019-10355,2022-05-24T16:51:50Z,"Incorrect Privilege Assignment in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.62,HIGH,CWE-266;CWE-704 -CVE-2019-10356,2022-05-24T16:51:50Z,"Return of Pointer Value Outside of Expected Rang in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.62,HIGH,CWE-466 -CVE-2019-10357,2022-05-24T16:51:50Z,"Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,2.15,MODERATE,CWE-285;CWE-862 -CVE-2019-10358,2022-05-24T16:51:50Z,"Maven Integration Plugin did not mask sensitive values in module build logs","org.jenkins-ci.main:maven-plugin",0,3.4,MODERATE,CWE-532 -CVE-2019-10359,2022-05-24T16:51:50Z,"Jenkins Maven Release Plugin contains Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins.m2release:m2release",0,0.15.0,MODERATE,CWE-352 -CVE-2019-10360,2022-05-24T16:51:51Z,"Jenkins Maven Release Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins.m2release:m2release",0,0.15.0,MODERATE,CWE-79 -CVE-2019-10361,2022-05-24T16:51:51Z,"Jenkins Maven Release Plug-in Plugin stored credentials in plain text","org.jenkins-ci.plugins.m2release:m2release",0,0.15.0,LOW,CWE-522 -CVE-2019-10362,2022-05-24T16:51:51Z,"Improper Encoding or Escaping of Output in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.25,MODERATE,CWE-116 -CVE-2019-10363,2022-05-24T16:51:51Z,"Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.25,MODERATE,CWE-311;CWE-319 -CVE-2019-10364,2022-05-24T16:51:51Z,"Jenkins Amazon EC2 Plugin leaked beginning of private key in system log","org.jenkins-ci.plugins:ec2",0,1.44,MODERATE,CWE-532 -CVE-2019-10365,2022-05-24T16:51:51Z,"Jenkins Google Kubernetes Engine Plugin vulnerable to Exposure of Resource to Wrong Sphere","org.jenkins-ci.plugins:google-kubernetes-engine",0,0.6.3,MODERATE,CWE-668 -CVE-2019-10366,2022-05-24T16:51:52Z,"Skytap Cloud CI Plugin stored credentials in plain text ","org.jenkins-ci.plugins:skytap",0,2.07,MODERATE,CWE-522 -CVE-2019-10367,2022-05-24T16:52:44Z,"Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.27,MODERATE,CWE-532 -CVE-2019-10368,2022-05-24T16:52:45Z,"Jenkins JClouds Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:jclouds-jenkins",0,2.15,MODERATE,CWE-352 -CVE-2019-10369,2022-05-24T16:52:45Z,"Jenkins JClouds Plugin missing permission check","org.jenkins-ci.plugins:jclouds-jenkins",0,2.15,MODERATE,CWE-862 -CVE-2019-10370,2022-05-24T16:52:45Z,"Insertion of Sensitive Information into Log File in Jenkins Mask Passwords Plugin","org.jenkins-ci.plugins:mask-passwords",0,2.13.0,MODERATE,CWE-319;CWE-532 -CVE-2019-10371,2022-05-24T16:52:45Z,"Jenkins Gitlab Authentication Plugin vulnerable to Session Fixation","org.jenkins-ci.plugins:gitlab-oauth",0,1.5,HIGH,CWE-384 -CVE-2019-10372,2022-05-24T16:52:45Z,"Jenkins Gitlab Authentication Plugin Open Redirect vulnerability","org.jenkins-ci.plugins:gitlab-oauth",0,1.5,MODERATE,CWE-601 -CVE-2019-10373,2022-05-24T16:52:46Z,"Jenkins Build Pipeline Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins:build-pipeline-plugin",0,,MODERATE,CWE-79 -CVE-2019-10374,2022-05-24T16:52:45Z,"Jenkins PegDown Formatter Plugin has Cross-site Scripting vulnerability","org.jenkins-ci.plugins:pegdown-formatter",0,,MODERATE,CWE-79 -CVE-2019-10375,2022-05-24T16:52:45Z,"Arbitrary file read vulnerability in Jenkins File System SCM Plugin","hudson.plugins.filesystem_scm:filesystem_scm",0,,MODERATE,CWE-22 -CVE-2019-10376,2022-05-24T16:52:45Z,"Jenkins Wall Display Plugin Cross-site Scripting vulnerability","org.jenkins-ci.plugins:jenkinswalldisplay",0,,MODERATE,CWE-79 -CVE-2019-10377,2022-05-24T16:52:45Z,"Missing permission check in Jenkins Avatar Plugin","net.hurstfrost.jenkins:avatar",0,,MODERATE,CWE-862 -CVE-2019-10378,2022-05-24T16:52:46Z,"Jenkins TestLink Plugin stores credentials in plain text","org.jenkins-ci.plugins:testlink",0,,LOW,CWE-522 -CVE-2019-10379,2022-05-24T16:52:46Z,"Jenkins Google Cloud Messaging Notification Plugin stores credentials in plain text ","org.jenkins-ci.plugins:gcm-notification",0,,MODERATE,CWE-522 -CVE-2019-10380,2022-05-24T16:52:46Z,"Jenkins Simple Travis Pipeline Runner Plugin script sandbox bypass vulnerability","org.jenkins-ci.plugins:simple-travis-runner",0,,HIGH, -CVE-2019-10381,2022-05-24T16:52:45Z,"Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability","org.jenkins-ci.plugins:codefresh",0,,MODERATE,CWE-295 -CVE-2019-10382,2022-05-24T16:52:46Z,"Jenkins VMware Lab Manager Slaves Plugin vulnerable to Improper Certificate Validation","org.jenkins-ci.plugins:labmanager",0,,MODERATE,CWE-295 -CVE-2019-10383,2022-05-24T16:55:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.3,MODERATE,CWE-79 -CVE-2019-10383,2022-05-24T16:55:01Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.192,MODERATE,CWE-79 -CVE-2019-10384,2022-05-24T16:55:01Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.3,HIGH,CWE-352 -CVE-2019-10384,2022-05-24T16:55:01Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.192,HIGH,CWE-352 -CVE-2019-10385,2022-05-24T16:52:46Z,"Jenkins eggplant-plugin Plugin stores credentials in plain text ","org.jenkins-ci.plugins:eggplant-plugin",0,,MODERATE,CWE-522 -CVE-2019-10386,2022-05-24T16:52:46Z,"Cross-site request forgery vulnerability in Jenkins XL TestView Plugin","com.xebialabs.xlt.ci:xltestview-plugin",0,,HIGH,CWE-352 -CVE-2019-10387,2022-05-24T16:52:46Z,"Missing permission check in Jenkins XL TestView Plugin","com.xebialabs.xlt.ci:xltestview-plugin",0,,MODERATE,CWE-862 -CVE-2019-10388,2022-05-24T16:52:47Z,"Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery ","org.jenkins-ci.plugins:relution-publisher",0,,MODERATE,CWE-352 -CVE-2019-10389,2022-05-24T16:52:46Z,"Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin ","org.jenkins-ci.plugins:relution-publisher",0,,MODERATE,CWE-862 -CVE-2019-10390,2022-05-24T16:55:01Z,"Jenkins Splunk Plugin Sandbox Bypass","com.splunk.splunkins:splunk-devops",0,1.8.0,HIGH, -CVE-2019-10391,2022-05-24T16:55:01Z,"Jenkins IBM AppScan Plugin showed plain text password in job configuration form fields ","com.hcl.security:ibm-application-security",0,1.2.5,MODERATE,CWE-319 -CVE-2019-10392,2022-05-24T16:55:58Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin","org.jenkins-ci.plugins:git-client",0,2.8.5,HIGH,CWE-78 -CVE-2019-10393,2022-05-24T16:55:58Z,"Sandbox bypass vulnerability in Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.63,MODERATE, -CVE-2019-10394,2022-05-24T16:55:59Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.63,MODERATE, -CVE-2019-10395,2022-05-24T16:55:59Z,"Jenkins Build Environment Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins:build-environment",0,1.7,MODERATE,CWE-79 -CVE-2019-10396,2022-05-24T16:55:59Z,"Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins:dashboard-view",0,2.12,MODERATE,CWE-79 -CVE-2019-10397,2022-05-24T16:55:59Z,"Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields ","org.jenkins-ci.plugins:aqua-serverless",0,1.0.5,LOW,CWE-319 -CVE-2019-10398,2022-05-24T16:55:59Z,"Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:beaker-builder",0,1.10,LOW,CWE-522 -CVE-2019-10399,2022-05-24T16:55:59Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.63,MODERATE, -CVE-2019-10400,2022-05-24T16:55:59Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.63,MODERATE, -CVE-2019-10401,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-79 -CVE-2019-10401,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-79 -CVE-2019-10402,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-79 -CVE-2019-10402,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-79 -CVE-2019-10403,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-79 -CVE-2019-10403,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-79 -CVE-2019-10404,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-79 -CVE-2019-10404,2022-05-24T22:00:43Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-79 -CVE-2019-10405,2022-05-24T22:00:43Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-200;CWE-79 -CVE-2019-10405,2022-05-24T22:00:43Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-200;CWE-79 -CVE-2019-10406,2022-05-24T22:00:44Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.176.4,MODERATE,CWE-79 -CVE-2019-10406,2022-05-24T22:00:44Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.177,2.197,MODERATE,CWE-79 -CVE-2019-10407,2022-05-24T22:00:44Z,"Project Inheritance Plugin showed secret environment variables defined in Mask Passwords Plugin ","hudson.plugins:project-inheritance",0,19.08.02,MODERATE,CWE-200 -CVE-2019-10408,2022-05-24T16:56:45Z,"Jenkins Project Inheritance Plugin vulnerable to Cross-Site Request Forgery","hudson.plugins:project-inheritance",0,19.08.2,MODERATE,CWE-352 -CVE-2019-10409,2022-05-24T16:56:45Z,"Missing permission check in Jenkins Project Inheritance Plugin","hudson.plugins:project-inheritance",0,19.08.02,MODERATE,CWE-862 -CVE-2019-10410,2022-05-24T16:56:45Z,"Jenkins Log Parser Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins:log-parser",0,2.1,MODERATE,CWE-79 -CVE-2019-10411,2022-05-24T16:56:45Z,"Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form","com.inedo.proget:inedo-proget",0,2.5.0,LOW,CWE-319 -CVE-2019-10412,2022-05-24T16:56:45Z,"Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information","com.inedo.proget:inedo-proget",0,1.3,LOW,CWE-319 -CVE-2019-10413,2022-05-24T16:56:45Z,"Jenkins Data Theorem Mobile Security: CI/CD Plugin has Insufficiently Protected Credentials","com.datatheorem.mobileappsecurity.jenkins.plugin:datatheorem-mobile-app-security",0,1.4.0,MODERATE,CWE-522 -CVE-2019-10414,2022-05-24T16:56:46Z,"Jenkins Git Changelog Plugin has Insufficiently Protected Credentials","de.wellnerbou.jenkins:git-changelog",0,2.18,MODERATE,CWE-522 -CVE-2019-10415,2022-05-24T16:56:46Z,"Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:violation-comments-to-gitlab",0,2.29,MODERATE,CWE-522 -CVE-2019-10416,2022-05-24T16:56:46Z,"Violation Comments to GitLab Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:violation-comments-to-gitlab",0,2.29,MODERATE,CWE-522 -CVE-2019-10417,2022-05-24T16:56:46Z,"Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin","io.fabric8.pipeline:kubernetes-pipeline-steps",0,,CRITICAL,CWE-183;CWE-863 -CVE-2019-10418,2022-05-24T16:56:46Z,"Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin","io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps",0,,CRITICAL,CWE-863 -CVE-2019-10419,2022-05-24T16:56:46Z,"Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials","org.jenkins-ci.plugins:application-director-plugin",0,,LOW,CWE-522 -CVE-2019-10420,2022-05-24T16:56:46Z,"Jenkins Assembla Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:assembla",0,,LOW,CWE-522 -CVE-2019-10421,2022-05-24T16:56:46Z,"Jenkins Azure Event Grid Build Notifier Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:azure-event-grid-notifier",0,,MODERATE,CWE-522 -CVE-2019-10422,2022-05-24T16:56:46Z,"Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials","org.ukiuni.callOtherJenkins:call-remote-job-plugin",0,,MODERATE,CWE-522 -CVE-2019-10423,2022-05-24T16:56:46Z,"Jenkins CodeScan Plugin has Insufficiently Protected Credentials","com.villagechief.codescan.jenkins:codescan",0,,LOW,CWE-522 -CVE-2019-10424,2022-05-24T16:56:47Z,"Jenkins elOyente Plugin has Insufficiently Protected Credentials",com.technicolor:elOyente,0,,LOW,CWE-522 -CVE-2019-10425,2022-05-24T16:56:47Z,"Jenkins Google Calendar Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:gcal",0,,MODERATE,CWE-522 -CVE-2019-10426,2022-05-24T22:00:44Z,"Jenkins Gem Publisher Plugin stores credentials as plaintext","net.arangamani.jenkins:gem-publisher",0,,MODERATE,CWE-256;CWE-522 -CVE-2019-10427,2022-05-24T22:00:44Z,"Jenkins Aqua MicroScanner Plugin showed plain text credential in configuration form ","org.jenkins-ci.plugins:aqua-microscanner",0,1.0.8,MODERATE,CWE-319 -CVE-2019-10428,2022-05-24T22:00:44Z,"Jenkins Aqua Security Scanner Plugin showed plain text password in configuration form ","org.jenkins-ci.plugins:aqua-security-scanner",0,3.0.18,HIGH,CWE-319 -CVE-2019-10429,2022-05-24T22:00:44Z,"Jenkins GitLab Logo Plugin stores credentials unencrypted","org.jenkins-ci.plugins:gitlab-logo",0,1.0.4,MODERATE,CWE-522 -CVE-2019-10430,2022-05-24T22:00:44Z,"Jenkins NeuVector Vulnerability Scanner Plugin stored credentials in plain text ","io.jenkins.plugins:neuvector-vulnerability-scanner",0,1.6,MODERATE,CWE-312 -CVE-2019-10431,2022-05-24T16:57:28Z,"Improper Control of Generation of Code in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.65,CRITICAL,CWE-94 -CVE-2019-10432,2022-05-24T16:57:28Z,"Jenkins HTML Publisher Plugin vulnerable to Cross-site Scripting","org.jenkins-ci.plugins:htmlpublisher",0,1.21,MODERATE,CWE-79 -CVE-2019-10433,2022-05-24T16:57:28Z,"DingTalk Plugin stores credentials in plain text","io.jenkins.plugins:dingding-notifications",0,2.0.0,LOW,CWE-256;CWE-312 -CVE-2019-10434,2022-05-24T16:57:28Z,"Jenkins LDAP Email Plugin shows plain text password in configuration form ","com.mtvi.plateng.hudson:ldapemail",0,,LOW,CWE-256 -CVE-2019-10435,2022-05-24T16:57:28Z,"Jenkins SourceGear Vault plugin transmits credentials in plain text","org.jenkins-ci.plugins:vault-scm-plugin",0,,HIGH,CWE-319 -CVE-2019-10436,2022-05-24T16:58:49Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin","org.jenkins-ci.plugins:google-oauth-plugin",0,0.10,MODERATE,CWE-22 -CVE-2019-10437,2022-05-24T16:58:48Z,"Jenkins CRX Content Package Deployer Plugin subject to Cross-Site Request Forgery","org.jenkins-ci.plugins:crx-content-package-deployer",0,1.9,HIGH,CWE-352 -CVE-2019-10438,2022-05-24T16:58:48Z,"Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization","org.jenkins-ci.plugins:crx-content-package-deployer",0,1.9,MODERATE,CWE-285;CWE-862 -CVE-2019-10439,2022-05-24T16:58:49Z,"Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization","org.jenkins-ci.plugins:crx-content-package-deployer",0,1.9,MODERATE,CWE-285;CWE-862 -CVE-2019-10440,2022-05-24T16:58:49Z,"Jenkins NeoLoad Plugin stores credentials in cleartext","org.jenkins-ci.plugins:neoload-jenkins-plugin",0,2.2.6,HIGH,CWE-312 -CVE-2019-10441,2022-05-24T16:58:49Z,"Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery","org.jenkins-ci.plugins:icescrum",0,1.1.6,MODERATE,CWE-352 -CVE-2019-10442,2022-05-24T16:58:49Z,"Jenkins iceScrum Plugin vulnerable to Missing Authorization","org.jenkins-ci.plugins:icescrum",0,1.1.6,MODERATE,CWE-862 -CVE-2019-10443,2022-05-24T16:58:49Z,"Jenkins iceScrum Plugin stores credentials in Cleartext","org.jenkins-ci.plugins:icescrum",0,1.1.5,HIGH,CWE-312 -CVE-2019-10444,2022-05-24T16:58:49Z,"Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation","org.jenkins-ci.plugins:bumblebee",0,4.1.4,MODERATE,CWE-295 -CVE-2019-10445,2022-05-24T16:58:49Z,"Missing permission checks in Google Kubernetes Engine Jenkins Plugin","org.jenkins-ci.plugins:google-kubernetes-engine",0,0.7.1,MODERATE,CWE-862 -CVE-2019-10446,2022-05-24T16:58:49Z,"Jenkins Cadence vManager Plugin disables SSL/TLS and hostname verification ","org.jenkins-ci.plugins:vmanager-plugin",0,2.7.1,HIGH,CWE-295 -CVE-2019-10447,2022-05-24T16:58:49Z,"Jenkins Sofy.AI Plugin stores API token in plain text ","io.jenkins.plugins:sofy-ai",0,,MODERATE,CWE-312 -CVE-2019-10449,2022-05-24T16:58:50Z,"Jenkins Fortify on Demand Plugin stores credentials in plain text","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,5.0.0,MODERATE,CWE-312 -CVE-2019-10450,2022-05-24T16:58:50Z,"Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin","com.elasticbox.jenkins-ci.plugins:elasticbox",0,,LOW,CWE-312 -CVE-2019-10451,2022-05-24T16:58:50Z,"Jenkins SOASTA CloudTest Plugin stores API token in plain text","com.soasta.jenkins:cloudtest",0,,MODERATE,CWE-312 -CVE-2019-10452,2022-05-24T16:58:50Z,"Jenkins View26 Test-Reporting Plugin stores access token in plain text","org.jenkins-ci.plugins:view26",0,,MODERATE,CWE-312 -CVE-2019-10453,2022-05-24T16:58:50Z,"Jenkins Delphix Plugin vulnerable to Cleartext credential storage","org.jenkins-ci.plugins:delphix",0,,HIGH,CWE-312 -CVE-2019-10454,2022-05-24T16:58:50Z,"Jenkins Rundeck Plugin CSRF vulnerability","org.jenkins-ci.plugins:rundeck",0,3.6.6,MODERATE,CWE-352 -CVE-2019-10455,2022-05-24T16:58:50Z,"Missing permission check in Jenkins Rundeck Plugin","org.jenkins-ci.plugins:rundeck",0,3.6.6,MODERATE,CWE-862 -CVE-2019-10456,2022-05-24T16:58:50Z,"Jenkins Oracle Cloud Infrastructure Compute Classic Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic",0,,MODERATE,CWE-352 -CVE-2019-10457,2022-05-24T16:58:50Z,"Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin ","org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic",0,,MODERATE,CWE-862 -CVE-2019-10458,2022-05-24T16:58:51Z,"Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin","org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline",0,,CRITICAL,CWE-183;CWE-863 -CVE-2019-10459,2022-05-24T16:59:36Z,"Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token","org.jenkins-ci.plugins:mattermost",0,2.7.1,MODERATE,CWE-522 -CVE-2019-10460,2022-05-24T16:59:37Z,"Jenkins Bitbucket OAuth Plugin contains Insufficiently Protected Credentials","org.jenkins-ci.plugins:bitbucket-oauth",0,0.10,HIGH,CWE-522 -CVE-2019-10461,2022-05-24T16:59:38Z,"Jenkins Dynatrace Plugin vulnerable to Insufficiently Protected Credentials","org.jenkins-ci.plugins:dynatrace-dashboard",0,2.1.4,HIGH,CWE-522 -CVE-2019-10462,2022-05-24T16:59:37Z,"Jenkins Dynatrace Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:dynatrace-dashboard",0,2.1.4,HIGH,CWE-352 -CVE-2019-10463,2022-05-24T16:59:37Z,"Jenkins Dynatrace Plugin contains Incorrect Default Permissions","org.jenkins-ci.plugins:dynatrace-dashboard",0,2.1.5,MODERATE,CWE-276 -CVE-2019-10464,2022-05-24T16:59:37Z,"Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:weblogic-deployer-plugin",0,,HIGH,CWE-352 -CVE-2019-10465,2022-05-24T16:59:37Z,"Jenkins Deploy WebLogic Plugin missing permission check","org.jenkins-ci.plugins:weblogic-deployer-plugin",0,,MODERATE,CWE-276 -CVE-2019-10466,2022-05-24T16:59:36Z,"Jenkins 360 FireLine Plugin vulnerable to XML External Entity Reference","org.jenkins-ci.plugins.plugin:fireline",0,,HIGH,CWE-611 -CVE-2019-10467,2022-05-24T16:59:37Z,"Jenkins Sonar Gerrit Plugin stores credentials unencrypted","org.jenkins-ci.plugins:sonar-gerrit",0,2.4.5,MODERATE,CWE-522 -CVE-2019-10468,2022-05-24T16:59:37Z,"Jenkins Kubernetes CI/CD Plugin vulnerable to Cross-Site Request Forgery","com.elasticbox.jenkins-ci.plugins:kubernetes-ci",0,,HIGH,CWE-352 -CVE-2019-10469,2022-05-24T16:59:36Z,"Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization","com.elasticbox.jenkins-ci.plugins:kubernetes-ci",0,,MODERATE,CWE-276;CWE-285 -CVE-2019-10470,2022-05-24T16:59:37Z,"Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration","com.elasticbox.jenkins-ci.plugins:kubernetes-ci",0,,MODERATE,CWE-276;CWE-285 -CVE-2019-10471,2022-05-24T16:59:37Z,"Jenkins Libvirt Slaves Plugin vlnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:libvirt-slave",0,1.8.6,HIGH,CWE-352 -CVE-2019-10472,2022-05-24T16:59:38Z,"Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions","org.jenkins-ci.plugins:libvirt-slave",0,1.8.6,MODERATE,CWE-276 -CVE-2019-10473,2022-05-24T16:59:37Z,"Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration","org.jenkins-ci.plugins:libvirt-slave",0,1.8.6,MODERATE,CWE-276 -CVE-2019-10474,2022-05-24T16:59:38Z,"Jenkins Global Post Script Plugin missing permission check","org.jenkins-ci.plugins:global-post-script",0,,MODERATE,CWE-276 -CVE-2019-10475,2022-05-24T16:59:38Z,"Jenkins build-metrics Plugin reflected cross-site scripting vulnerability","org.jenkins-ci.plugins:build-metrics",0,,MODERATE,CWE-79 -CVE-2019-10476,2022-05-24T16:59:38Z,"Jenkins Zulip Plugin vulnerable to Insufficiently Protected Credentials","org.jenkins-ci.plugins:zulip",0,1.1.1,HIGH,CWE-522 -CVE-2019-10648,2019-04-02T15:36:49Z,"Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction","net.sf.robocode:robocode.host",0,1.9.3.7,CRITICAL,CWE-20;CWE-862 -CVE-2019-10686,2019-04-18T14:27:42Z,"Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apollo","com.ctrip.framework.apollo:apollo",0,,CRITICAL,CWE-918 -CVE-2019-10753,2019-09-11T23:08:57Z,"Incorrect Resource Transfer Between Spheres in eclipse-wtp","com.diffplug.spotless:spotless-eclipse-cdt",0,9.4.4,MODERATE,CWE-669 -CVE-2019-10753,2019-09-11T23:08:57Z,"Incorrect Resource Transfer Between Spheres in eclipse-wtp","com.diffplug.spotless:spotless-eclipse-groovy",0,3.0.1,MODERATE,CWE-669 -CVE-2019-10753,2019-09-11T23:08:57Z,"Incorrect Resource Transfer Between Spheres in eclipse-wtp","com.diffplug.spotless:spotless-eclipse-wtp",0,3.9.6,MODERATE,CWE-669 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-core-services-api",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-core-services-authentication",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-support-oauth-core-api",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-support-oidc",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-support-shell",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10754,2022-05-24T16:56:41Z,"Use of Insufficiently Random Values in Apereo CAS","org.apereo.cas:cas-server-support-simple-mfa",0,6.1.0-RC5,HIGH,CWE-330;CWE-338 -CVE-2019-10755,2019-11-06T17:06:28Z,"Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml",org.pac4j:pac4j-saml,0,3.8.2,MODERATE,CWE-338 -CVE-2019-10770,2020-01-27T19:28:20Z,"Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)",io.ratpack:ratpack-core,0,1.7.6,MODERATE,CWE-79 -CVE-2019-10782,2020-01-31T18:00:07Z,"XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))","com.puppycrawl.tools:checkstyle",0,8.29,MODERATE,CWE-611 -CVE-2019-10797,2022-02-09T22:35:29Z,"HTTP Response Splitting in WSO2 transport-http","org.wso2.transport.http:org.wso2.transport.http.netty",0,6.3.1,MODERATE,CWE-113 -CVE-2019-11065,2022-05-13T01:21:57Z,"Insecure transport protocol in Gradle",org.gradle:gradle-core,1.4,5.4.0,MODERATE,CWE-319 -CVE-2019-11082,2019-05-29T18:05:11Z,"Path Traversal in DKPro Core","de.tudarmstadt.ukp.dkpro.core:de.tudarmstadt.ukp.dkpro.core.api.datasets-asl",0,,HIGH,CWE-22 -CVE-2019-11269,2019-06-13T20:18:28Z,"Open Redirect in Spring Security OAuth","org.springframework.security.oauth:spring-security-oauth",2.0.0.RELEASE,2.0.18.RELEASE,MODERATE,CWE-601 -CVE-2019-11269,2019-06-13T20:18:28Z,"Open Redirect in Spring Security OAuth","org.springframework.security.oauth:spring-security-oauth",2.1.0.RELEASE,2.1.5.RELEASE,MODERATE,CWE-601 -CVE-2019-11269,2019-06-13T20:18:28Z,"Open Redirect in Spring Security OAuth","org.springframework.security.oauth:spring-security-oauth",2.2.0.RELEASE,2.2.5.RELEASE,MODERATE,CWE-601 -CVE-2019-11269,2019-06-13T20:18:28Z,"Open Redirect in Spring Security OAuth","org.springframework.security.oauth:spring-security-oauth",2.3.0.RELEASE,2.3.6.RELEASE,MODERATE,CWE-601 -CVE-2019-11272,2019-06-27T17:24:58Z,"Insufficiently Protected Credentials and Improper Authentication in Spring Security","org.springframework.security:spring-security-cas",0,4.2.13.RELEASE,HIGH,CWE-287;CWE-522 -CVE-2019-11272,2019-06-27T17:24:58Z,"Insufficiently Protected Credentials and Improper Authentication in Spring Security","org.springframework.security:spring-security-core",0,4.2.13,HIGH,CWE-287;CWE-522 -CVE-2019-11284,2019-10-23T14:14:32Z,"Insufficiently Protected Credentials in Pivotal Reactor Netty","io.projectreactor.netty:reactor-netty",0,0.8.11,HIGH,CWE-522 -CVE-2019-11343,2022-02-10T20:47:29Z,"Vulnerability in Torpedo Query","org.torpedoquery:org.torpedoquery",0,2.5.3,CRITICAL, -CVE-2019-11358,2019-04-26T16:29:11Z,"XSS in jQuery as used in Drupal, Backdrop CMS, and other products",org.webjars.npm:jquery,1.1.4,3.4.0,MODERATE,CWE-1321;CWE-79 -CVE-2019-11404,2019-04-22T17:15:40Z,"Missing Encryption of Sensitive Data in arrow-kt Arrow","io.arrow-kt:arrow-ank-gradle",0,0.9.0,MODERATE,CWE-311 -CVE-2019-11405,2022-05-24T16:44:03Z,"OpenAPI Tools OpenAPI Generator uses HTTP in various files","org.openapitools:openapi-generator",0,"4.0.0-20190419.052012-560",HIGH,CWE-311 -CVE-2019-11777,2019-09-17T22:47:11Z,"Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library","org.eclipse.paho:org.eclipse.paho.client.mqttv3",0,1.2.1,MODERATE,CWE-346;CWE-755 -CVE-2019-11808,2019-05-14T04:01:37Z,"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack","io.ratpack:ratpack-groovy",0,1.6.1,LOW,CWE-338 -CVE-2019-11808,2019-05-14T04:01:37Z,"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack","io.ratpack:ratpack-session",0,1.6.1,LOW,CWE-338 -CVE-2019-11808,2019-05-14T04:01:37Z,"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack",io.ratpack:ratpack-java,0,1.6.1,LOW,CWE-338 -CVE-2019-12086,2019-05-23T09:32:24Z,"Information exposure in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,HIGH,CWE-502 -CVE-2019-12086,2019-05-23T09:32:24Z,"Information exposure in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.6,HIGH,CWE-502 -CVE-2019-12086,2019-05-23T09:32:24Z,"Information exposure in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.4,HIGH,CWE-502 -CVE-2019-12086,2019-05-23T09:32:24Z,"Information exposure in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.9,HIGH,CWE-502 -CVE-2019-12384,2019-07-05T21:07:27Z,"Deserialization of Untrusted Data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,MODERATE,CWE-502 -CVE-2019-12384,2019-07-05T21:07:27Z,"Deserialization of Untrusted Data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.6,MODERATE,CWE-502 -CVE-2019-12384,2019-07-05T21:07:27Z,"Deserialization of Untrusted Data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.4,MODERATE,CWE-502 -CVE-2019-12384,2019-07-05T21:07:27Z,"Deserialization of Untrusted Data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.9.1,MODERATE,CWE-502 -CVE-2019-12397,2019-08-16T14:01:35Z,"Cross-site scripting in Apache Ranger",org.apache.ranger:ranger,0.7.0,2.0.0,MODERATE,CWE-79 -CVE-2019-12399,2020-05-12T00:39:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka",org.apache.kafka:kafka,2.0.0,2.0.2,HIGH,CWE-319 -CVE-2019-12399,2020-05-12T00:39:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka",org.apache.kafka:kafka,2.1.0,2.1.2,HIGH,CWE-319 -CVE-2019-12399,2020-05-12T00:39:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka",org.apache.kafka:kafka,2.2.0,2.2.2,HIGH,CWE-319 -CVE-2019-12399,2020-05-12T00:39:27Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka",org.apache.kafka:kafka,2.3.0,2.3.1,HIGH,CWE-319 -CVE-2019-12400,2019-08-27T17:41:33Z,"Improper input validation in Apache Santuario XML Security for Java","org.apache.santuario:xmlsec",2.0.3,2.1.4,MODERATE,CWE-20 -CVE-2019-12401,2022-05-24T22:00:29Z,"Apache Solr vulnerable to XML Bomb","org.apache.solr:solr-core",0,5.0.0,HIGH,CWE-776 -CVE-2019-12402,2019-10-11T18:41:08Z,"Denial of Service in Apache Commons Compress","org.apache.commons:commons-compress",1.15,1.19,HIGH,CWE-835 -CVE-2019-12404,2019-10-11T18:41:59Z,"Cross-site scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-war",2.9.0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-12406,2019-11-08T17:15:11Z,"Potential DOS attack due to unrestricted attachment count in messages","org.apache.cxf:apache-cxf",0,3.2.11,MODERATE,CWE-770 -CVE-2019-12406,2019-11-08T17:15:11Z,"Potential DOS attack due to unrestricted attachment count in messages","org.apache.cxf:apache-cxf",3.3.0,3.3.4,MODERATE,CWE-770 -CVE-2019-12406,2019-11-08T17:15:11Z,"Potential DOS attack due to unrestricted attachment count in messages",org.apache.cxf:cxf,0,3.2.11,MODERATE,CWE-770 -CVE-2019-12406,2019-11-08T17:15:11Z,"Potential DOS attack due to unrestricted attachment count in messages",org.apache.cxf:cxf,3.3.0,3.3.4,MODERATE,CWE-770 -CVE-2019-12407,2022-05-24T16:56:40Z,"Cross-site Scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-main",0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-12407,2022-05-24T16:56:40Z,"Cross-site Scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-war",0,2.11.0.M5,MODERATE,CWE-79 -CVE-2019-12409,2020-01-28T22:26:54Z,"Unrestricted upload of file with dangerous type in Apache Solr","org.apache.solr:solr-core",8.1.1,8.3.0,CRITICAL,CWE-434 -CVE-2019-12415,2022-05-24T16:59:46Z,"Improper Restriction of XML External Entity Reference in Apache POI ",org.apache.poi:poi,0,4.1.1,MODERATE,CWE-611 -CVE-2019-12416,2022-02-10T20:54:31Z,"Injection in DeltaSpike","org.apache.deltaspike:deltaspike",0,1.9.4,MODERATE,CWE-74 -CVE-2019-12418,2019-12-26T18:22:36Z,"Insufficiently Protected Credentials in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",0,7.0.99,HIGH,CWE-522 -CVE-2019-12418,2019-12-26T18:22:36Z,"Insufficiently Protected Credentials in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.49,HIGH,CWE-522 -CVE-2019-12418,2019-12-26T18:22:36Z,"Insufficiently Protected Credentials in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.29,HIGH,CWE-522 -CVE-2019-12419,2019-11-08T17:12:59Z,"Potential session hijack in Apache CXF ",org.apache.cxf:cxf,0,3.2.11,CRITICAL,CWE-863 -CVE-2019-12419,2019-11-08T17:12:59Z,"Potential session hijack in Apache CXF ",org.apache.cxf:cxf,3.3.0,3.3.4,CRITICAL,CWE-863 -CVE-2019-12421,2019-12-02T18:19:39Z,"Apache NiFi user log out issue","org.apache.nifi:nifi-web-api",1.3.0,1.10.0,HIGH,CWE-613 -CVE-2019-12421,2019-12-02T18:19:39Z,"Apache NiFi user log out issue","org.apache.nifi:nifi-web-security",1.3.0,1.10.0,HIGH,CWE-613 -CVE-2019-12422,2020-02-04T22:36:36Z,"Improper input validation in Apache Shiro","org.apache.shiro:shiro-core",0,1.4.2,HIGH, -CVE-2019-12423,2020-05-22T19:23:04Z,"Private key leak in Apache CXF","org.apache.cxf:apache-cxf",0,3.2.12,HIGH,CWE-522 -CVE-2019-12423,2020-05-22T19:23:04Z,"Private key leak in Apache CXF","org.apache.cxf:apache-cxf",3.3.0,3.3.5,HIGH,CWE-522 -CVE-2019-12423,2020-05-22T19:23:04Z,"Private key leak in Apache CXF",org.apache.cxf:cxf,0,3.2.12,HIGH,CWE-522 -CVE-2019-12423,2020-05-22T19:23:04Z,"Private key leak in Apache CXF",org.apache.cxf:cxf,3.3.0,3.3.5,HIGH,CWE-522 -CVE-2019-12728,2022-05-24T16:47:09Z,"Incorrect Resource Transfer Between Spheres in Grails",org.grails:grails-core,0,3.3.10,HIGH,CWE-494;CWE-669 -CVE-2019-12741,2019-06-07T20:56:59Z,"Cross-site Scripting in HAPI FHIR","ca.uhn.hapi.fhir:hapi-fhir-base",0,3.8.0,MODERATE,CWE-79 -CVE-2019-12814,2019-07-17T15:26:12Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,MODERATE,CWE-502 -CVE-2019-12814,2019-07-17T15:26:12Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.6,MODERATE,CWE-502 -CVE-2019-12814,2019-07-17T15:26:12Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.4,MODERATE,CWE-502 -CVE-2019-12814,2019-07-17T15:26:12Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.9.1,MODERATE,CWE-502 -CVE-2019-13116,2022-05-24T16:58:52Z,"Mulesoft Mule Unsafe Deserialization",org.mule.runtime:mule,0,3.8.0,CRITICAL,CWE-502 -CVE-2019-13234,2019-11-12T22:58:11Z,"XSS in search engine",org.opencms:opencms-core,0,11.0.1,MODERATE,CWE-79 -CVE-2019-13235,2019-11-12T22:58:16Z,"XSS in login form",org.opencms:opencms-core,0,11.0.1,MODERATE,CWE-79 -CVE-2019-13236,2019-11-12T22:58:21Z,"XSS issues in the management interface",org.opencms:opencms-core,0,11.0.1,MODERATE,CWE-79 -CVE-2019-13237,2019-11-12T22:58:14Z,"Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms",org.opencms:opencms-core,0,11.0.1,MODERATE,CWE-200;CWE-22 -CVE-2019-13990,2020-07-01T17:55:03Z,"XML external entity injection in Terracotta Quartz Scheduler","org.quartz-scheduler:quartz",0,2.3.2,CRITICAL,CWE-611 -CVE-2019-14379,2019-08-01T19:18:00Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.7.9.6,CRITICAL,CWE-1321;CWE-915 -CVE-2019-14379,2019-08-01T19:18:00Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.4,CRITICAL,CWE-1321;CWE-915 -CVE-2019-14379,2019-08-01T19:18:00Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.9.2,CRITICAL,CWE-1321;CWE-915 -CVE-2019-14439,2019-08-01T19:18:06Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,HIGH,CWE-502 -CVE-2019-14439,2019-08-01T19:18:06Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.6,HIGH,CWE-502 -CVE-2019-14439,2019-08-01T19:18:06Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.4,HIGH,CWE-502 -CVE-2019-14439,2019-08-01T19:18:06Z,"Deserialization of untrusted data in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.9.2,HIGH,CWE-502 -CVE-2019-14540,2019-09-23T18:33:25Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,CRITICAL,CWE-502 -CVE-2019-14540,2019-09-23T18:33:25Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-14540,2019-09-23T18:33:25Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10,CRITICAL,CWE-502 -CVE-2019-14820,2020-04-15T21:08:21Z,"Exposure of Sensitive Information to an Unauthorized Actor in Keycloak","org.keycloak:keycloak-core",0,8.0.0,MODERATE,CWE-200 -CVE-2019-14832,2022-05-24T16:58:47Z,"Keycloak Unauthenticated Access","org.keycloak:keycloak-model-infinispan",0,7.0.1,HIGH,CWE-863 -CVE-2019-14832,2022-05-24T16:58:47Z,"Keycloak Unauthenticated Access","org.keycloak:keycloak-model-jpa",0,7.0.1,HIGH,CWE-863 -CVE-2019-14837,2022-05-24T17:05:43Z,"keycloak vulnerable to unauthorized login via mail server setup","org.keycloak:keycloak-core",0,8.0.0,CRITICAL,CWE-547;CWE-798 -CVE-2019-14838,2022-05-24T16:58:43Z,"Wildfly Authorization Misconfiguration","org.wildfly.core:wildfly-host-controller",0,7.2.5.GA,MODERATE,CWE-284 -CVE-2019-14888,2022-05-24T17:07:10Z,"Undertow vulnerable to Uncontrolled Resource Consumption","io.undertow:undertow-core",0,2.0.29.Final,HIGH,CWE-400 -CVE-2019-14892,2020-05-15T18:58:58Z,"Polymorphic deserialization of malicious object in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,HIGH,CWE-200;CWE-502 -CVE-2019-14892,2020-05-15T18:58:58Z,"Polymorphic deserialization of malicious object in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,HIGH,CWE-200;CWE-502 -CVE-2019-14892,2020-05-15T18:58:58Z,"Polymorphic deserialization of malicious object in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10,HIGH,CWE-200;CWE-502 -CVE-2019-14893,2020-05-15T18:59:07Z,"Polymorphic deserialization of malicious object in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10,HIGH,CWE-502 -CVE-2019-14900,2022-02-10T23:05:04Z,"SQL Injection in Hibernate ORM","org.hibernate:hibernate-core",0,5.3.18,MODERATE,CWE-89 -CVE-2019-14900,2022-02-10T23:05:04Z,"SQL Injection in Hibernate ORM","org.hibernate:hibernate-core",5.4.0,5.4.18,MODERATE,CWE-89 -CVE-2019-14900,2022-02-10T23:05:04Z,"SQL Injection in Hibernate ORM","org.hibernate:hibernate-core",5.5.0.Alpha1,5.5.0.Beta1,MODERATE,CWE-89 -CVE-2019-14909,2022-05-24T17:02:40Z,"Keycloak Authentication Error","org.keycloak:keycloak-parent",7.0.0,,HIGH,CWE-287;CWE-305 -CVE-2019-14910,2022-05-24T17:02:42Z,"Keycloak Authentication Error","org.keycloak:keycloak-parent",7.0.0,,CRITICAL,CWE-278;CWE-295 -CVE-2019-15477,2019-08-27T17:40:33Z,"Cross-site Scripting in Jooby",org.jooby:jooby,0,1.6.4,MODERATE,CWE-79 -CVE-2019-15488,2019-08-27T17:37:33Z,"Cross-site Scripting in Ignite Realtime Openfire","org.igniterealtime.openfire:xmppserver",0,4.4.1,MODERATE,CWE-79 -CVE-2019-15563,2022-05-24T16:54:46Z,"OHDSI WebAPI vulnerable to SQL Injection",org.ohdsi:WebAPI,0,2.7.2,CRITICAL,CWE-89 -CVE-2019-15630,2022-05-24T16:55:15Z,"Mule modules contain Directory Traversal",org.mule.runtime:mule,3.0.0,,HIGH,CWE-22 -CVE-2019-16148,2019-09-23T18:33:18Z,"Cross-site scripting in Sakai","org.sakaiproject:chat-base",0,,MODERATE,CWE-79 -CVE-2019-16335,2019-09-23T18:33:45Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,CRITICAL,CWE-502 -CVE-2019-16335,2019-09-23T18:33:45Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-16335,2019-09-23T18:33:45Z,"Polymorphic Typing issue in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10,CRITICAL,CWE-502 -CVE-2019-16370,2022-05-24T16:56:18Z,"Use of a weak cryptographic algorithm in Gradle",org.gradle:gradle-core,0,6.0,LOW,CWE-327 -CVE-2019-16530,2022-05-24T16:59:30Z,"Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager","org.sonatype.nexus:nexus-repository",2.0.0,2.14.15,HIGH,CWE-434 -CVE-2019-16530,2022-05-24T16:59:30Z,"Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager","org.sonatype.nexus:nexus-repository",3.0.0,3.19.0,HIGH,CWE-434 -CVE-2019-16538,2022-05-24T17:01:40Z,"Incorrect Authorization in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.68,HIGH,CWE-863 -CVE-2019-16539,2022-05-24T17:01:40Z,"Missing permission check in Jenkins Support Core Plugin","org.jenkins-ci.plugins:support-core",0,2.64,MODERATE,CWE-281 -CVE-2019-16540,2022-05-24T17:01:41Z,"Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files","org.jenkins-ci.plugins:support-core",0,2.64,HIGH,CWE-22 -CVE-2019-16541,2022-05-24T17:01:40Z,"Jenkins JIRA Plugin allows users to select and use credentials with System scope","org.jenkins-ci.plugins:jira",0,3.0.11,MODERATE,CWE-668 -CVE-2019-16542,2022-05-24T17:01:40Z,"Jenkins Anchore Container Scanner Plugin vulnerable to Insufficiently Protected Credentials","org.jenkins-ci.plugins:anchore-container-scanner",0,1.0.20,MODERATE,CWE-522 -CVE-2019-16543,2022-05-24T17:01:41Z,"Plaintext Storage in Jenkins Spira Importer Plugin","com.inflectra.spiratest.plugins:inflectra-spira-integration",0,3.2.3,LOW,CWE-256 -CVE-2019-16544,2022-05-24T17:01:41Z,"Jenkins QMetry for JIRA Plugin stored credentials in plain text","org.jenkins-ci.plugins:qmetry-for-jira-test-management",0,1.13,MODERATE,CWE-522 -CVE-2019-16545,2022-05-24T17:01:41Z,"Jenkins QMetry for JIRA Plugin shows plain text password in configuration form","org.jenkins-ci.plugins:qmetry-for-jira-test-management",0,1.14.0,LOW,CWE-319 -CVE-2019-16546,2022-05-24T17:01:41Z,"Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin","org.jenkins-ci.plugins:google-compute-engine",0,4.2.0,MODERATE,CWE-300;CWE-639 -CVE-2019-16547,2022-05-24T17:01:41Z,"Jenkins Google Compute Engine Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:google-compute-engine",0,4.2.0,MODERATE,CWE-285;CWE-862 -CVE-2019-16548,2022-05-24T17:01:41Z,"Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:google-compute-engine",0,4.2.0,MODERATE,CWE-352 -CVE-2019-16549,2022-05-24T17:03:46Z,"Jenkins Maven Release Plug-in Plugin XXE vulnerability","org.jenkins-ci.plugins.m2release:m2release",0,0.16.2,HIGH,CWE-611 -CVE-2019-16550,2022-05-24T17:03:46Z,"Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin","org.jenkins-ci.plugins.m2release:m2release",0,0.16.2,HIGH,CWE-352 -CVE-2019-16551,2022-05-24T17:03:46Z,"Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.30.2,HIGH,CWE-352 -CVE-2019-16552,2022-05-24T17:03:46Z,"Missing permission check in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.30.2,MODERATE,CWE-276;CWE-285 -CVE-2019-16553,2022-05-24T17:03:46Z,"Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,1.24.2,HIGH,CWE-352 -CVE-2019-16554,2022-05-24T17:03:47Z,"Missing permission check in Jenkins Build Failure Analyzer Plugin","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,1.24.2,MODERATE,CWE-276;CWE-284 -CVE-2019-16555,2022-05-24T17:03:47Z,"Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,1.24.2,MODERATE,CWE-1333;CWE-400 -CVE-2019-16556,2022-05-24T17:03:47Z,"Jenkins Rundeck Plugin stored credentials in plain text ","org.jenkins-ci.plugins:rundeck",0,3.6.6,MODERATE,CWE-522 -CVE-2019-16557,2022-05-24T17:03:47Z,"Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials","com.redgate.plugins.redgatesqlci:redgate-sql-ci",0,2.0.4,MODERATE,CWE-522 -CVE-2019-16558,2022-05-24T17:03:47Z,"Improper Certificate Validation in Jenkins Spira Importer Plugin","com.inflectra.spiratest.plugins:inflectra-spira-integration",0,3.2.4,HIGH,CWE-295 -CVE-2019-16559,2022-05-24T17:03:47Z,"Jenkins WebSphere Deployer Plugin missing permission check","org.jenkins-ci.plugins:websphere-deployer",0,,MODERATE,CWE-276 -CVE-2019-16560,2022-05-24T17:03:47Z,"Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin","org.jenkins-ci.plugins:websphere-deployer",0,,HIGH,CWE-352 -CVE-2019-16561,2022-05-24T17:03:47Z,"SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin ","org.jenkins-ci.plugins:websphere-deployer",0,,HIGH,CWE-295 -CVE-2019-16562,2022-05-24T17:03:47Z,"Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins:buildgraph-view",0,,MODERATE,CWE-79 -CVE-2019-16563,2022-05-24T17:03:48Z,"Cross site scripting in Jenkins Mission Control Plugin","tech.andrey.jenkins:mission-control-view",0,,MODERATE,CWE-79 -CVE-2019-16564,2022-05-24T17:03:48Z,"Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability","com.paul8620.jenkins.plugins:pipeline-aggregator-view",0,1.9,MODERATE,CWE-79 -CVE-2019-16565,2022-05-24T17:03:47Z,"Jenkins Team Concert Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:teamconcert",0,,HIGH,CWE-352 -CVE-2019-16566,2022-05-24T17:03:48Z,"Jenkins Team Concert Plugin missing permission check","org.jenkins-ci.plugins:teamconcert",0,,HIGH,CWE-862 -CVE-2019-16567,2022-05-24T17:03:48Z,"Jenkins Team Concert Plugin missing permission check","org.jenkins-ci.plugins:teamconcert",0,,MODERATE,CWE-862 -CVE-2019-16568,2022-05-24T17:03:48Z,"Jenkins SCTMExecutor Plugin stores credentials in plain text ","hudson.plugins.sctmexecutor:SCTMExecutor",0,,MODERATE,CWE-319 -CVE-2019-16569,2022-05-24T17:03:48Z,"CSRF vulnerability in Jenkins Mantis Plugin ","org.jenkins-ci.plugins:mantis",0,,MODERATE,CWE-352 -CVE-2019-16570,2022-05-24T17:03:48Z,"Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin","org.jenkins-ci.plugins:rapiddeploy-jenkins",0,,MODERATE,CWE-352 -CVE-2019-16571,2022-05-24T17:03:48Z,"Jenkins RapidDeploy Plugin missing permission check","org.jenkins-ci.plugins:rapiddeploy-jenkins",0,,MODERATE,CWE-285;CWE-862 -CVE-2019-16572,2022-05-24T17:03:49Z,"Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file","org.jenkins-ci.plugins:weibo",0,,LOW,CWE-1024;CWE-256;CWE-522 -CVE-2019-16573,2022-05-24T17:03:48Z,"Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery","com.alauda.jenkins.plugins:alauda-devops-pipeline",0,,HIGH,CWE-352 -CVE-2019-16574,2022-05-24T17:03:49Z,"Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins","com.alauda.jenkins.plugins:alauda-devops-pipeline",0,,MODERATE,CWE-285;CWE-862 -CVE-2019-16575,2022-05-24T17:03:49Z,"Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin","io.alauda.jenkins.plugins:alauda-kubernetes-support",0,,HIGH,CWE-352 -CVE-2019-16576,2022-05-24T17:03:49Z,"Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin","io.alauda.jenkins.plugins:alauda-kubernetes-support",0,,MODERATE,CWE-862 -CVE-2019-16771,2019-12-05T18:40:51Z,"Low severity vulnerability that affects com.linecorp.armeria:armeria","com.linecorp.armeria:armeria",0.50.0,0.97.0,MODERATE,CWE-113 -CVE-2019-16869,2019-10-11T18:41:23Z,"HTTP Request Smuggling in Netty",io.netty:netty-all,4.0.0.Alpha1,4.1.42.Final,HIGH,CWE-444 -CVE-2019-16869,2019-10-11T18:41:23Z,"HTTP Request Smuggling in Netty",org.jboss.netty:netty,0,,HIGH,CWE-444 -CVE-2019-16942,2019-10-28T20:51:15Z,"Polymorphic Typing in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.3,CRITICAL,CWE-502 -CVE-2019-16942,2019-10-28T20:51:15Z,"Polymorphic Typing in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-16942,2019-10-28T20:51:15Z,"Polymorphic Typing in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.1,CRITICAL,CWE-502 -CVE-2019-16943,2019-11-13T00:32:27Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,CRITICAL,CWE-502 -CVE-2019-16943,2019-11-13T00:32:27Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-16943,2019-11-13T00:32:27Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.1,CRITICAL,CWE-502 -CVE-2019-17091,2022-05-24T16:57:42Z,"Cross-site Scripting in Eclipse Mojarra","org.glassfish:jakarta.faces",0,2.3.10,MODERATE,CWE-79 -CVE-2019-17091,2022-05-24T16:57:42Z,"Cross-site Scripting in Eclipse Mojarra","org.glassfish:javax.faces",0,2.2.20,MODERATE,CWE-79 -CVE-2019-17195,2019-10-16T18:31:17Z,"Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT","com.nimbusds:nimbus-jose-jwt",0,7.9,CRITICAL,CWE-754;CWE-755 -CVE-2019-17267,2020-06-15T18:44:48Z,"Improper Input Validation in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-17267,2020-06-15T18:44:48Z,"Improper Input Validation in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10,CRITICAL,CWE-502 -CVE-2019-17352,2022-05-25T19:21:15Z,"JFinal file validation vulnerability",com.jfinal:jfinal,0,4.5,HIGH,CWE-434 -CVE-2019-17359,2019-10-17T18:15:16Z,"Out-of-Memory Error in Bouncy Castle Crypto","org.bouncycastle:bcprov-jdk14",1.63,1.64,HIGH,CWE-770 -CVE-2019-17495,2019-10-15T19:27:05Z,"Cross-site scripting in Swagger-UI","io.springfox:springfox-swagger-ui",0,2.10.0,CRITICAL,CWE-352;CWE-79 -CVE-2019-17495,2019-10-15T19:27:05Z,"Cross-site scripting in Swagger-UI","org.webjars.npm:swagger-ui",0,3.23.11,CRITICAL,CWE-352;CWE-79 -CVE-2019-17495,2019-10-15T19:27:05Z,"Cross-site scripting in Swagger-UI",org.webjars:swagger-ui,0,3.23.11,CRITICAL,CWE-352;CWE-79 -CVE-2019-17513,2019-10-21T16:08:43Z,"io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')",io.ratpack:ratpack-core,0,1.7.5,HIGH,CWE-74 -CVE-2019-17531,2019-11-13T00:32:38Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.3,CRITICAL,CWE-502 -CVE-2019-17531,2019-11-13T00:32:38Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-17531,2019-11-13T00:32:38Z,"jackson-databind polymorphic typing issue","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.1,CRITICAL,CWE-502 -CVE-2019-17554,2020-02-04T22:37:43Z,"Improper Restriction of XML External Entity Reference in Apache Olingo","org.apache.olingo:odata-client-core",4.0.0,4.7.0,MODERATE,CWE-611 -CVE-2019-17554,2020-02-04T22:37:43Z,"Improper Restriction of XML External Entity Reference in Apache Olingo","org.apache.olingo:odata-server-core",4.0.0,4.7.0,MODERATE,CWE-611 -CVE-2019-17555,2020-02-04T22:37:15Z,"Improper input validation in Apache Olingo","org.apache.olingo:odata-client-core",4.0.0,4.7.0,HIGH,CWE-20 -CVE-2019-17556,2020-02-04T22:38:22Z,"Deserialization of Untrusted Data in Apache Olingo","org.apache.olingo:odata-client-proxy",4.0.0,4.7.0,CRITICAL,CWE-502 -CVE-2019-17557,2022-01-06T19:38:07Z,"Cross-site scripting in Apache Syncome EndUser","org.apache.syncope.client:syncope-client-enduser",0,2.0.15,LOW,CWE-79 -CVE-2019-17557,2022-01-06T19:38:07Z,"Cross-site scripting in Apache Syncome EndUser","org.apache.syncope.client:syncope-client-enduser",2.1.0,2.1.6,LOW,CWE-79 -CVE-2019-17558,2020-02-12T18:45:28Z,"Improper Input Validation in Apache Solr","org.apache.solr:solr-core",5.0.0,8.4.0,HIGH,CWE-20;CWE-74;CWE-94 -CVE-2019-17558,2020-02-12T18:45:28Z,"Improper Input Validation in Apache Solr","org.apache.solr:solr-core",6.0.0,8.4.0,HIGH,CWE-20;CWE-74;CWE-94 -CVE-2019-17558,2020-02-12T18:45:28Z,"Improper Input Validation in Apache Solr","org.apache.solr:solr-core",7.0.0,8.4.0,HIGH,CWE-20;CWE-74;CWE-94 -CVE-2019-17558,2020-02-12T18:45:28Z,"Improper Input Validation in Apache Solr","org.apache.solr:solr-core",8.0.0,8.4.0,HIGH,CWE-20;CWE-74;CWE-94 -CVE-2019-17560,2022-05-24T22:28:22Z,"Improper Certificate Validation in Apache Netbeans","org.codehaus.mevenide:netbeans",0,,CRITICAL,CWE-295 -CVE-2019-17561,2022-05-24T17:12:56Z,"Improper Verification of Cryptographic Signature in Apache Netbeans","org.codehaus.mevenide:netbeans",0,,HIGH,CWE-20;CWE-347 -CVE-2019-17563,2019-12-26T18:22:26Z,"In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack","org.apache.tomcat.embed:tomcat-embed-core",0,7.0.99,HIGH,CWE-384 -CVE-2019-17563,2019-12-26T18:22:26Z,"In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.50,HIGH,CWE-384 -CVE-2019-17563,2019-12-26T18:22:26Z,"In Apache Tomcat, when using FORM authentication there was a narrow window where an attacker could perform a session fixation attack","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.30,HIGH,CWE-384 -CVE-2019-17564,2022-05-24T17:13:14Z,"Deserialization of Untrusted Data in Apache Dubbo","org.apache.dubbo:dubbo-rpc-http-invoker",2.5.0,2.7.5,MODERATE,CWE-502 -CVE-2019-17566,2022-02-09T00:46:46Z,"Server-side request forgery (SSRF) in Apache Batik","org.apache.xmlgraphics:batik",0,1.13,HIGH,CWE-20;CWE-918 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.98,7.0.100,MODERATE,CWE-444 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.48,8.5.51,MODERATE,CWE-444 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.28,9.0.31,MODERATE,CWE-444 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,7.0.98,7.0.100,MODERATE,CWE-444 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,8.5.48,8.5.51,MODERATE,CWE-444 -CVE-2019-17569,2020-02-28T01:10:58Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,9.0.28,9.0.31,MODERATE,CWE-444 -CVE-2019-17570,2020-06-10T20:02:39Z,"Insecure Deserialization in Apache XML-RPC",org.apache.xmlrpc:xmlrpc,0,,CRITICAL,CWE-502 -CVE-2019-17571,2020-01-06T18:43:49Z,"Deserialization of Untrusted Data in Log4j",log4j:log4j,1.2,,CRITICAL,CWE-502 -CVE-2019-17572,2020-07-01T17:26:15Z,"Directory traversal in Apache RocketMQ","org.apache.rocketmq:rocketmq-broker",4.2.0,4.6.1,MODERATE,CWE-22 -CVE-2019-17573,2020-06-10T20:02:33Z,"Reflected Cross-Site Scripting in Apache CXF","org.apache.cxf:apache-cxf",0,3.2.12,MODERATE,CWE-79 -CVE-2019-17573,2020-06-10T20:02:33Z,"Reflected Cross-Site Scripting in Apache CXF","org.apache.cxf:apache-cxf",3.3.0,3.3.5,MODERATE,CWE-79 -CVE-2019-17573,2020-06-10T20:02:33Z,"Reflected Cross-Site Scripting in Apache CXF",org.apache.cxf:cxf,0,3.2.12,MODERATE,CWE-79 -CVE-2019-17573,2020-06-10T20:02:33Z,"Reflected Cross-Site Scripting in Apache CXF",org.apache.cxf:cxf,3.3.0,3.3.5,MODERATE,CWE-79 -CVE-2019-17598,2022-05-24T22:01:04Z,"Play Framework Inadequate Encryption Strength vulnerability","com.typesafe.play:play-ws_2.12",2.5.0,2.6.24,HIGH,CWE-326 -CVE-2019-17632,2019-12-02T18:13:28Z,"Unescaped exception messages in error responses in Jetty","org.eclipse.jetty:jetty-server",9.4.21.v20190926,9.4.24.v20191120,MODERATE,CWE-79 -CVE-2019-17632,2019-12-02T18:13:28Z,"Unescaped exception messages in error responses in Jetty","org.eclipse.jetty:jetty-server",9.4.22.v20191022,9.4.24.v20191120,MODERATE,CWE-79 -CVE-2019-17632,2019-12-02T18:13:28Z,"Unescaped exception messages in error responses in Jetty","org.eclipse.jetty:jetty-server",9.4.23.v20191118,9.4.24.v20191120,MODERATE,CWE-79 -CVE-2019-17638,2020-08-05T14:52:59Z,"Operation on a Resource after Expiration or Release in Jetty Server","org.eclipse.jetty:jetty-server",9.4.27,9.4.30.v20200611,CRITICAL,CWE-672;CWE-675 -CVE-2019-17640,2022-02-10T20:28:57Z,"Path Traversal in Eclipse Vert",io.vertx:vertx-web,3.0.0,3.9.4,CRITICAL,CWE-22;CWE-23 -CVE-2019-18393,2022-05-24T16:59:50Z,"Ignite Realtime Openfire directory traversal vulnerability","org.igniterealtime.openfire:parent",0,4.5.0-beta,MODERATE,CWE-22 -CVE-2019-18394,2022-05-24T16:59:50Z,"Ignite Realtime Openfire vulnerable to Server Side Request Forgery ","org.igniterealtime.openfire:parent",0,4.5.0-beta,CRITICAL,CWE-918 -CVE-2019-19040,2022-11-03T18:42:42Z,"Reflected Cross site scripting (XSS) in kairosdb",org.kairosdb:kairosdb,0,1.3.0,MODERATE,CWE-79 -CVE-2019-19135,2020-03-16T22:46:50Z,"Insufficient Nonce Validation in Eclipse Milo Client","org.eclipse.milo:sdk-client",0,0.3.6,HIGH,CWE-330;CWE-522 -CVE-2019-19703,2020-02-12T18:45:50Z,"URL Redirection to Untrusted Site (Open Redirect) in Ktor",io.ktor:ktor-client-core,0,1.3.0,MODERATE,CWE-601 -CVE-2019-19899,2022-05-24T22:01:17Z,"Pebble Templates Improper Input Validation vulnerability","io.pebbletemplates:pebble-project",0,3.1.4,CRITICAL,CWE-20;CWE-862 -CVE-2019-20330,2020-03-04T20:52:11Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.4,CRITICAL,CWE-502 -CVE-2019-20330,2020-03-04T20:52:11Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.7,CRITICAL,CWE-502 -CVE-2019-20330,2020-03-04T20:52:11Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2019-20330,2020-03-04T20:52:11Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.2,CRITICAL,CWE-502 -CVE-2019-20366,2022-05-24T22:01:17Z,"XSS in Ignite Realtime Openfire via isTrustStore","org.igniterealtime.openfire:parent",0,4.5.0,MODERATE,CWE-79 -CVE-2019-20444,2020-02-21T18:55:24Z,"HTTP Request Smuggling in Netty","io.netty:netty-codec-http",4.0.0,4.1.44,CRITICAL,CWE-444 -CVE-2019-20444,2020-02-21T18:55:24Z,"HTTP Request Smuggling in Netty",io.netty:netty,0,,CRITICAL,CWE-444 -CVE-2019-20444,2020-02-21T18:55:24Z,"HTTP Request Smuggling in Netty",org.jboss.netty:netty,0,,CRITICAL,CWE-444 -CVE-2019-20445,2020-02-21T18:55:04Z,"HTTP Request Smuggling in Netty",io.netty:netty,0,,MODERATE,CWE-444 -CVE-2019-20445,2020-02-21T18:55:04Z,"HTTP Request Smuggling in Netty",io.netty:netty-handler,4.0.0,4.1.45,MODERATE,CWE-444 -CVE-2019-20445,2020-02-21T18:55:04Z,"HTTP Request Smuggling in Netty",org.jboss.netty:netty,0,,MODERATE,CWE-444 -CVE-2019-20525,2022-05-24T17:11:57Z,"Ignite Realtime Openfire allows Cross-site Scripting","org.igniterealtime.openfire:parent",0,4.4.2,MODERATE,CWE-79 -CVE-2019-20526,2022-05-24T17:11:57Z,"Ignite Realtime Openfire allows Cross-site Scripting","org.igniterealtime.openfire:parent",0,4.4.2,MODERATE,CWE-79 -CVE-2019-20527,2022-05-24T17:11:57Z,"Ignite Realtime Openfire allows Cross-site Scripting","org.igniterealtime.openfire:parent",0,4.4.2,MODERATE,CWE-79 -CVE-2019-20528,2022-05-24T17:11:49Z,"Ignite Realtime Openfire allows Cross-site Scripting","org.igniterealtime.openfire:xmppserver",0,4.4.2,MODERATE,CWE-79 -CVE-2019-25027,2021-04-19T14:52:29Z,"Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13",com.vaadin:flow-server,1.0.0,1.0.11,MODERATE,CWE-79;CWE-81 -CVE-2019-25027,2021-04-19T14:52:29Z,"Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13",com.vaadin:flow-server,1.1.0,1.4.3,MODERATE,CWE-79;CWE-81 -CVE-2019-25028,2021-04-19T14:49:48Z,"Stored cross-site scripting in Grid component in Vaadin 7 and 8",com.vaadin:vaadin-bom,7.4.0,7.7.20,MODERATE,CWE-79;CWE-80 -CVE-2019-25028,2021-04-19T14:49:48Z,"Stored cross-site scripting in Grid component in Vaadin 7 and 8",com.vaadin:vaadin-bom,8.0.0,8.8.5,MODERATE,CWE-79;CWE-80 -CVE-2019-25028,2021-04-19T14:49:48Z,"Stored cross-site scripting in Grid component in Vaadin 7 and 8",com.vaadin:vaadin-server,7.4.0,7.7.20,MODERATE,CWE-79;CWE-80 -CVE-2019-25028,2021-04-19T14:49:48Z,"Stored cross-site scripting in Grid component in Vaadin 7 and 8",com.vaadin:vaadin-server,8.0.0,8.8.5,MODERATE,CWE-79;CWE-80 -CVE-2019-25075,2022-08-24T00:00:31Z,"Path Traversal in Gravitee API Management ","io.gravitee.apim:gravitee-api-management",0,1.25.3,MODERATE,CWE-22 -CVE-2019-2692,2020-07-01T17:12:20Z,"Privilege escalation in mysql-connector-jav","mysql:mysql-connector-java",0,8.0.16,MODERATE,CWE-843 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-ws",0,4.3.19,LOW,CWE-611 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-ws",5.0.0,5.0.11,LOW,CWE-611 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-ws",5.1.0,5.1.2,LOW,CWE-611 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-xml",0,4.3.19,LOW,CWE-611 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-xml",5.0.0,5.0.11,LOW,CWE-611 -CVE-2019-3772,2019-01-25T16:18:49Z,"Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml","org.springframework.integration:spring-integration-xml",5.1.0,5.1.2,LOW,CWE-611 -CVE-2019-3773,2019-01-25T16:18:52Z,"Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml","org.springframework.ws:spring-ws",0,2.4.4,CRITICAL,CWE-611 -CVE-2019-3773,2019-01-25T16:18:52Z,"Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml","org.springframework.ws:spring-ws",3.0.0,3.0.6,CRITICAL,CWE-611 -CVE-2019-3773,2019-01-25T16:18:52Z,"Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml","org.springframework.ws:spring-xml",0,2.4.4,CRITICAL,CWE-611 -CVE-2019-3773,2019-01-25T16:18:52Z,"Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xml","org.springframework.ws:spring-xml",3.0.0,3.0.6,CRITICAL,CWE-611 -CVE-2019-3774,2019-01-25T16:18:56Z,"Low severity vulnerability that affects org.springframework.batch:spring-batch-core","org.springframework.batch:spring-batch-core",0,3.0.10,LOW,CWE-611 -CVE-2019-3774,2019-01-25T16:18:56Z,"Low severity vulnerability that affects org.springframework.batch:spring-batch-core","org.springframework.batch:spring-batch-core",4.0.0,4.0.2,LOW,CWE-611 -CVE-2019-3774,2019-01-25T16:18:56Z,"Low severity vulnerability that affects org.springframework.batch:spring-batch-core","org.springframework.batch:spring-batch-core",4.1.0,4.1.1,LOW,CWE-611 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth",0,2.0.17.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth",2.1.0.RELEASE,2.1.4.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth",2.2.0.RELEASE,2.2.4.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth",2.3.0.RELEASE,2.3.5.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth2",0,2.0.17.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth2",2.1.0.RELEASE,2.1.4.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth2",2.2.0.RELEASE,2.2.4.RELEASE,MODERATE,CWE-601 -CVE-2019-3778,2019-03-14T15:39:30Z,"spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability","org.springframework.security.oauth:spring-security-oauth2",2.3.0.RELEASE,2.3.5.RELEASE,MODERATE,CWE-601 -CVE-2019-3795,2019-04-16T15:10:59Z,"Spring Security uses insufficiently random values","org.springframework.security:spring-security-core",4.2.0,4.2.12,MODERATE,CWE-330 -CVE-2019-3795,2019-04-16T15:10:59Z,"Spring Security uses insufficiently random values","org.springframework.security:spring-security-core",5.0.0,5.0.12,MODERATE,CWE-330 -CVE-2019-3795,2019-04-16T15:10:59Z,"Spring Security uses insufficiently random values","org.springframework.security:spring-security-core",5.1.0,5.1.5,MODERATE,CWE-330 -CVE-2019-3797,2019-05-14T04:02:35Z,"Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA","org.springframework.data:spring-data-jpa",0,1.11.20,MODERATE,CWE-200;CWE-89 -CVE-2019-3797,2019-05-14T04:02:35Z,"Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA","org.springframework.data:spring-data-jpa",2.0.0,2.0.14,MODERATE,CWE-200;CWE-89 -CVE-2019-3797,2019-05-14T04:02:35Z,"Exposure of Sensitive Information to an Unauthorized Actor and SQL Injection in Spring Data JPA","org.springframework.data:spring-data-jpa",2.1.0,2.1.6,MODERATE,CWE-200;CWE-89 -CVE-2019-3799,2019-05-23T08:39:23Z,"Path Traversal in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",0,1.4.6,MODERATE,CWE-22 -CVE-2019-3799,2019-05-23T08:39:23Z,"Path Traversal in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.0.0,2.0.4,MODERATE,CWE-22 -CVE-2019-3799,2019-05-23T08:39:23Z,"Path Traversal in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.1.0,2.1.2,MODERATE,CWE-22 -CVE-2019-3802,2019-06-04T15:42:15Z,"Improper Neutralization of Wildcards or Matching Symbols","org.springframework.data:spring-data-jpa",0,1.11.22,MODERATE,CWE-155;CWE-200 -CVE-2019-3802,2019-06-04T15:42:15Z,"Improper Neutralization of Wildcards or Matching Symbols","org.springframework.data:spring-data-jpa",2.0.0,2.1.8,MODERATE,CWE-155;CWE-200 -CVE-2019-3802,2019-06-04T15:42:15Z,"Improper Neutralization of Wildcards or Matching Symbols","org.springframework.data:spring-data-jpa",2.1.0,2.1.8,MODERATE,CWE-155;CWE-200 -CVE-2019-3868,2019-04-30T15:37:21Z,"Exposure of Sensitive Information to an Unauthorized Actor in Keycloak","org.keycloak:keycloak-core",0,6.0.0,MODERATE,CWE-200 -CVE-2019-3875,2019-06-27T17:25:57Z,"Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak","org.keycloak:keycloak-core",0,,MODERATE,CWE-295;CWE-345 -CVE-2019-3888,2019-06-13T20:02:56Z,"Credential exposure through log files in Undertow","io.undertow:undertow-core",0,2.0.21,CRITICAL,CWE-532 -CVE-2019-5312,2022-05-14T01:40:24Z,"XML External Entity Reference in weixin-java-tools","com.github.binarywang:weixin-java-common",0,3.3.2.B,CRITICAL,CWE-611 -CVE-2019-5427,2019-04-23T16:03:18Z,"Billion laughs attack in c3p0",com.mchange:c3p0,0,0.9.5.4,HIGH,CWE-776 -CVE-2019-5428,2019-04-23T15:59:10Z,"Duplicate Advisory: Prototype Pollution in jquery",org.webjars.npm:jquery,0,3.4.0,MODERATE, -CVE-2019-5442,2019-06-13T20:22:30Z,"XML Entity Expansion in Pippo",ro.pippo:pippo-jaxb,0,,HIGH,CWE-776 -CVE-2019-5475,2019-09-11T23:04:57Z,"OS Command Injection in Nexus Yum Repository Plugin","org.sonatype.nexus.plugins:nexus-yum-repository-plugin",0,2.14.14,HIGH,CWE-78 -CVE-2019-5919,2022-05-13T01:08:15Z,"Nablarch Incomplete Cryptography","com.nablarch.framework:nablarch-fw-web",0,1.5.1,CRITICAL,CWE-327 -CVE-2019-6035,2022-05-24T17:05:08Z,"Athenz vulnerable to Open Redirect",com.yahoo.athenz:athenz,0,1.8.25,MODERATE,CWE-601 -CVE-2019-6804,2022-05-13T01:06:55Z,"Rundeck Community Edition vulnerable to Cross-site Scripting",org.rundeck:rundeck,0,3.0.13,MODERATE,CWE-79 -CVE-2019-6986,2022-05-13T01:22:47Z,"Command Injection in VIVO Vitro","org.vivoweb:vitro-project",0,1.11.0,HIGH,CWE-400;CWE-77 -CVE-2019-7611,2022-05-13T01:14:26Z,"Improper Access Control in Elasticsearch","org.elasticsearch:elasticsearch",0,5.6.15,HIGH,CWE-284 -CVE-2019-7611,2022-05-13T01:14:26Z,"Improper Access Control in Elasticsearch","org.elasticsearch:elasticsearch",6.0.0,6.6.1,HIGH,CWE-284 -CVE-2019-7614,2022-05-24T16:51:49Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.2,MODERATE,CWE-362 -CVE-2019-7614,2022-05-24T16:51:49Z,"Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.2.1,MODERATE,CWE-362 -CVE-2019-7619,2022-05-24T17:00:08Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",6.7.0,6.8.4,MODERATE,CWE-200 -CVE-2019-7619,2022-05-24T17:00:08Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.4.0,MODERATE,CWE-200 -CVE-2019-7722,2022-05-14T01:33:06Z,"Improper Restriction of XML External Entity Reference in PMD","net.sourceforge.pmd:pmd-core",0,6.0.0,HIGH,CWE-611 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",org.webjars:bootstrap,3.0.0,3.4.1,MODERATE,CWE-79 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",org.webjars:bootstrap,4.0.0,4.3.1,MODERATE,CWE-79 -CVE-2019-9142,2019-03-06T17:35:49Z,"Moderate severity vulnerability that affects org.b3log:symphony",org.b3log:symphony,0,3.4.7,MODERATE,CWE-79 -CVE-2019-9212,2019-03-06T17:36:08Z,"Incomplete List of Disallowed Inputs in SOFA-Hessian",com.alipay.sofa:hessian,0,3.3.6,CRITICAL,CWE-184;CWE-502 -CVE-2019-9212,2019-03-06T17:36:08Z,"Incomplete List of Disallowed Inputs in SOFA-Hessian",com.alipay.sofa:hessian,4.0.0,4.0.2,CRITICAL,CWE-184;CWE-502 -CVE-2019-9628,2022-05-13T01:02:16Z,"XMLTooling Library Incorrectly Handles Some Exceptions",org.opensaml:xmltooling,0,3.0.4,HIGH,CWE-755 -CVE-2019-9658,2019-03-14T15:39:14Z,"Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle","com.puppycrawl.tools:checkstyle",0,8.18,MODERATE,CWE-611 -CVE-2019-9827,2019-07-05T21:08:09Z,"Server-Side Request Forgery in Hawt Hawtio",io.hawt:hawtio-core,0,2.5.0,CRITICAL,CWE-918 -CVE-2019-9843,2019-07-05T21:07:40Z,"Improper Restriction of XML External Entity Reference in DiffPlug Spotless","com.diffplug.spotless:spotless-maven-plugin",0,1.20.0,HIGH,CWE-611 -CVE-2019-9843,2019-07-05T21:07:40Z,"Improper Restriction of XML External Entity Reference in DiffPlug Spotless","com.diffplug.spotless:spotless-plugin-gradle",0,3.20.0,HIGH,CWE-611 -CVE-2020-10199,2020-04-14T15:27:05Z,"Nexus Repository Manager 3 - Remote Code Execution ","org.sonatype.nexus:nexus-extdirect",0,3.21.2,HIGH,CWE-917 -CVE-2020-10203,2020-04-14T15:27:21Z,"Persistent Cross-Site scripting in Nexus Repository Manager","org.sonatype.nexus:nexus-core",0,3.21.2,MODERATE,CWE-79 -CVE-2020-10204,2020-04-14T15:27:14Z,"Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager","org.sonatype.nexus:nexus-core",0,3.21.2,HIGH,CWE-20 -CVE-2020-10544,2021-05-07T16:16:30Z,"Cross-site Scripting in PrimeFaces","org.primefaces:primefaces",0,8.0,MODERATE,CWE-79 -CVE-2020-10591,2022-02-10T20:48:47Z,"Exposure of Sensitive Information to an Unauthorized Actor in Concord","com.walmartlabs.concord.docker:concord-common",0,1.44.0,HIGH,CWE-200 -CVE-2020-10650,2022-07-15T19:41:47Z,"jackson-databind before 2.9.10.4 vulnerable to unsafe deserialization","com.fasterxml.jackson.core:jackson-databind",0,2.9.10.4,HIGH,CWE-502 -CVE-2020-10672,2020-04-23T16:32:59Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-10673,2020-05-15T18:59:04Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.4,HIGH,CWE-502 -CVE-2020-10673,2020-05-15T18:59:04Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-10683,2020-06-05T16:13:36Z,"dom4j allows External Entities by default which might enable XXE attacks",dom4j:dom4j,0,,CRITICAL,CWE-611 -CVE-2020-10683,2020-06-05T16:13:36Z,"dom4j allows External Entities by default which might enable XXE attacks",org.dom4j:dom4j,0,2.0.3,CRITICAL,CWE-611 -CVE-2020-10683,2020-06-05T16:13:36Z,"dom4j allows External Entities by default which might enable XXE attacks",org.dom4j:dom4j,2.1.0,2.1.3,CRITICAL,CWE-611 -CVE-2020-10686,2022-05-24T17:17:05Z,"Keycloak users may be able to remove MFA from other users' devices","org.keycloak:keycloak-core",0,9.0.2,MODERATE,CWE-285 -CVE-2020-10687,2021-04-30T17:28:52Z,"HTTP Request Smuggling in Undertow","io.undertow:undertow-core",0,2.2.0.Final,MODERATE,CWE-444 -CVE-2020-10688,2021-06-15T16:05:22Z,"Cross-site scripting in RESTEasy","org.jboss.resteasy:resteasy-bom",0,3.11.1.Final,MODERATE,CWE-79 -CVE-2020-10688,2021-06-15T16:05:22Z,"Cross-site scripting in RESTEasy","org.jboss.resteasy:resteasy-bom",4.0.0,4.5.3.Final,MODERATE,CWE-79 -CVE-2020-10688,2021-06-15T16:05:22Z,"Cross-site scripting in RESTEasy","org.jboss.resteasy:resteasy-core",0,3.11.1.Final,MODERATE,CWE-79 -CVE-2020-10688,2021-06-15T16:05:22Z,"Cross-site scripting in RESTEasy","org.jboss.resteasy:resteasy-core",4.0.0,4.5.3.Final,MODERATE,CWE-79 -CVE-2020-10693,2021-06-04T21:36:34Z,"Improper Input Validation in Hibernate Validator","org.hibernate.validator:hibernate-validator",0,6.0.20.Final,MODERATE,CWE-20 -CVE-2020-10693,2021-06-04T21:36:34Z,"Improper Input Validation in Hibernate Validator","org.hibernate.validator:hibernate-validator",6.1.0.Final,6.1.5.Final,MODERATE,CWE-20 -CVE-2020-10705,2021-04-30T17:28:42Z,"Allocation of Resources Without Limits or Throttling in Undertow","io.undertow:undertow-core",0,2.1.1.Final,HIGH,CWE-770 -CVE-2020-10714,2022-02-15T01:39:57Z,"Session Fixation in WildFly Elytron","org.wildfly.security:wildfly-elytron",0,1.11.4,HIGH,CWE-384 -CVE-2020-10719,2021-04-30T17:28:33Z,"HTTP Request Smuggling in Undertow","io.undertow:undertow-core",0,2.1.1.Final,MODERATE,CWE-444 -CVE-2020-10721,2022-05-24T17:31:56Z,"fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution","io.fabric8:fabric8-maven-plugin",4.0.0-M1,,HIGH,CWE-502 -CVE-2020-10727,2022-05-24T17:21:42Z,"nsufficiently Protected Credentials in ActiveMQ Artemis","org.apache.activemq:artemis-commons",2.7.0,2.13.0,MODERATE,CWE-312;CWE-522 -CVE-2020-10734,2022-04-28T17:13:58Z,"OIDC Logout redirect in keycloak","org.keycloak:keycloak-oidc-client-adapter-pom",0,18.0.0,LOW,CWE-601 -CVE-2020-10740,2022-05-24T17:21:23Z,"Wildfly Unsafe Deserialization Vulnerability","org.wildfly:wildfly-parent",0,20.0.0.Final,HIGH,CWE-502 -CVE-2020-10748,2022-02-09T00:56:37Z,"Cross-site Scripting in Keycloak","org.keycloak:keycloak-parent",0,10.0.2,MODERATE,CWE-79 -CVE-2020-10758,2022-02-09T00:56:51Z,"Allocation of Resources Without Limits or Throttling in Keycloak","org.keycloak:keycloak-parent",0,11.0.1,HIGH,CWE-770 -CVE-2020-10770,2022-05-24T17:36:27Z,"Keycloak vulnerable to Server-Side Request Forgery","org.keycloak:keycloak-core",0,13.0.0,MODERATE,CWE-601;CWE-918 -CVE-2020-10776,2022-02-09T00:58:15Z,"Cross-site Scripting in keycloak","org.keycloak:keycloak-server-spi-private",0,12.0.0,MODERATE,CWE-79 -CVE-2020-10776,2022-02-09T00:58:15Z,"Cross-site Scripting in keycloak","org.keycloak:keycloak-services",0,12.0.0,MODERATE,CWE-79 -CVE-2020-10968,2020-05-15T18:58:54Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-10969,2020-04-23T21:36:03Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-10991,2022-05-24T17:12:53Z,"Improper Restriction of XML External Entity Reference in Mulesoft APIkit","rg.mule.modules:mule-apikit-module",0,1.3.1,CRITICAL,CWE-611 -CVE-2020-11002,2020-04-10T18:42:20Z,"Remote Code Execution (RCE) vulnerability in dropwizard-validation","io.dropwizard:dropwizard-validation",0,1.3.21,HIGH,CWE-74 -CVE-2020-11002,2020-04-10T18:42:20Z,"Remote Code Execution (RCE) vulnerability in dropwizard-validation","io.dropwizard:dropwizard-validation",2.0.0,2.0.3,HIGH,CWE-74 -CVE-2020-11007,2020-04-22T20:59:26Z,"Negative charge in shopping cart in Shopizer","com.shopizer:sm-core-model",0,2.11.0,CRITICAL,CWE-20 -CVE-2020-11009,2020-04-29T16:31:12Z,"IDOR can reveal execution data and logs to unauthorized user in Rundeck",org.rundeck:rundeck,0,3.2.6,MODERATE,CWE-200;CWE-639 -CVE-2020-11022,2020-04-29T22:18:55Z,"Potential XSS vulnerability in jQuery",org.webjars.npm:jquery,1.2.0,3.5.0,MODERATE,CWE-79 -CVE-2020-11023,2020-04-29T22:19:14Z,"Potential XSS vulnerability in jQuery",org.webjars.npm:jquery,1.0.3,3.5.0,MODERATE,CWE-79 -CVE-2020-11050,2020-05-08T18:54:39Z,"Improper Validation of Certificate with Host Mismatch in Java-WebSocket","org.java-websocket:Java-WebSocket",0,1.5.0,HIGH,CWE-295;CWE-297 -CVE-2020-11111,2020-05-15T18:58:50Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-11112,2020-06-10T21:12:41Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-11113,2020-05-15T18:58:47Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-11612,2020-06-15T19:36:16Z,"Denial of Service in Netty",io.netty:netty-handler,4.1.0,4.1.46,HIGH,CWE-119;CWE-400;CWE-770 -CVE-2020-11619,2020-05-15T18:58:44Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-11620,2020-04-23T20:19:02Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,HIGH,CWE-502 -CVE-2020-11969,2022-02-10T23:07:37Z,"Missing Authentication for Critical Function in Apache TomEE",org.apache.tomee:tomee,1.0.0,1.7.6,HIGH,CWE-306 -CVE-2020-11969,2022-02-10T23:07:37Z,"Missing Authentication for Critical Function in Apache TomEE",org.apache.tomee:tomee,7.0.0-M1,7.0.8,HIGH,CWE-306 -CVE-2020-11969,2022-02-10T23:07:37Z,"Missing Authentication for Critical Function in Apache TomEE",org.apache.tomee:tomee,7.1.0,7.1.3,HIGH,CWE-306 -CVE-2020-11969,2022-02-10T23:07:37Z,"Missing Authentication for Critical Function in Apache TomEE",org.apache.tomee:tomee,8.0.0-M1,8.0.2,HIGH,CWE-306 -CVE-2020-11971,2021-05-21T19:20:30Z,"Improper Input Validation in Apache Camel","org.apache.camel:camel-core",0,3.2.0,HIGH,CWE-20 -CVE-2020-11971,2021-05-21T19:20:30Z,"Improper Input Validation in Apache Camel","org.apache.camel:camel-management",0,3.2.0,HIGH,CWE-20 -CVE-2020-11971,2021-05-21T19:20:30Z,"Improper Input Validation in Apache Camel",org.apache.camel:camel,0,3.2.0,HIGH,CWE-20 -CVE-2020-11972,2021-05-21T19:20:47Z,"Deserialization of Untrusted Data in Apache Camel RabbitMQ","org.apache.camel:camel-rabbitmq",0,2.25.1,HIGH,CWE-502 -CVE-2020-11972,2021-05-21T19:20:47Z,"Deserialization of Untrusted Data in Apache Camel RabbitMQ","org.apache.camel:camel-rabbitmq",3.0.0,3.2.0,HIGH,CWE-502 -CVE-2020-11973,2020-05-21T21:09:04Z,"Apache Camel Netty enables Java deserialization by default","org.apache.camel:camel-netty",3.0.0,3.2.0,CRITICAL,CWE-502 -CVE-2020-11974,2022-02-09T22:44:54Z,"Remote code execution in DolphinScheduler","org.apache.dolphinscheduler:dolphinscheduler",0,1.3.0,CRITICAL,CWE-502 -CVE-2020-11975,2022-02-09T23:20:47Z,"Improper Input Validation in Apache Unomi",org.apache.unomi:unomi,0,1.5.4,HIGH,CWE-20 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",0,7.17.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",8.0.0,8.9.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",9.0.0-M1,9.0.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",9.0.0-M2,9.0.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",9.0.0-M3,9.0.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",9.0.0-M4,9.0.0,HIGH,CWE-200;CWE-552 -CVE-2020-11976,2021-05-07T15:54:15Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket","org.apache.wicket:wicket-core",9.0.0-M5,9.0.0,HIGH,CWE-200;CWE-552 -CVE-2020-11977,2021-06-16T17:19:12Z,"Shell command injection in Apache Syncope","org.apache.syncope:syncope",2.1.0,2.1.7,HIGH,CWE-78 -CVE-2020-11979,2021-02-03T19:16:35Z,"Code injection in Apache Ant",org.apache.ant:ant,1.10.8,1.10.9,HIGH,CWE-74;CWE-94 -CVE-2020-11980,2022-02-10T23:04:32Z,"Server-Side Request Forgery in Karaf","org.apache.karaf.management:org.apache.karaf.management.server",0,4.2.9,MODERATE,CWE-918 -CVE-2020-11987,2022-01-06T20:35:54Z,"Server-side request forgery (SSRF) in Apache Batik","org.apache.xmlgraphics:batik-svgbrowser",0,1.14,HIGH,CWE-20;CWE-918 -CVE-2020-11988,2022-02-09T00:45:56Z,"Server-side request forgery (SSRF) in Apache XmlGraphics Commons","org.apache.xmlgraphics:xmlgraphics-commons",0,2.6,HIGH,CWE-20;CWE-918 -CVE-2020-11989,2021-05-07T15:53:10Z,"Improper Authentication in Apache Shiro","org.apache.shiro:shiro-core",0,1.5.3,CRITICAL,CWE-287 -CVE-2020-11994,2020-07-29T18:08:48Z,"Server side template injection in Apache Camel","org.apache.camel:camel-robotframework",0,3.4.0,HIGH,CWE-74 -CVE-2020-11995,2022-02-09T22:27:01Z,"Deserialization exploitation in Apache Dubbo","org.apache.dubbo:dubbo-parent",0,2.6.9,CRITICAL,CWE-502 -CVE-2020-11995,2022-02-09T22:27:01Z,"Deserialization exploitation in Apache Dubbo","org.apache.dubbo:dubbo-parent",2.7.0,2.7.8,CRITICAL,CWE-502 -CVE-2020-11996,2022-02-09T23:01:22Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.0-M5,HIGH,CWE-400 -CVE-2020-11996,2022-02-09T23:01:22Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.55,HIGH,CWE-400 -CVE-2020-11996,2022-02-09T23:01:22Z,"Uncontrolled Resource Consumption in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.35,HIGH,CWE-400 -CVE-2020-11998,2022-02-09T22:14:58Z,"Remote code execution in Apache ActiveMQ","org.apache.activemq:activemq-parent",5.15.12,5.15.13,CRITICAL,CWE-94 -CVE-2020-12480,2020-08-18T17:30:25Z,"CSRF in Play Framework","com.typesafe.play:play_2.12",0,2.7.5,MODERATE,CWE-352 -CVE-2020-12480,2020-08-18T17:30:25Z,"CSRF in Play Framework","com.typesafe.play:play_2.12",2.8.0,2.8.2,MODERATE,CWE-352 -CVE-2020-12642,2021-06-28T16:45:47Z,"XXE vulnerability in Launch import","com.epam.reportportal:service-api",3.1.0,4.3.12,HIGH,CWE-611 -CVE-2020-12642,2021-06-28T16:45:47Z,"XXE vulnerability in Launch import","com.epam.reportportal:service-api",5.0.0,5.1.1,HIGH,CWE-611 -CVE-2020-12668,2022-02-09T00:33:56Z,"Unauthorized access to Class instance in Jinjava","com.hubspot.jinjava:jinjava",0,2.5.4,MODERATE,CWE-200 -CVE-2020-12760,2022-05-24T17:17:36Z,"OpenNMS Horizon RCE via Unsafe Deserialization","org.opennms.core:org.opennms.core.daemon",0,26.0.1,HIGH,CWE-502 -CVE-2020-13226,2022-05-24T17:18:11Z,"WSO2 API Manager vulnerable to SSRF",org.wso2.am:am-parent,0,,CRITICAL,CWE-918 -CVE-2020-13654,2022-02-09T22:32:29Z,"Improper escaping in XWiki Platform","org.xwiki.platform:xwiki-platform-web",0,12.8,HIGH,CWE-116 -CVE-2020-13692,2022-02-10T00:30:07Z,"Improper Restriction of XML External Entity Reference","org.postgresql:postgresql",9.4.1212.jre6,42.2.13,HIGH,CWE-611 -CVE-2020-13697,2021-02-25T16:32:34Z,"NanoHTTPD Cross-site Scripting vulnerability","org.nanohttpd:nanohttpd-nanolets",0,,MODERATE,CWE-79 -CVE-2020-13920,2022-02-09T22:15:00Z,"Improper Authentication in Apache ActiveMQ","org.apache.activemq:activemq-parent",0,5.15.12,MODERATE,CWE-306 -CVE-2020-13921,2021-05-07T15:53:31Z,"SQL Injection in Apache SkyWalking","org.apache.skywalking:oap-server",0,8.1.0,CRITICAL,CWE-89 -CVE-2020-13922,2022-02-09T22:26:32Z,"Incorrect Default Permissions in Apache DolphinScheduler","org.apache.dolphinscheduler:dolphinscheduler-api",0,1.3.2,HIGH,CWE-276 -CVE-2020-13925,2020-07-27T22:51:37Z,"Command Injection in Kylin","org.apache.kylin:kylin-server-base",0,3.1.0,CRITICAL,CWE-78 -CVE-2020-13926,2020-07-27T22:51:40Z,"SQL Injection in Kylin","org.apache.kylin:kylin-server-base",0,3.1.0,CRITICAL,CWE-89 -CVE-2020-13928,2022-02-10T20:51:46Z,"Cross-site scripting in Apache Atlas","org.apache.atlas:apache-atlas",0,2.1.0,MODERATE,CWE-79 -CVE-2020-13929,2021-09-07T22:56:56Z,"Authentication bypass in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.10.0,HIGH,CWE-287 -CVE-2020-13931,2022-02-09T22:44:38Z,"Remote code execution in Apache TomEE","org.apache.tomee:apache-tomee",0,7.0.9,CRITICAL,CWE-306 -CVE-2020-13931,2022-02-09T22:44:38Z,"Remote code execution in Apache TomEE","org.apache.tomee:apache-tomee",7.1.0,7.1.4,CRITICAL,CWE-306 -CVE-2020-13931,2022-02-09T22:44:38Z,"Remote code execution in Apache TomEE","org.apache.tomee:apache-tomee",8.0.0,8.0.4,CRITICAL,CWE-306 -CVE-2020-13932,2022-02-09T22:14:01Z,"Cross-site Scripting (XSS) in Apache ActiveMQ Artemis","org.apache.activemq:apache-artemis",2.5.0,2.14.0,MODERATE,CWE-79 -CVE-2020-13933,2021-05-07T15:54:23Z,"Authentication bypass in Apache Shiro","org.apache.shiro:shiro-core",0,1.6.0,HIGH,CWE-287 -CVE-2020-13934,2022-02-08T22:05:00Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.0-M6,HIGH,CWE-119;CWE-476 -CVE-2020-13934,2022-02-08T22:05:00Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat",org.apache.tomcat:tomcat,8.5.1,8.5.56,HIGH,CWE-119;CWE-476 -CVE-2020-13934,2022-02-08T22:05:00Z,"Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M5,9.0.36,HIGH,CWE-119;CWE-476 -CVE-2020-13935,2022-02-08T22:05:17Z,"Infinite Loop in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.0-M7,HIGH,CWE-835 -CVE-2020-13935,2022-02-08T22:05:17Z,"Infinite Loop in Apache Tomcat",org.apache.tomcat:tomcat,7.0.27,7.0.105,HIGH,CWE-835 -CVE-2020-13935,2022-02-08T22:05:17Z,"Infinite Loop in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.57,HIGH,CWE-835 -CVE-2020-13935,2022-02-08T22:05:17Z,"Infinite Loop in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0.M1,9.0.37,HIGH,CWE-835 -CVE-2020-13936,2022-01-06T20:32:36Z,"Sandbox Bypass in Apache Velocity Engine","org.apache.velocity:velocity",0,,HIGH,CWE-20 -CVE-2020-13936,2022-01-06T20:32:36Z,"Sandbox Bypass in Apache Velocity Engine","org.apache.velocity:velocity-engine-parent",0,2.3,HIGH,CWE-20 -CVE-2020-13937,2022-02-10T20:25:56Z,"Authentication bypass in Apache Kylin",org.apache.kylin:kylin,0,3.1.1,MODERATE,CWE-922 -CVE-2020-13937,2022-02-10T20:25:56Z,"Authentication bypass in Apache Kylin",org.apache.kylin:kylin,4.0.0-alpha,4.0.0-beta,MODERATE,CWE-922 -CVE-2020-13940,2022-01-06T20:41:00Z,"Improper Restriction of XML External Entity Reference in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.12.0-RC1,MODERATE,CWE-611 -CVE-2020-13941,2022-02-10T00:31:31Z,"Improper Input Validation in Apache Solr","org.apache.solr:solr-parent",0,8.6.0,MODERATE,CWE-20 -CVE-2020-13942,2022-02-10T00:30:54Z,"Injection and Improper Input Validation in Apache Unomi",org.apache.unomi:unomi,0,1.5.2,CRITICAL,CWE-20;CWE-74 -CVE-2020-13943,2022-02-09T23:03:53Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",10.0.0-M1,10.0.0-M8,MODERATE,CWE-200 -CVE-2020-13943,2022-02-09T23:03:53Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.58,MODERATE,CWE-200 -CVE-2020-13943,2022-02-09T23:03:53Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.38,MODERATE,CWE-200 -CVE-2020-13946,2021-05-07T15:54:46Z,"Man-in-the-middle attack in Apache Cassandra","org.apache.cassandra:cassandra-all",2.1.0,2.1.12,MODERATE,CWE-668 -CVE-2020-13946,2021-05-07T15:54:46Z,"Man-in-the-middle attack in Apache Cassandra","org.apache.cassandra:cassandra-all",2.2.0,2.2.18,MODERATE,CWE-668 -CVE-2020-13946,2021-05-07T15:54:46Z,"Man-in-the-middle attack in Apache Cassandra","org.apache.cassandra:cassandra-all",3.0.0,3.0.22,MODERATE,CWE-668 -CVE-2020-13946,2021-05-07T15:54:46Z,"Man-in-the-middle attack in Apache Cassandra","org.apache.cassandra:cassandra-all",3.11.0,3.11.8,MODERATE,CWE-668 -CVE-2020-13946,2021-05-07T15:54:46Z,"Man-in-the-middle attack in Apache Cassandra","org.apache.cassandra:cassandra-all",4.0-beta1,4.0-beta2,MODERATE,CWE-668 -CVE-2020-13947,2022-02-09T22:01:32Z,"Cross-site scripting (XSS) in Apache ActiveMQ","org.apache.activemq:activemq-parent",0,5.15.14,MODERATE,CWE-79 -CVE-2020-13947,2022-02-09T22:01:32Z,"Cross-site scripting (XSS) in Apache ActiveMQ","org.apache.activemq:activemq-parent",5.16.0,5.16.1,MODERATE,CWE-79 -CVE-2020-13949,2021-03-12T21:33:55Z,"Uncontrolled Resource Consumption in Apache Thrift","org.apache.thrift:libthrift",0.9.3,0.14.0,HIGH,CWE-400 -CVE-2020-13951,2022-02-10T20:36:45Z,"Denial of service in Apache OpenMeetings","org.apache.openmeetings:openmeetings-parent",4.0.0,5.1.0,HIGH,CWE-400 -CVE-2020-13953,2022-02-10T20:35:42Z,"Improper file downloads in Apache Tapestry","org.apache.tapestry:tapestry-core",5.4.0,5.6.0,MODERATE,CWE-552 -CVE-2020-13954,2021-04-22T16:15:23Z,"Cross-site scripting in Apache CXF","org.apache.cxf:apache-cxf",0,3.3.8,MODERATE,CWE-79 -CVE-2020-13954,2021-04-22T16:15:23Z,"Cross-site scripting in Apache CXF","org.apache.cxf:apache-cxf",3.4.0,3.4.1,MODERATE,CWE-79 -CVE-2020-13954,2021-04-22T16:15:23Z,"Cross-site scripting in Apache CXF",org.apache.cxf:cxf,0,3.3.8,MODERATE,CWE-79 -CVE-2020-13954,2021-04-22T16:15:23Z,"Cross-site scripting in Apache CXF",org.apache.cxf:cxf,3.4.0,3.4.1,MODERATE,CWE-79 -CVE-2020-13955,2021-04-22T16:14:14Z,"Missing Authentication for Critical Function in Apache Calcite","org.apache.calcite:calcite-core",0,1.26.0,MODERATE,CWE-295 -CVE-2020-13955,2021-04-22T16:14:14Z,"Missing Authentication for Critical Function in Apache Calcite","org.apache.calcite:calcite-druid",0,1.26.0,MODERATE,CWE-295 -CVE-2020-13955,2021-04-22T16:14:14Z,"Missing Authentication for Critical Function in Apache Calcite","org.apache.calcite:calcite-splunk",0,1.26.0,MODERATE,CWE-295 -CVE-2020-13956,2021-06-03T23:40:23Z,"Cross-site scripting in Apache HttpClient","org.apache.httpcomponents:httpclient",0,4.5.13,MODERATE,CWE-79 -CVE-2020-13956,2021-06-03T23:40:23Z,"Cross-site scripting in Apache HttpClient","org.apache.httpcomponents:httpclient",5.0.0,5.0.3,MODERATE,CWE-79 -CVE-2020-13957,2022-02-10T00:31:27Z,"Incorrect Authorization in Apache Solr","org.apache.solr:solr-parent",6.6.0,8.6.3,CRITICAL,CWE-863 -CVE-2020-13959,2021-03-12T20:24:22Z,"Cross-site scripting (XSS) in Apache Velocity Tools","org.apache.velocity.tools:velocity-tools-parent",0,3.1,MODERATE,CWE-79 -CVE-2020-13959,2021-03-12T20:24:22Z,"Cross-site scripting (XSS) in Apache Velocity Tools","org.apache.velocity:velocity-tools",0,,MODERATE,CWE-79 -CVE-2020-13973,2022-02-10T23:04:13Z,"Cross-site scripting in json-sanitizer","com.mikesamuel:json-sanitizer",0,1.2.1,MODERATE,CWE-79 -CVE-2020-14060,2020-06-18T14:44:46Z,"Deserialization of untrusted data in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.5,HIGH,CWE-502 -CVE-2020-14061,2020-06-18T14:44:50Z,"Deserialization of untrusted data in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.5,HIGH,CWE-502 -CVE-2020-14062,2020-06-18T14:44:48Z,"Deserialization of untrusted data in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.5,HIGH,CWE-502 -CVE-2020-14195,2020-06-18T14:44:43Z,"Deserialization of untrusted data in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.5,HIGH,CWE-502 -CVE-2020-14297,2022-05-24T17:24:17Z,"Wildfly EJB Client causes DoS","org.jboss:jboss-ejb-client",0,4.0.34.Final,MODERATE,CWE-400 -CVE-2020-14326,2022-03-18T17:58:59Z,"RESTEasy 4.5.5.Final in hash flooding","org.jboss.resteasy:resteasy-bom",0,4.5.6.Final,HIGH,CWE-400 -CVE-2020-14338,2022-02-15T01:37:41Z,"Improper Input Validation in Xerces",xerces:xercesImpl,0,2.12.0.sp3,MODERATE,CWE-20 -CVE-2020-14340,2021-06-08T22:29:29Z,"Uncontrolled Resource Consumption in XNIO",org.jboss.xnio:xnio-nio,3.6.0,3.7.9.Final,MODERATE,CWE-400 -CVE-2020-14340,2021-06-08T22:29:29Z,"Uncontrolled Resource Consumption in XNIO",org.jboss.xnio:xnio-nio,3.8.0.Final,3.8.2.Final,MODERATE,CWE-400 -CVE-2020-14366,2022-02-09T00:58:03Z,"Path Traversal","org.keycloak:keycloak-parent",0,12.0.0,HIGH,CWE-22 -CVE-2020-14389,2021-11-10T15:30:36Z,"Improper privilege management in Keycloak","org.keycloak:keycloak-core",0,12.0.0,HIGH,CWE-269;CWE-916 -CVE-2020-15087,2020-06-30T16:33:23Z,"Privilege escalation in Presto","io.prestosql:presto-server",0,337,HIGH,CWE-285 -CVE-2020-15170,2020-10-02T16:33:41Z,"Potential access control security issue in apollo-adminservice","com.ctrip.framework.apollo:apollo-core",0,1.7.1,HIGH,CWE-20 -CVE-2020-15171,2020-09-10T19:19:27Z,"Users with SCRIPT right can execute arbitrary code in XWiki","org.xwiki.platform:xwiki-platform-oldcore",0,11.10.5,LOW,CWE-74;CWE-94 -CVE-2020-15171,2020-09-10T19:19:27Z,"Users with SCRIPT right can execute arbitrary code in XWiki","org.xwiki.platform:xwiki-platform-oldcore",12.0.0,12.2.1,LOW,CWE-74;CWE-94 -CVE-2020-15231,2020-07-07T16:32:49Z,"XSS in Mapfish Print relating to JSONP support","org.mapfish.print:print-lib",0,3.24,LOW,CWE-79 -CVE-2020-15231,2020-07-07T16:32:49Z,"XSS in Mapfish Print relating to JSONP support","org.mapfish.print:print-servlet",0,3.24,LOW,CWE-79 -CVE-2020-15231,2020-07-07T16:32:49Z,"XSS in Mapfish Print relating to JSONP support","org.mapfish.print:print-standalone",0,3.24,LOW,CWE-79 -CVE-2020-15232,2020-07-07T16:32:45Z,"XXE attack in Mapfish Print","org.mapfish.print:print-lib",3.0,3.24,CRITICAL,CWE-611 -CVE-2020-15232,2020-07-07T16:32:45Z,"XXE attack in Mapfish Print","org.mapfish.print:print-servlet",3.0,3.24,CRITICAL,CWE-611 -CVE-2020-15232,2020-07-07T16:32:45Z,"XXE attack in Mapfish Print","org.mapfish.print:print-standalone",3.0,3.24,CRITICAL,CWE-611 -CVE-2020-15250,2020-10-12T17:33:00Z,"TemporaryFolder on unix-like systems does not limit access to created files",junit:junit,4.7,4.13.1,MODERATE,CWE-200;CWE-732 -CVE-2020-15252,2020-10-16T16:55:49Z,"RCE in XWiki","org.xwiki.platform:xwiki-platform-oldcore",0,11.10.6,HIGH,CWE-74;CWE-94 -CVE-2020-15252,2020-10-16T16:55:49Z,"RCE in XWiki","org.xwiki.platform:xwiki-platform-oldcore",12.0,12.5,HIGH,CWE-74;CWE-94 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-ext-jdk15on",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-ext-jdk16",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-jdk14",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-jdk15",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-jdk15on",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-jdk15to18",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle","org.bouncycastle:bcprov-jdk16",0,1.66,MODERATE,CWE-203;CWE-362 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle",org.bouncycastle:bc-fips,0,1.0.2.1,MODERATE,CWE-203;CWE-362 -CVE-2020-15777,2022-05-24T17:26:39Z,"Maven Extension plugin for Gradle Enterprise vulnerable to Deserialization of Untrusted Data","com.gradle:gradle-enterprise-maven-extension",0,1.6,HIGH,CWE-502 -CVE-2020-15813,2022-02-10T22:39:58Z,"Improper Certificate Validation in Graylog","org.graylog:graylog-parent",0,3.3.3,HIGH,CWE-295 -CVE-2020-15839,2022-02-10T20:46:21Z,"Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP","com.liferay.portal:release.dxp.bom",0,7.1.10.fp18,MODERATE,CWE-434 -CVE-2020-15839,2022-02-10T20:46:21Z,"Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP","com.liferay.portal:release.dxp.bom",7.2.1,7.2.10.fp6,MODERATE,CWE-434 -CVE-2020-1694,2022-02-09T00:57:02Z,"Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak","org.keycloak:keycloak-parent",0,10.0.0,MODERATE,CWE-183;CWE-732 -CVE-2020-1695,2022-05-24T22:01:21Z,"Improper Input Validation in RESTEasy","org.jboss.resteasy:resteasy-client",3.0.0,3.12.0,HIGH,CWE-20 -CVE-2020-1695,2022-05-24T22:01:21Z,"Improper Input Validation in RESTEasy","org.jboss.resteasy:resteasy-client",4.0.0,4.6.0,HIGH,CWE-20 -CVE-2020-1697,2020-04-15T21:09:09Z,"XSS in Keycloak","org.keycloak:keycloak-core",0,9.0.0,MODERATE,CWE-79 -CVE-2020-16971,2022-05-24T17:35:51Z,"Azure SDK for Java Security Feature Bypass Vulnerability","com.azure:azure-core-amqp",0,1.6.0,HIGH, -CVE-2020-16971,2022-05-24T17:35:51Z,"Azure SDK for Java Security Feature Bypass Vulnerability","com.microsoft.azure:azure-eventhubs",0,3.2.1,HIGH, -CVE-2020-1698,2022-05-24T17:17:37Z,"Keycloak leaks sensitive information in logged exceptions","org.keycloak:keycloak-core",0,9.0.0,MODERATE,CWE-200;CWE-532 -CVE-2020-1714,2022-02-09T00:56:14Z,"Improper Input Validation in Keycloak","org.keycloak:keycloak-common",0,11.0.0,HIGH,CWE-20 -CVE-2020-1714,2022-02-09T00:56:14Z,"Improper Input Validation in Keycloak","org.keycloak:keycloak-core",0,11.0.0,HIGH,CWE-20 -CVE-2020-1717,2022-02-09T00:59:06Z,"Generation of Error Message Containing Sensitive Information in Keycloak","org.keycloak:keycloak-parent",0,,LOW,CWE-209 -CVE-2020-1718,2022-02-09T00:59:32Z,"Improper Authentication for Keycloak","org.keycloak:keycloak-parent",0,8.0.0,MODERATE,CWE-287 -CVE-2020-1719,2021-06-08T18:52:27Z,"Privilege Context Switching Error in wildlfy",org.wildfly.bom:wildfly,0,20.0.0.Final,MODERATE,CWE-270 -CVE-2020-1724,2022-05-24T17:17:37Z,"Keycloak Insufficient Session Expiry","org.keycloak:keycloak-core",0,9.0.2,MODERATE,CWE-613 -CVE-2020-1725,2022-02-09T00:58:52Z,"Incorrect Authorization in keycloak","org.keycloak:keycloak-parent",0,13.0.0,MODERATE,CWE-668;CWE-863 -CVE-2020-1728,2020-04-15T21:09:40Z,"Improper Restriction of Rendered UI Layers or Frames in Keycloak","org.keycloak:keycloak-core",0,,MODERATE,CWE-1021 -CVE-2020-1729,2022-03-18T17:55:47Z,"Permissions bypass in SmallRye","io.smallrye.config:smallrye-config",0,1.6.2,MODERATE,CWE-863 -CVE-2020-1731,2020-04-15T21:09:27Z,"Predictable password in Keycloak","org.keycloak:keycloak-core",0,8.0.2,CRITICAL,CWE-330;CWE-341 -CVE-2020-1744,2021-09-20T20:43:24Z,"Exposure of Sensitive Information in keycloak","org.keycloak:keycloak-core",0,9.0.1,MODERATE,CWE-200;CWE-755 -CVE-2020-1745,2022-05-24T17:16:46Z,"Improper Authorization in Undertoe","io.undertow:undertow-core",0,2.0.30,HIGH,CWE-285 -CVE-2020-1748,2022-02-15T01:39:27Z,"Incorrect Authorization in WildFly Elytron","org.wildfly.security:wildfly-elytron",0,1.6.8,HIGH,CWE-863 -CVE-2020-17510,2021-04-22T16:13:23Z,"Authentication bypass in Apache Shiro","org.apache.shiro:shiro-spring",0,1.7.0,CRITICAL,CWE-287 -CVE-2020-17516,2022-02-09T01:01:22Z,"Authentication Bypass in Apache Cassandra","org.apache.cassandra:cassandra-all",2.1.0,3.0.24,HIGH,CWE-290 -CVE-2020-17516,2022-02-09T01:01:22Z,"Authentication Bypass in Apache Cassandra","org.apache.cassandra:cassandra-all",3.11.0,3.11.10,HIGH,CWE-290 -CVE-2020-17518,2022-02-09T22:29:52Z,"Upload of file to arbitrary path in Apache Flink","org.apache.flink:flink-runtime",1.5.1,1.11.3,HIGH,CWE-22;CWE-23 -CVE-2020-17519,2021-01-06T20:01:34Z,"Path Traversal in Apache Flink","org.apache.flink:flink-runtime_2.11",1.11.0,1.11.3,HIGH,CWE-22;CWE-552 -CVE-2020-17519,2021-01-06T20:01:34Z,"Path Traversal in Apache Flink","org.apache.flink:flink-runtime_2.12",1.11.0,1.11.3,HIGH,CWE-22;CWE-552 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy",2.0.0,2.4.21,MODERATE,CWE-379 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy",2.5.0,2.5.14,MODERATE,CWE-379 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy",3.0.0,3.0.7,MODERATE,CWE-379 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy-all",2.0.0,2.4.21,MODERATE,CWE-379 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy-all",2.5.0,2.5.14,MODERATE,CWE-379 -CVE-2020-17521,2020-12-09T19:03:03Z,"Information Disclosure in Apache Groovy","org.codehaus.groovy:groovy-all",3.0.0,3.0.7,MODERATE,CWE-379 -CVE-2020-17523,2022-02-09T22:03:57Z,"Authentication bypass in Apache Shiro","org.apache.shiro:shiro-spring",0,1.7.1,CRITICAL,CWE-287 -CVE-2020-17523,2022-02-09T22:03:57Z,"Authentication bypass in Apache Shiro","org.apache.shiro:shiro-spring-boot-starter",0,1.7.1,CRITICAL,CWE-287 -CVE-2020-17523,2022-02-09T22:03:57Z,"Authentication bypass in Apache Shiro","org.apache.shiro:shiro-web",0,1.7.1,CRITICAL,CWE-287 -CVE-2020-17527,2022-02-09T22:58:06Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",10.0.0-M1,10.0.0-M10,HIGH,CWE-200 -CVE-2020-17527,2022-02-09T22:58:06Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.60,HIGH,CWE-200 -CVE-2020-17527,2022-02-09T22:58:06Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.40,HIGH,CWE-200 -CVE-2020-17530,2022-02-09T22:51:56Z,"Remote code execution in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.5.26,CRITICAL,CWE-917;CWE-94 -CVE-2020-17531,2022-02-09T22:50:50Z,"Serialization vulnerability in Apache Tapestry","org.apache.tapestry:tapestry-project",4.0,5.0.1,CRITICAL,CWE-502 -CVE-2020-17532,2022-02-09T22:19:00Z,"Arbitrary code execution in Apache ServiceComb java-chassis","org.apache.servicecomb:java-chassis",1.0.0,1.3.2,HIGH,CWE-502 -CVE-2020-17532,2022-02-09T22:19:00Z,"Arbitrary code execution in Apache ServiceComb java-chassis","org.apache.servicecomb:java-chassis",2.0.0,2.1.5,HIGH,CWE-502 -CVE-2020-17533,2022-02-09T22:37:59Z,"Improper privilege handling in Apache Accumulo","org.apache.accumulo:accumulo-master",1.5.0,1.10.1,HIGH,CWE-252;CWE-280;CWE-732 -CVE-2020-17533,2022-02-09T22:37:59Z,"Improper privilege handling in Apache Accumulo","org.apache.accumulo:accumulo-master",2.0.0,2.0.1,HIGH,CWE-252;CWE-280;CWE-732 -CVE-2020-17534,2022-02-09T22:25:18Z,"Improper synchronization in Apache Netbeans HTML/Java API",org.netbeans.html:pom,0,1.7.1,HIGH,CWE-362 -CVE-2020-1757,2022-05-24T17:15:56Z,"Improper Input Validation in Undertow","io.undertow:undertow-core",0,2.1.0,HIGH,CWE-20;CWE-200 -CVE-2020-1758,2022-02-09T00:56:26Z,"Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Keycloak","org.keycloak:keycloak-parent",0,10.0.0,MODERATE,CWE-295;CWE-297 -CVE-2020-1925,2020-02-04T22:38:38Z,"Server-Side Request Forgery (SSRF) in Apache Olingo","org.apache.olingo:odata-client-core",4.0.0,4.7.1,HIGH,CWE-918 -CVE-2020-1926,2022-02-09T00:48:54Z,"Apache Hive Information Exposure and Observable Timing Discrepancy",org.apache.hive:hive,0,2.3.8,MODERATE,CWE-200;CWE-203;CWE-208 -CVE-2020-1928,2022-01-06T20:40:56Z,"Apache NiFi Insertion of Sensitive Information into Log File","org.apache.nifi:nifi-parameter",1.10.0,1.11.0,MODERATE,CWE-200;CWE-532 -CVE-2020-1929,2020-05-06T20:49:04Z,"Improper Certificate Validation in Apache Beam","org.apache.beam:beam-sdks-java-io-mongodb",2.10.0,2.17.0,HIGH,CWE-295 -CVE-2020-1933,2022-01-06T20:35:39Z,"Cross-site scripting in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.11.0,MODERATE,CWE-79 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",0,7.0.100,MODERATE,CWE-444 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.51,MODERATE,CWE-444 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.31,MODERATE,CWE-444 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,0,7.0.100,MODERATE,CWE-444 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,8.0.0,8.5.51,MODERATE,CWE-444 -CVE-2020-1935,2020-02-28T01:10:48Z,"Potential HTTP request smuggling in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0,9.0.31,MODERATE,CWE-444 -CVE-2020-1936,2022-01-06T20:35:22Z,"Cross-site Scripting (XSS) in Apache Ambari Views",org.apache.ambari:ambari,0,2.7.4,MODERATE,CWE-79 -CVE-2020-1937,2020-07-27T22:51:47Z,"SQL Injection in Kylin","org.apache.kylin:kylin-server-base",0,2.6.5,MODERATE,CWE-89 -CVE-2020-1937,2020-07-27T22:51:47Z,"SQL Injection in Kylin","org.apache.kylin:kylin-server-base",3.0.0,3.0.1,MODERATE,CWE-89 -CVE-2020-1938,2020-06-15T18:51:21Z,"Improper Privilege Management in Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.100,CRITICAL,CWE-269 -CVE-2020-1938,2020-06-15T18:51:21Z,"Improper Privilege Management in Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.51,CRITICAL,CWE-269 -CVE-2020-1938,2020-06-15T18:51:21Z,"Improper Privilege Management in Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.31,CRITICAL,CWE-269 -CVE-2020-1940,2021-12-10T17:20:11Z,"Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak","org.apache.jackrabbit:oak-core",1.10.0,1.10.8,HIGH,CWE-200;CWE-212 -CVE-2020-1940,2021-12-10T17:20:11Z,"Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak","org.apache.jackrabbit:oak-core",1.12.0,1.24.0,HIGH,CWE-200;CWE-212 -CVE-2020-1941,2020-05-21T21:08:56Z,"Apache ActiveMQ webconsole admin GUI is open to XSS","org.apache.activemq:activemq-web-console",5.0.0,5.15.12,MODERATE,CWE-79 -CVE-2020-1942,2022-01-06T20:40:58Z,"Insertion of Sensitive Information into Log File in Apache NiFi","org.apache.nifi:nifi-framework-core",0.0.1,1.12.0-RC1,HIGH,CWE-200;CWE-532 -CVE-2020-1942,2022-01-06T20:40:58Z,"Insertion of Sensitive Information into Log File in Apache NiFi","org.apache.nifi:nifi-security-utils",0.0.1,1.12.0-RC1,HIGH,CWE-200;CWE-532 -CVE-2020-1945,2020-09-14T18:13:29Z,"Sensitive Data Exposure in Apache Ant",org.apache.ant:ant,1.1,1.9.15,MODERATE,CWE-200;CWE-668 -CVE-2020-1945,2020-09-14T18:13:29Z,"Sensitive Data Exposure in Apache Ant",org.apache.ant:ant,1.10.0,1.10.8,MODERATE,CWE-200;CWE-668 -CVE-2020-1947,2022-02-10T20:39:47Z,"Deserialization of Untrusted Data in Apache ShardingSphere","org.apache.shardingsphere:shardingsphere",4.0.0-RC3,4.0.1,HIGH,CWE-502 -CVE-2020-1948,2022-02-10T22:39:17Z,"Deserialization of Untrusted Data in Apache Dubbo","org.apache.dubbo:dubbo-common",0,2.7.7,CRITICAL,CWE-502 -CVE-2020-1948,2022-02-10T22:39:17Z,"Deserialization of Untrusted Data in Apache Dubbo",org.apache.dubbo:dubbo,0,2.7.7,CRITICAL,CWE-502 -CVE-2020-1950,2021-05-07T15:53:48Z,"Uncontrolled Resource Consumption in Apache Tika",org.apache.tika:tika,1.0,1.24,MODERATE,CWE-400 -CVE-2020-1951,2021-05-07T15:54:00Z,"Infinite Loop in Apache Tika",org.apache.tika:tika,1.0,1.24,MODERATE,CWE-835 -CVE-2020-1952,2022-01-06T19:45:30Z,"Improper Certificate Validation in Apache IoTDB","org.apache.iotdb:iotdb-parent",0,0.9.2,HIGH,CWE-295 -CVE-2020-1953,2020-05-21T19:08:08Z,"Remote code execution in Apache Commons Configuration","org.apache.commons:commons-configuration2",2.2,2.7,CRITICAL,CWE-20 -CVE-2020-1954,2022-02-10T22:38:50Z,"Apache CXF JMX Integration is vulnerable to a MITM attack","org.apache.cxf:cxf-rt-management",0,3.2.13,MODERATE,CWE-200 -CVE-2020-1954,2022-02-10T22:38:50Z,"Apache CXF JMX Integration is vulnerable to a MITM attack","org.apache.cxf:cxf-rt-management",3.3.0,3.3.6,MODERATE,CWE-200 -CVE-2020-1956,2020-07-27T22:51:44Z,"Command Injection in Kylin","org.apache.kylin:kylin-core-common",0,2.6.6,HIGH,CWE-78 -CVE-2020-1956,2020-07-27T22:51:44Z,"Command Injection in Kylin","org.apache.kylin:kylin-core-common",3.0.0,3.0.2,HIGH,CWE-78 -CVE-2020-1957,2021-05-07T15:53:18Z,"Improper Authentication in Apache Shiro","org.apache.shiro:shiro-core",0,1.5.2,CRITICAL,CWE-287 -CVE-2020-1958,2022-02-09T22:05:39Z,"Credentials bypass in Apache Druid",org.apache.druid:druid,0.17.0,0.17.1,MODERATE,CWE-200;CWE-74 -CVE-2020-1959,2021-06-16T17:18:58Z,"Expression Language Injection in Apache Syncope","org.apache.syncope:syncope-core",0,2.1.6,CRITICAL,CWE-917 -CVE-2020-1960,2021-05-21T19:20:35Z,"Command injection in Apache Flink","org.apache.flink:flink-core",0,1.9.3,MODERATE,CWE-74 -CVE-2020-1960,2021-05-21T19:20:35Z,"Command injection in Apache Flink","org.apache.flink:flink-core",1.10.0,1.10.1,MODERATE,CWE-74 -CVE-2020-1961,2021-06-16T17:18:49Z,"Injection in Apache Syncope","org.apache.syncope:syncope-core",2.0.0,2.0.15,HIGH,CWE-74 -CVE-2020-1961,2021-06-16T17:18:49Z,"Injection in Apache Syncope","org.apache.syncope:syncope-core",2.1.0,2.1.6,HIGH,CWE-74 -CVE-2020-1963,2020-06-05T16:11:02Z,"File system access via H2 in Apache Ignite","org.apache.ignite:ignite-core",0,2.8.1,CRITICAL,CWE-862 -CVE-2020-1964,2022-01-06T19:44:49Z,"Deserialization of Untrusted Data in Apache Heron","org.apache.heron:heron-simulator",0.20.0-incubating,0.20.3-incubating,HIGH,CWE-502 -CVE-2020-19676,2021-08-02T16:38:01Z,"Incorrect Access Control in Nacos","com.alibaba.nacos:nacos-common",0,1.2.0,MODERATE,CWE-200 -CVE-2020-2090,2022-05-24T17:06:22Z,"CSRF vulnerability in Jenkins Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.48,LOW,CWE-352 -CVE-2020-2091,2022-05-24T17:06:22Z,"Missing permission checks in Jenkins Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.48,MODERATE,CWE-862 -CVE-2020-20913,2023-04-04T15:30:27Z,"Ming-Soft MCMS vulnerable to SQL injection",net.mingsoft:ms-mcms,0,5.1,CRITICAL,CWE-89 -CVE-2020-2092,2022-05-24T17:06:23Z,"XXE vulnerability in Jenkins Robot Framework Plugin","org.jenkins-ci.plugins:robot",0,2.0.1,HIGH,CWE-611 -CVE-2020-2093,2022-05-24T17:06:22Z,"CSRF vulnerability in Health Advisor by CloudBees Plugin","org.jenkins-ci.plugins:cloudbees-jenkins-advisor",0,3.0.1,MODERATE,CWE-352 -CVE-2020-2094,2022-05-24T17:06:23Z,"Missing permission checks in Health Advisor by CloudBees Plugin","org.jenkins-ci.plugins:cloudbees-jenkins-advisor",0,3.0.1,MODERATE,CWE-862 -CVE-2020-2095,2022-05-24T17:06:23Z,"Redgate SQL Change Automation Plugin stored credentials in plain text","com.redgate.plugins.redgatesqlci:redgate-sql-ci",0,2.0.5,MODERATE,CWE-522 -CVE-2020-2096,2022-05-24T17:06:23Z,"Reflected XSS vulnerability in Jenkins gitlab-hook Plugin","org.jenkins-ci.ruby-plugins:gitlab-hook",0,,MODERATE,CWE-79 -CVE-2020-2097,2022-05-24T17:06:23Z,"Missing permission checks in Jenkins Sounds Plugin allow OS command execution","org.jenkins-ci.plugins:sounds",0,0.6,HIGH,CWE-285 -CVE-2020-2098,2022-05-24T17:06:23Z,"CSRF vulnerability in Jenkins Sounds Plugin allow OS command execution","org.jenkins-ci.plugins:sounds",0,0.6,HIGH,CWE-352 -CVE-2020-2099,2022-05-24T17:07:40Z,"Inbound TCP Agent Protocol/3 authentication bypass in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.204.2,HIGH,CWE-323;CWE-330 -CVE-2020-2099,2022-05-24T17:07:40Z,"Inbound TCP Agent Protocol/3 authentication bypass in Jenkins","org.jenkins-ci.main:jenkins-core",2.205,2.214,HIGH,CWE-323;CWE-330 -CVE-2020-2100,2022-05-24T17:07:40Z,"Jenkins vulnerable to UDP amplification reflection attack","org.jenkins-ci.main:jenkins-core",0,2.204.2,MODERATE,CWE-406 -CVE-2020-2100,2022-05-24T17:07:40Z,"Jenkins vulnerable to UDP amplification reflection attack","org.jenkins-ci.main:jenkins-core",2.205,2.219,MODERATE,CWE-406 -CVE-2020-2101,2022-05-24T17:07:40Z,"Non-constant time comparison of inbound TCP agent connection secret","org.jenkins-ci.main:jenkins-core",0,2.204.2,MODERATE,CWE-203;CWE-208 -CVE-2020-2101,2022-05-24T17:07:40Z,"Non-constant time comparison of inbound TCP agent connection secret","org.jenkins-ci.main:jenkins-core",2.205,2.219,MODERATE,CWE-203;CWE-208 -CVE-2020-2102,2022-05-24T17:07:40Z,"Non-constant time HMAC comparison","org.jenkins-ci.main:jenkins-core",0,2.204.2,MODERATE,CWE-203;CWE-208 -CVE-2020-2102,2022-05-24T17:07:40Z,"Non-constant time HMAC comparison","org.jenkins-ci.main:jenkins-core",2.205,2.219,MODERATE,CWE-203;CWE-208 -CVE-2020-2103,2022-05-24T17:07:40Z,"Jenkins Diagnostic page exposed session cookies","org.jenkins-ci.main:jenkins-core",0,2.204.2,MODERATE,CWE-200 -CVE-2020-2103,2022-05-24T17:07:40Z,"Jenkins Diagnostic page exposed session cookies","org.jenkins-ci.main:jenkins-core",2.205,2.219,MODERATE,CWE-200 -CVE-2020-2104,2022-05-24T17:07:40Z,"Memory usage graphs accessible to anyone with Overall/Read","org.jenkins-ci.main:jenkins-core",0,2.204.2,MODERATE,CWE-285;CWE-863 -CVE-2020-2104,2022-05-24T17:07:40Z,"Memory usage graphs accessible to anyone with Overall/Read","org.jenkins-ci.main:jenkins-core",2.205,2.219,MODERATE,CWE-285;CWE-863 -CVE-2020-2105,2022-05-24T17:07:41Z,"Jenkins REST APIs vulnerable to clickjacking","org.jenkins-ci.main:jenkins-core",0,2.204.2,LOW,CWE-1021 -CVE-2020-2105,2022-05-24T17:07:41Z,"Jenkins REST APIs vulnerable to clickjacking","org.jenkins-ci.main:jenkins-core",2.205,2.219,LOW,CWE-1021 -CVE-2020-2106,2022-05-24T17:07:41Z,"Stored XSS vulnerability in Code Coverage API Plugin","io.jenkins.plugins:code-coverage-api",0,1.1.3,MODERATE,CWE-79 -CVE-2020-2107,2022-05-24T17:07:41Z,"Fortify Plugin stored credentials in plain text","org.jenkins-ci.plugins:fortify",0,19.2.30,MODERATE,CWE-256;CWE-522 -CVE-2020-2108,2022-05-24T17:07:41Z,"XXE vulnerability in Jenkins WebSphere Deployer Plugin","org.jenkins-ci.plugins:websphere-deployer",0,,HIGH,CWE-611 -CVE-2020-2109,2022-05-24T17:08:46Z,"Improper Input Validation in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.79,HIGH,CWE-20 -CVE-2020-2110,2022-05-24T17:08:45Z,"Improper Input Validation in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.70,HIGH,CWE-20 -CVE-2020-2111,2022-05-24T17:08:46Z,"Subversion Plugin stored XSS vulnerability","org.jenkins-ci.plugins:subversion",0,2.13.1,MODERATE,CWE-79 -CVE-2020-2112,2022-05-24T17:08:46Z,"Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)","org.jenkins-ci.tools:git-parameter",0,0.9.12,MODERATE,CWE-79 -CVE-2020-21122,2021-09-20T20:45:21Z,"Server-Side Request Forgery in UReport","com.bstek.ureport:ureport2-console",0,,HIGH,CWE-918 -CVE-2020-21125,2021-09-20T20:45:03Z,"Remote code execution in UReport","com.bstek.ureport:ureport2-core",0,,CRITICAL,CWE-22 -CVE-2020-2113,2022-05-24T17:08:46Z,"Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS)","org.jenkins-ci.tools:git-parameter",0,0.9.12,MODERATE,CWE-79 -CVE-2020-2114,2022-05-24T17:08:46Z,"Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration","org.jenkins-ci.plugins:s3",0,0.11.5,LOW,CWE-319;CWE-522 -CVE-2020-2115,2022-05-24T17:08:46Z,"XXE vulnerability in NUnit Plugin","org.jenkins-ci.plugins:nunit",0,0.26,HIGH,CWE-611 -CVE-2020-2116,2022-05-24T17:08:46Z,"CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials","org.jenkins-ci.plugins:pipeline-githubnotify-step",0,1.0.5,HIGH,CWE-352 -CVE-2020-2117,2022-05-24T17:08:46Z,"Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials","org.jenkins-ci.plugins:pipeline-githubnotify-step",0,1.0.5,HIGH,CWE-285 -CVE-2020-2118,2022-05-24T17:08:46Z,"Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin","org.jenkins-ci.plugins:pipeline-build-step",0,1.0.5,MODERATE,CWE-285 -CVE-2020-2119,2022-05-24T17:08:46Z,"Client secret transmitted in plain text by Azure AD Plugin","org.jenkins-ci.plugins:azure-ad",0,1.2.0,LOW,CWE-256;CWE-522 -CVE-2020-2120,2022-05-24T17:08:47Z,"XXE vulnerability in FitNesse Plugin","org.jenkins-ci.plugins:fitnesse",0,1.31,HIGH,CWE-611 -CVE-2020-2121,2022-05-24T17:08:47Z,"RCE vulnerability in Google Kubernetes Engine Plugin","org.jenkins-ci.plugins:google-kubernetes-engine",0,0.8.1,HIGH,CWE-502 -CVE-2020-2122,2022-05-24T17:08:47Z,"Stored XSS vulnerability in Jenkins brakeman Plugin","org.jenkins-ci.plugins:brakeman",0,0.13,MODERATE,CWE-79 -CVE-2020-2123,2022-05-24T17:08:47Z,"RCE vulnerability in RadarGun Plugin","org.jenkins-ci.plugins:radargun",0,1.8,HIGH,CWE-502 -CVE-2020-2124,2022-05-24T17:08:47Z,"Password stored in plain text by Dynamic Extended Choice Parameter Plugin","com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2125,2022-05-24T17:08:47Z,"Credentials stored in plain text by debian-package-builder Plugin","ru.yandex.jenkins.plugins.debuilder:debian-package-builder",0,,LOW,CWE-256;CWE-522 -CVE-2020-2126,2022-05-24T17:08:47Z,"Token stored in plain text by DigitalOcean Plugin","com.dubture.jenkins:digitalocean-plugin",0,1.2.0,LOW,CWE-256;CWE-522 -CVE-2020-2127,2022-05-24T17:08:47Z,"Credential stored in plain text by BMC Release Package and Deployment Plugin",RPD:bmc-rpd,0,,LOW,CWE-256;CWE-522 -CVE-2020-2128,2022-05-24T17:08:47Z,"Password stored in plain text by ECX Copy Data Management Plugin","com.catalogic.ecxjenkins:catalogic-ecx",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2129,2022-05-24T17:08:47Z,"Plaintext Storage of a Password in Jenkins Eagle Tester Plugin","com.mobileenerlytics.eagle.tester:eagle-tester",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2130,2022-05-24T17:08:48Z,"Passwords stored in plain text by Harvest SCM Plugin","org.jenkins-ci.plugins:harvest",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2131,2022-05-24T17:08:48Z,"Passwords stored in plain text by Harvest SCM Plugin","org.jenkins-ci.plugins:harvest",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2132,2022-05-24T17:08:47Z,"Password stored in plain text by Parasoft Environment Manager Plugin","com.parasoft:environment-manager",0,2.15,MODERATE,CWE-256;CWE-522 -CVE-2020-2133,2022-05-24T17:08:48Z,"Password stored in plain text by Applatix Plugin","com.applatix.jenkins:applatix",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2134,2022-05-24T17:10:27Z,"Sandbox bypass vulnerability in Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.7.1,HIGH,CWE-693;CWE-863 -CVE-2020-2135,2022-05-24T17:10:27Z,"Sandbox bypass vulnerability in Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.71,HIGH,CWE-693;CWE-863 -CVE-2020-2136,2022-05-24T17:10:27Z,"Improper Neutralization of Input During Web Page Generation in Jenkins Git Plugin ","org.jenkins-ci.plugins:git",0,4.2.1,MODERATE,CWE-79 -CVE-2020-2137,2022-05-24T17:10:27Z,"Stored XSS vulnerability in Jenkins Timestamper Plugin","org.jenkins-ci.plugins:timestamper",0,1.11.2,MODERATE,CWE-79 -CVE-2020-2138,2022-05-24T17:10:28Z,"XXE vulnerability in Jenkins Cobertura Plugin","org.jenkins-ci.plugins:cobertura",0,1.16,HIGH,CWE-611 -CVE-2020-2139,2022-05-24T17:10:27Z,"Arbitrary file write vulnerability in Jenkins Cobertura Plugin","org.jenkins-ci.plugins:cobertura",0,1.16,MODERATE,CWE-22 -CVE-2020-2140,2022-05-24T17:10:27Z,"XSS vulnerability in Jenkins Audit Trail Plugin","org.jenkins-ci.plugins:audit-trail",0,3.3,MODERATE,CWE-79 -CVE-2020-2141,2022-05-24T17:10:28Z,"CSRF vulnerability in Jenkins P4 Plugin","org.jenkins-ci.plugins:p4",0,1.10.11,MODERATE,CWE-352 -CVE-2020-2142,2022-05-24T17:10:28Z,"Missing permission checks in Jenkins P4 Plugin","org.jenkins-ci.plugins:p4",0,1.10.11,MODERATE,CWE-319;CWE-862 -CVE-2020-2143,2022-05-24T17:10:28Z,"Credentials transmitted in plain text by Jenkins Logstash Plugin","org.jenkins-ci.plugins:logstash",0,2.3.2,LOW,CWE-319 -CVE-2020-2144,2022-05-24T17:10:28Z,"XXE vulnerability in Rundeck Plugin","org.jenkins-ci.plugins:rundeck",0,3.6.7,HIGH,CWE-611 -CVE-2020-2145,2022-05-24T17:10:28Z,"Credentials stored in plain text by Zephyr Enterprise Test Management Plugin","org.jenkins-ci.plugins:zephyr-enterprise-test-management",0,1.10,LOW,CWE-256;CWE-522 -CVE-2020-2146,2022-05-24T17:10:29Z,"Missing SSH host key validation in Mac Plugin","fr.edf.jenkins.plugins:mac",0,1.2.0,MODERATE,CWE-347 -CVE-2020-2147,2022-05-24T17:10:28Z,"CSRF vulnerability in Mac Plugin","fr.edf.jenkins.plugins:mac",0,1.2.0,MODERATE,CWE-352 -CVE-2020-2148,2022-05-24T17:10:29Z,"Missing permission checks in Mac Plugin","fr.edf.jenkins.plugins:mac",0,1.2.0,MODERATE,CWE-285;CWE-863 -CVE-2020-21485,2023-06-20T15:31:09Z,"Alluxio Cross Site Scripting vulnerability","org.alluxio:alluxio-parent",0,,MODERATE,CWE-79 -CVE-2020-2149,2022-05-24T17:10:28Z,"Credentials transmitted in plain text by Repository Connector Plugin","org.jenkins-ci.plugins:repository-connector",0,2.0.0,LOW,CWE-319 -CVE-2020-2150,2022-05-24T17:10:28Z,"Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration","org.jenkins-ci.plugins:sonar-quality-gates",0,,LOW,CWE-319 -CVE-2020-2151,2022-05-24T17:10:28Z,"Jenkins Quality Gates Plugin transmits credentials in plain text during configuration ","org.jenkins-ci.plugins:quality-gates",0,,LOW,CWE-319 -CVE-2020-2152,2022-05-24T17:10:29Z,"Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)","org.jvnet.hudson.plugins:svn-release-mgr",0,,MODERATE,CWE-79 -CVE-2020-2153,2022-05-24T17:10:29Z,"Credentials transmitted in plain text by Backlog Plugin","org.jenkins-ci.plugins:backlog",0,2.5,LOW,CWE-319 -CVE-2020-2154,2022-05-24T17:10:29Z,"Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text","org.jenkins-ci.plugins:zephyr-for-jira-test-management",0,,LOW,CWE-256;CWE-312 -CVE-2020-2155,2022-05-24T17:10:29Z,"Credentials transmitted in plain text by OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,LOW,CWE-319 -CVE-2020-2156,2022-05-24T17:10:29Z,"Credentials transmitted in plain text by Jenkins DeployHub Plugin",com.openmake:deployhub,0,,LOW,CWE-319 -CVE-2020-2157,2022-05-24T17:10:30Z,"Credentials transmitted in plain text by Skytap Cloud CI Plugin","org.jenkins-ci.plugins:skytap",0,,LOW,CWE-319 -CVE-2020-2158,2022-05-24T17:10:30Z,"Remote Code Execution vulnerability in Jenkins Literate Plugin","org.jenkins-ci.plugins:literate",0,,HIGH,CWE-502 -CVE-2020-2159,2022-05-24T17:10:30Z,"OS command injection in CryptoMove Plugin","io.jenkins.plugins:cryptomove",0,,HIGH,CWE-78 -CVE-2020-2160,2022-05-24T17:12:40Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.204.6,HIGH,CWE-352;CWE-435 -CVE-2020-2160,2022-05-24T17:12:40Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.205,2.228,HIGH,CWE-352;CWE-435 -CVE-2020-2162,2022-05-24T17:12:40Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.228,MODERATE,CWE-79 -CVE-2020-2162,2022-05-24T17:12:40Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.204.6,2.228,MODERATE,CWE-79 -CVE-2020-2164,2022-05-24T17:12:40Z,"Passwords stored in plain text by Jenkins Artifactory Plugin","org.jenkins-ci.plugins:artifactory",0,3.6.0,LOW,CWE-312;CWE-522 -CVE-2020-2165,2022-05-24T17:12:40Z,"Passwords transmitted in plain text by Jenkins Artifactory Plugin","org.jenkins-ci.plugins:artifactory",0,3.6.1,LOW,CWE-319;CWE-522 -CVE-2020-2166,2022-05-24T17:12:40Z,"RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin",de.taimos:pipeline-aws,0,1.41,HIGH,CWE-20;CWE-502 -CVE-2020-2167,2022-05-24T17:12:40Z,"RCE vulnerability in Jenkins OpenShift Pipeline Plugin","com.openshift.jenkins:openshift-pipeline",0,1.0.57,HIGH,CWE-20;CWE-502 -CVE-2020-2168,2022-05-24T17:12:41Z,"RCE vulnerability in Jenkins Azure Container Service Plugin","org.jenkins-ci.plugins:azure-acs",0,1.0.2,HIGH,CWE-20;CWE-502 -CVE-2020-2169,2022-05-24T17:12:41Z,"Reflected XSS vulnerability in Jenkins Queue cleanup Plugin","org.jenkins-ci.plugins:queue-cleanup",0,1.4,MODERATE,CWE-79 -CVE-2020-2170,2022-05-24T17:12:40Z,"Stored XSS vulnerability in Jenkins RapidDeploy Plugin","org.jenkins-ci.plugins:rapiddeploy-jenkins",0,4.2.1,MODERATE,CWE-79 -CVE-2020-2171,2022-05-24T17:12:41Z,"XXE vulnerability in Jenkins RapidDeploy Plugin","org.jenkins-ci.plugins:rapiddeploy-jenkins",0,4.2.1,HIGH,CWE-611 -CVE-2020-2172,2022-05-24T17:13:39Z,"XXE vulnerability in Jenkins Code Coverage API Plugin","io.jenkins.plugins:code-coverage-api",0,1.1.5,HIGH,CWE-611;CWE-776 -CVE-2020-2173,2022-05-24T17:13:39Z,"XSS vulnerability in Jenkins Gatling Plugin","org.jenkins-ci.plugins:gatling",0,1.3.0,MODERATE,CWE-79 -CVE-2020-2174,2022-05-24T17:13:39Z,"Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin","br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin",0,0.3.20,MODERATE,CWE-79 -CVE-2020-2175,2022-05-24T17:13:39Z,"Stored XSS vulnerability in Jenkins FitNesse Plugin","org.jenkins-ci.plugins:fitnesse",0,1.32,MODERATE,CWE-79 -CVE-2020-2176,2022-05-24T17:13:39Z,"XSS vulnerability in Jenkins useMango Runner Plugin","it.infuse.jenkins:usemango-runner",0,1.5,MODERATE,CWE-79 -CVE-2020-2177,2022-05-24T17:15:35Z,"Credentials stored in plain text by Jenkins Copr Plugin","org.fedoraproject.jenkins.plugins:copr",0,0.6.1,MODERATE,CWE-256;CWE-312 -CVE-2020-2178,2022-05-24T17:15:35Z,"XXE vulnerability in Jenkins Parasoft Findings Plugin","com.parasoft:parasoft-findings",0,10.4.4,HIGH,CWE-611 -CVE-2020-2179,2022-05-24T17:15:34Z,"RCE vulnerability in Jenkins Yaml Axis Plugin","org.jenkins-ci.plugins:yaml-axis",0,0.2.1,HIGH,CWE-502 -CVE-2020-2180,2022-05-24T17:15:35Z,"RCE vulnerability in Jenkins AWS SAM Plugin","io.jenkins.plugins:aws-sam",0,1.2.3,HIGH,CWE-502 -CVE-2020-2181,2022-05-24T17:17:14Z,"Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps","org.jenkins-ci.plugins:credentials-binding",0,1.23,MODERATE,CWE-522 -CVE-2020-2182,2022-05-24T17:17:14Z,"Improper masking of some secrets in Jenkins Credentials Binding Plugin","org.jenkins-ci.plugins:credentials-binding",0,1.23,LOW,CWE-522 -CVE-2020-2183,2022-05-24T17:17:14Z,"Improper permission checks in Jenkins Copy Artifact Plugin","org.jenkins-ci.plugins:copyartifact",0,1.44,MODERATE,CWE-276;CWE-285 -CVE-2020-2184,2022-05-24T17:17:14Z,"CSRF vulnerability in Jenkins CVS Plugin","org.jenkins-ci.plugins:cvs",0,2.16,MODERATE,CWE-352 -CVE-2020-2185,2022-05-24T17:17:14Z,"Missing SSH host key validation in Jenkins Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.50.2,MODERATE,CWE-300 -CVE-2020-2186,2022-05-24T17:17:14Z,"CSRF vulnerability in Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.50.2,LOW,CWE-352 -CVE-2020-2187,2022-05-24T17:17:15Z,"Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.50.2,MODERATE,CWE-295 -CVE-2020-2188,2022-05-24T17:17:14Z,"Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin","org.jenkins-ci.plugins:ec2",0,1.50.2,MODERATE,CWE-285;CWE-863 -CVE-2020-2189,2022-05-24T17:17:14Z,"RCE vulnerability in SCM Filter Jervis Plugin","io.jenkins.plugins:scm-filter-jervis",0,0.3,HIGH,CWE-502 -CVE-2020-2190,2022-05-24T17:19:04Z,"Improper Neutralization of Input During Web Page Generation in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.73,MODERATE,CWE-79 -CVE-2020-2191,2022-05-24T17:19:04Z,"Improper permission checks in Jenkins Swarm Plugin","org.jenkins-ci.plugins:swarm",0,3.21,MODERATE,CWE-285 -CVE-2020-2192,2022-05-24T17:19:05Z,"CSRF vulnerability in Jenkins Swarm Plugin","org.jenkins-ci.plugins:swarm",0,3.21,MODERATE,CWE-352 -CVE-2020-2193,2022-05-24T17:19:04Z,"Stored XSS vulnerability in Jenkins ECharts API Plugin","io.jenkins.plugins:echarts-api",0,4.7.0-4,MODERATE,CWE-79 -CVE-2020-2194,2022-05-24T17:19:04Z,"Stored XSS vulnerability in Jenkins ECharts API Plugin","io.jenkins.plugins:echarts-api",0,4.7.0-4,MODERATE,CWE-79 -CVE-2020-2195,2022-05-24T17:19:04Z,"Stored XSS vulnerability in Jenkins Compact Columns Plugin","org.jenkins-ci.plugins:compact-columns",0,1.12,MODERATE,CWE-79 -CVE-2020-2196,2022-05-24T17:19:04Z,"Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection","org.jenkins-ci.plugins:selenium",0,,HIGH,CWE-352 -CVE-2020-2197,2022-05-24T17:19:05Z,"Missing permission check in Jenkins Project Inheritance Plugin","hudson.plugins:project-inheritance",0,,MODERATE,CWE-285 -CVE-2020-2198,2022-05-24T17:19:05Z,"Missing permission check in Jenkins Project Inheritance Plugin","hudson.plugins:project-inheritance",0,,MODERATE,CWE-522 -CVE-2020-2199,2022-05-24T17:19:05Z,"XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin","org.jenkins-ci.plugins:svn-partial-release-mgr",0,,MODERATE,CWE-79 -CVE-2020-2200,2022-05-24T17:19:05Z,"OS command injection vulnerability in Jenkins Play Framework Plugin","org.jenkins-ci.plugins:play-autotest-plugin",0,,HIGH,CWE-78 -CVE-2020-2201,2022-05-24T17:22:18Z,"Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin","org.jenkins-ci.plugins:sonargraph-integration",0,3.0.1,MODERATE,CWE-79 -CVE-2020-2202,2022-05-24T17:22:18Z,"Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,6.0.1,MODERATE,CWE-285;CWE-862 -CVE-2020-2203,2022-05-24T17:22:18Z,"CSRF vulnerability in Jenkins Fortify on Demand Plugin","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,6.0.0,MODERATE,CWE-352 -CVE-2020-2204,2022-05-24T17:22:19Z,"Missing permission checks in Jenkins Fortify on Demand Plugin","org.jenkins-ci.plugins:fortify-on-demand-uploader",0,6.0.1,MODERATE,CWE-285;CWE-862 -CVE-2020-2205,2022-05-24T17:22:18Z,"Stored XSS vulnerability in Jenkins VncRecorder Plugin","org.jenkins-ci.plugins:vncrecorder",0,1.35,MODERATE,CWE-79 -CVE-2020-2206,2022-05-24T17:22:19Z,"Reflected XSS vulnerability in Jenkins VncRecorder Plugin","org.jenkins-ci.plugins:vncrecorder",0,1.35,MODERATE,CWE-79 -CVE-2020-2207,2022-05-24T17:22:19Z,"Reflected XSS vulnerability in Jenkins VncViewer Plugin","org.jenkins-ci.plugins:vncviewer",0,1.8,MODERATE,CWE-79 -CVE-2020-2208,2022-05-24T17:22:19Z,"Secret stored in plain text by Jenkins Slack Upload Plugin","org.jenkins-ci.plugins:slack-uploader",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2209,2022-05-24T17:22:19Z,"Password stored in plain text by Jenkins TestComplete support Plugin","org.jenkins-ci.plugins:TestComplete",0,2.5.2,MODERATE,CWE-256;CWE-522 -CVE-2020-2210,2022-05-24T17:22:19Z,"Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin","org.jenkins-ci.plugins:StashBranchParameter",0,,LOW,CWE-319 -CVE-2020-2211,2022-05-24T17:22:19Z,"RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin","com.elasticbox.jenkins-ci.plugins:kubernetes-ci",0,,HIGH,CWE-502 -CVE-2020-2212,2022-05-24T17:22:19Z,"Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin","io.jenkins.plugins:github-coverage-reporter",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2213,2022-05-24T17:22:19Z,"Credentials stored in plain text by Jenkins White Source Plugin","org.jenkins-ci.plugins:whitesource",0,20.8.1,MODERATE,CWE-256;CWE-522 -CVE-2020-2214,2022-05-24T17:22:20Z,"Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin","com.vrondakis.zap:zap-pipeline",0,1.10,MODERATE,CWE-79 -CVE-2020-2215,2022-05-24T17:22:20Z,"CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin","org.jenkins-ci.plugins:zephyr-for-jira-test-management",0,,MODERATE,CWE-352 -CVE-2020-2216,2022-05-24T17:22:20Z,"Missing permission checks in Zephyr for JIRA Test Management Plugin","org.jenkins-ci.plugins:zephyr-for-jira-test-management",0,,MODERATE,CWE-285;CWE-862 -CVE-2020-2217,2022-05-24T17:22:20Z,"Reflected XSS in Jenkins Compatibility Action Storage Plugin","org.jenkins-ci.plugins:compatibility-action-storage",0,,MODERATE,CWE-79 -CVE-2020-2218,2022-05-24T17:22:20Z,"Password stored in plain text by Jenkins HP ALM Quality Center Plugin","org.jenkins-ci.plugins:hp-quality-center",0,,LOW,CWE-256;CWE-522 -CVE-2020-2219,2022-05-24T17:22:20Z,"Stored XSS vulnerability in Jenkins Link Column Plugin","org.jenkins-ci.plugins:link-column",0,,MODERATE,CWE-79 -CVE-2020-2220,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins job build time trend","org.jenkins-ci.main:jenkins-core",0,2.235.2,HIGH,CWE-79 -CVE-2020-2220,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins job build time trend","org.jenkins-ci.main:jenkins-core",2.236,2.245,HIGH,CWE-79 -CVE-2020-2221,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins upstream cause","org.jenkins-ci.main:jenkins-core",0,2.235.2,HIGH,CWE-79 -CVE-2020-2221,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins upstream cause","org.jenkins-ci.main:jenkins-core",2.236,2.245,HIGH,CWE-79 -CVE-2020-2222,2022-05-24T17:23:39Z,"Stored XSS vulnerability in Jenkins 'keep forever' badge icon","org.jenkins-ci.main:jenkins-core",0,2.235.2,HIGH,CWE-79 -CVE-2020-2222,2022-05-24T17:23:39Z,"Stored XSS vulnerability in Jenkins 'keep forever' badge icon","org.jenkins-ci.main:jenkins-core",2.236,2.245,HIGH,CWE-79 -CVE-2020-2223,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins console links","org.jenkins-ci.main:jenkins-core",0,2.235.2,HIGH,CWE-79 -CVE-2020-2223,2022-05-24T17:23:38Z,"Stored XSS vulnerability in Jenkins console links","org.jenkins-ci.main:jenkins-core",2.236,2.245,HIGH,CWE-79 -CVE-2020-2224,2022-05-24T17:23:38Z,"Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",0,1.17,HIGH,CWE-79 -CVE-2020-2225,2022-05-24T17:23:39Z,"Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",0,1.17,HIGH,CWE-79 -CVE-2020-2226,2022-05-24T17:23:39Z,"Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin","org.jenkins-ci.plugins:matrix-auth",0,2.6.2,HIGH,CWE-79 -CVE-2020-2227,2022-05-24T17:23:39Z,"Stored XSS vulnerability in Jenkins Deployer Framework Plugin","org.jenkins-ci.plugins:deployer-framework",0,1.3,HIGH,CWE-79 -CVE-2020-2228,2022-05-24T17:23:39Z,"Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin","org.jenkins-ci.plugins:gitlab-oauth",0,1.6,HIGH,CWE-863 -CVE-2020-2229,2022-05-24T17:25:24Z,"Jenkins Cross-Site Scripting vulnerability in help icons","org.jenkins-ci.main:jenkins-core",0,2.235.4,HIGH,CWE-79 -CVE-2020-2229,2022-05-24T17:25:24Z,"Jenkins Cross-Site Scripting vulnerability in help icons","org.jenkins-ci.main:jenkins-core",2.236,2.252,HIGH,CWE-79 -CVE-2020-2230,2022-05-24T17:25:24Z,"Jenkins Cross-site Scripting vulnerability in project naming strategy","org.jenkins-ci.main:jenkins-core",0,2.235.4,HIGH,CWE-79 -CVE-2020-2230,2022-05-24T17:25:24Z,"Jenkins Cross-site Scripting vulnerability in project naming strategy","org.jenkins-ci.main:jenkins-core",2.236,2.252,HIGH,CWE-79 -CVE-2020-2231,2022-05-24T17:25:24Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.235.4,MODERATE,CWE-79 -CVE-2020-2231,2022-05-24T17:25:24Z,"Improper Neutralization of Input During Web Page Generation in Jenkins","org.jenkins-ci.main:jenkins-core",2.237,2.252,MODERATE,CWE-79 -CVE-2020-2232,2022-05-24T17:25:24Z,"Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text","org.jenkins-ci.plugins:email-ext",2.72,2.74,LOW,CWE-319 -CVE-2020-2233,2022-05-24T17:25:24Z,"Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:pipeline-maven",0,3.8.3,MODERATE,CWE-285;CWE-863 -CVE-2020-2234,2022-05-24T17:25:24Z,"Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials","org.jenkins-ci.plugins:pipeline-maven",0,3.8.3,HIGH,CWE-285;CWE-862 -CVE-2020-2235,2022-05-24T17:25:25Z,"CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials","org.jenkins-ci.plugins:pipeline-maven",0,3.8.3,HIGH,CWE-352 -CVE-2020-2236,2022-05-24T17:25:24Z,"Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin","com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer",0,1.12,HIGH,CWE-79 -CVE-2020-2237,2022-05-24T17:25:25Z,"CSRF vulnerability in Jenkins Flaky Test Handler Plugin","org.jenkins-ci.plugins:flaky-test-handler",0,1.1.0,MODERATE,CWE-352 -CVE-2020-2238,2022-05-24T17:27:06Z,"Stored XSS vulnerability in Jenkins Git Parameter Plugin","org.jenkins-ci.tools:git-parameter",0,0.9.13,HIGH,CWE-79 -CVE-2020-2239,2022-05-24T17:27:06Z,"Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin","org.jenkins-ci.plugins:Parameterized-Remote-Trigger",0,3.1.4,LOW,CWE-256;CWE-311 -CVE-2020-2240,2022-05-24T17:27:06Z,"CSRF vulnerability in Jenkins Database Plugin","org.jenkins-ci.plugins:database",0,1.7,HIGH,CWE-352 -CVE-2020-2241,2022-05-24T17:27:06Z,"CSRF vulnerability in Jenkins Database Plugin","org.jenkins-ci.plugins:database",0,1.7,MODERATE,CWE-352 -CVE-2020-2242,2022-05-24T17:27:06Z,"Missing permission checks in Jenkins Database Plugin","org.jenkins-ci.plugins:database",0,1.7,MODERATE,CWE-862 -CVE-2020-2243,2022-05-24T17:27:07Z,"Stored XSS vulnerability in Jenkins Cadence vManager Plugin","org.jenkins-ci.plugins:vmanager-plugin",0,3.0.5,HIGH,CWE-79 -CVE-2020-2244,2022-05-24T17:27:07Z,"XSS vulnerability in Jenkins Build Failure Analyzer Plugin","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,1.27.1,HIGH,CWE-79 -CVE-2020-2245,2022-05-24T17:27:06Z,"XXE vulnerability in Jenkins Valgrind Plugin","org.jenkins-ci.plugins:valgrind",0,,HIGH,CWE-611 -CVE-2020-2246,2022-05-24T17:27:06Z,"Stored XSS vulnerability in Jenkins Valgrind Plugin","org.jenkins-ci.plugins:valgrind",0,,HIGH,CWE-79 -CVE-2020-2247,2022-05-24T17:27:07Z,"XXE vulnerability in Jenkins Klocwork Analysis Plugin","org.jenkins-ci.plugins:klocwork",0,2020.3.1,HIGH,CWE-611 -CVE-2020-2248,2022-05-24T17:27:07Z,"Reflected XSS vulnerability in Jenkins JSGames Plugin","org.jenkins-ci.plugins:jsgames",0,,HIGH,CWE-79 -CVE-2020-2249,2022-05-24T17:27:06Z,"Credentials stored in plain text by Jenkins tfs Plugin","org.jenkins-ci.plugins:tfs",0,,LOW,CWE-256;CWE-311 -CVE-2020-2250,2022-05-24T17:27:07Z,"Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin","org.jenkins-ci.plugins:soapui-pro-functional-testing",0,1.4,MODERATE,CWE-256;CWE-311 -CVE-2020-2251,2022-05-24T17:27:07Z,"Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin","org.jenkins-ci.plugins:soapui-pro-functional-testing",0,1.6,MODERATE,CWE-319 -CVE-2020-2252,2022-05-24T17:28:25Z,"Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",0,1.29.1,MODERATE,CWE-295 -CVE-2020-2252,2022-05-24T17:28:25Z,"Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",1.30,1.31.1,MODERATE,CWE-295 -CVE-2020-2252,2022-05-24T17:28:25Z,"Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",1.32,1.32.1,MODERATE,CWE-295 -CVE-2020-2253,2022-05-24T17:28:24Z,"Missing hostname validation in Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.76,MODERATE,CWE-295 -CVE-2020-2254,2022-05-24T17:28:24Z,"Path traversal vulnerability in Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.23.3,MODERATE,CWE-22 -CVE-2020-2255,2022-05-24T17:28:25Z,"Missing permission check in Blue Ocean Plugin","io.jenkins.blueocean:blueocean",0,1.23.3,MODERATE,CWE-862 -CVE-2020-2256,2022-05-24T17:28:25Z,"Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name","org.jenkins-ci.plugins:pipeline-maven",0,3.9.3,HIGH,CWE-79 -CVE-2020-2257,2022-05-24T17:28:25Z,"Stored XSS vulnerability in Validating String Parameter Plugin","org.jenkins-ci.plugins:validating-string-parameter",0,2.5,HIGH,CWE-79 -CVE-2020-2258,2022-05-24T17:28:25Z,"Incorrect permission check in Health Advisor by CloudBees Plugin","org.jenkins-ci.plugins:cloudbees-jenkins-advisor",0,3.2.1,MODERATE,CWE-863 -CVE-2020-2259,2022-05-24T17:28:25Z,"Stored XSS vulnerability in computer-queue-plugin Plugin","jenkins.ci.plugins.computerqueue:computer-queue-plugin",0,1.6,HIGH,CWE-79 -CVE-2020-2260,2022-05-24T17:28:26Z,"Missing permission check in Perfecto Plugin","io.jenkins.plugins:perfecto",0,1.18,MODERATE,CWE-862 -CVE-2020-2261,2022-05-24T17:28:26Z,"OS command execution vulnerability in Perfecto Plugin","io.jenkins.plugins:perfecto",0,1.18,HIGH,CWE-78 -CVE-2020-2262,2022-05-24T17:28:25Z,"Stored XSS vulnerability in android-lint Plugin","org.jvnet.hudson.plugins:android-lint",0,,HIGH,CWE-79 -CVE-2020-2263,2022-05-24T17:28:25Z,"Stored XSS vulnerability in Radiator View Plugin","org.jenkins-ci.plugins:radiatorviewplugin",0,,HIGH,CWE-79 -CVE-2020-2264,2022-05-24T17:28:26Z,"Stored XSS vulnerability in Custom Job Icon Plugin","org.jenkins-ci.plugins:custom-job-icon",0,,HIGH,CWE-79 -CVE-2020-2265,2022-05-24T17:28:26Z,"Stored XSS vulnerability in Coverage/Complexity Scatter Plot Plugin","org.jenkins-ci.plugins:covcomplplot",0,,HIGH,CWE-79 -CVE-2020-2266,2022-05-24T17:28:26Z,"Stored XSS vulnerability in Description Column Plugin","org.jenkins-ci.plugins:description-column-plugin",0,,HIGH,CWE-79 -CVE-2020-2267,2022-05-24T17:28:26Z,"Missing permission checks in MongoDB Plugin","org.jenkins-ci.plugins:mongodb",0,,MODERATE,CWE-862 -CVE-2020-2268,2022-05-24T17:28:26Z,"CSRF vulnerability in MongoDB Plugin","org.jenkins-ci.plugins:mongodb",0,,MODERATE,CWE-352 -CVE-2020-2269,2022-05-24T17:28:26Z,"Stored XSS vulnerability in chosen-views-tabbar Plugin","org.jenkins-ci.plugins:chosen-views-tabbar",0,,HIGH,CWE-79 -CVE-2020-2270,2022-05-24T17:28:26Z,"Stored XSS vulnerability in ClearCase Release Plugin","org.jvnet.hudson.plugins:clearcase-release",0,,HIGH,CWE-79 -CVE-2020-2271,2022-05-24T17:28:26Z,"Stored XSS vulnerability in Locked Files Report Plugin","org.jvnet.hudson.plugins:locked-files-report",0,,HIGH,CWE-79 -CVE-2020-2272,2022-05-24T17:28:27Z,"Missing permission checks in Jenkins ElasTest Plugin","org.jenkins-ci.plugins:elastest",0,,MODERATE,CWE-862 -CVE-2020-2273,2022-05-24T17:28:27Z,"CSRF vulnerability in Jenkins ElasTest Plugin","org.jenkins-ci.plugins:elastest",0,,MODERATE,CWE-352 -CVE-2020-2274,2022-05-24T17:28:27Z,"Passwords stored in plain text by ElasTest Plugin","org.jenkins-ci.plugins:elastest",0,,MODERATE,CWE-312 -CVE-2020-2275,2022-05-24T17:28:27Z,"Arbitrary file read vulnerability in Copy data to workspace Jenkins Plugin","org.jvnet.hudson.plugins:copy-data-to-workspace-plugin",0,,MODERATE,CWE-22 -CVE-2020-22755,2023-05-08T15:30:18Z,"MCMS vulnerable to arbitrary code execution via crafted thumbnail",net.mingsoft:ms-mcms,0,,HIGH,CWE-434 -CVE-2020-2276,2022-05-24T17:28:27Z,"System command execution vulnerability in Selection tasks Jenkins Plugin","org.jvnet.hudson.plugins:selection-tasks-plugin",0,,HIGH,CWE-78 -CVE-2020-2277,2022-05-24T17:28:27Z,"Arbitrary file read vulnerability in Jenkins Storable Configs Plugin","org.jvnet.hudson.plugins:storable-configs-plugin",0,,MODERATE,CWE-22 -CVE-2020-2278,2022-05-24T17:28:27Z,"Arbitrary file write vulnerability in Jenkins Storable Configs Plugin","org.jvnet.hudson.plugins:storable-configs-plugin",0,,MODERATE,CWE-22 -CVE-2020-2279,2022-05-24T17:29:16Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1.66.5,CRITICAL,CWE-693 -CVE-2020-2279,2022-05-24T17:29:16Z,"Sandbox bypass vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",1.67,1.75,CRITICAL,CWE-693 -CVE-2020-2280,2022-05-24T17:29:16Z,"CSRF vulnerability in Jenkins warnings Plugin allows remote code execution","org.jvnet.hudson.plugins:warnings",0,5.0.2,HIGH,CWE-352 -CVE-2020-2281,2022-05-24T17:29:16Z,"CSRF vulnerability in Jenkins Lockable Resources Plugin","org.6wind.jenkins:lockable-resources",0,2.9,MODERATE,CWE-352 -CVE-2020-2282,2022-05-24T17:29:16Z,"Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin","org.jenkins-ci.plugins:implied-labels",0,0.7,MODERATE,CWE-862 -CVE-2020-2283,2022-05-24T17:29:16Z,"Stored XSS vulnerability in Jenkins Liquibase Runner Plugin","org.jenkins-ci.plugins:liquibase-runner",0,1.4.6,MODERATE,CWE-79 -CVE-2020-2284,2022-05-24T17:29:16Z,"XXE vulnerability in Jenkins Liquibase Runner Plugin","org.jenkins-ci.plugins:liquibase-runner",0,1.4.7,HIGH,CWE-611 -CVE-2020-2285,2022-05-24T17:29:16Z,"Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:liquibase-runner",0,1.4.8,MODERATE,CWE-862 -CVE-2020-2286,2022-05-24T17:30:18Z,"Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin","org.jenkins-ci.plugins:role-strategy",2.12,3.1,HIGH,CWE-863 -CVE-2020-2287,2022-02-10T20:29:39Z,"Request logging bypass in Jenkins Audit Trail Plugin","org.jenkins-ci.plugins:audit-trail",0,3.7,MODERATE,CWE-435 -CVE-2020-2288,2022-05-24T17:30:18Z,"Incorrect default pattern in Jenkins Audit Trail Plugin","org.jenkins-ci.plugins:audit-trail",0,3.7,MODERATE,CWE-185 -CVE-2020-2289,2022-05-24T17:30:18Z,"Stored XSS vulnerability in Jenkins Active Choices Plugin",org.biouno:uno-choice,0,2.5,MODERATE,CWE-79 -CVE-2020-2290,2022-05-24T17:30:18Z,"Stored XSS vulnerability in Jenkins Active Choices Plugin",org.biouno:uno-choice,0,2.5,MODERATE,CWE-79 -CVE-2020-2291,2022-05-24T17:30:18Z,"Password stored in plain text by Jenkins couchdb-statistics Plugin","org.jenkins-ci.plugins:couchdb-statistics",0,0.4,LOW,CWE-522 -CVE-2020-2292,2022-05-24T17:30:18Z,"Stored XSS vulnerability in Jenkins Release Plugin","org.jenkins-ci.plugins:release",0,2.11,MODERATE,CWE-79 -CVE-2020-2293,2022-05-24T17:30:18Z,"Arbitrary file read vulnerability in Jenkins Persona Plugin","org.jenkins-ci.plugins:persona",0,,MODERATE,CWE-22 -CVE-2020-2294,2022-05-24T17:30:19Z,"Missing permission checks in Jenkins Maven Cascade Release Plugin","com.barchart.jenkins:maven-release-cascade",0,,MODERATE,CWE-862 -CVE-2020-2295,2022-05-24T17:30:19Z,"CSRF vulnerability in Jenkins Maven Cascade Release Plugin","com.barchart.jenkins:maven-release-cascade",0,,MODERATE,CWE-352 -CVE-2020-2296,2022-05-24T17:30:18Z,"CSRF vulnerability in Jenkins Shared Objects Plugin","org.jenkins-ci.plugins:shared-objects",0,,MODERATE,CWE-352 -CVE-2020-2297,2022-05-24T17:30:19Z,"Access token stored in plain text by Jenkins SMS Notification Plugin",com.hoiio.jenkins:sms,0,,LOW,CWE-522 -CVE-2020-2298,2022-05-24T17:30:19Z,"XXE vulnerability in Jenkins Nerrvana Plugin","org.jenkins-ci.plugins:nerrvana-plugin",0,,MODERATE,CWE-611 -CVE-2020-2299,2022-05-24T17:33:07Z,"Improper Authentication in Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",1.44,2.16.1,CRITICAL,CWE-287 -CVE-2020-2299,2022-05-24T17:33:07Z,"Improper Authentication in Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",2.17,2.20,CRITICAL,CWE-287 -CVE-2020-2300,2022-05-24T17:33:07Z,"Improper Authentication (empty password) in Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",0,2.16.1,CRITICAL,CWE-287 -CVE-2020-2300,2022-05-24T17:33:07Z,"Improper Authentication (empty password) in Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",2.17,2.20,CRITICAL,CWE-287 -CVE-2020-2301,2022-05-24T17:33:07Z,"Authentication cache in Active Directory Jenkins Plugin allows logging in with any password","org.jenkins-ci.plugins:active-directory",0,2.16.1,CRITICAL,CWE-287 -CVE-2020-2301,2022-05-24T17:33:07Z,"Authentication cache in Active Directory Jenkins Plugin allows logging in with any password","org.jenkins-ci.plugins:active-directory",2.17,2.20,CRITICAL,CWE-287 -CVE-2020-2302,2022-05-24T17:33:07Z,"Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page","org.jenkins-ci.plugins:active-directory",0,2.20,MODERATE,CWE-862 -CVE-2020-2303,2022-05-24T17:33:07Z,"CSRF vulnerability in Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",0,2.20,MODERATE,CWE-352 -CVE-2020-2304,2022-05-24T17:33:07Z,"XXE vulnerability in Jenkins Subversion Plugin","org.jenkins-ci.plugins:subversion",0,2.13.2,MODERATE,CWE-611 -CVE-2020-2305,2022-05-24T17:33:07Z,"XXE vulnerability in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",0,2.8.1,MODERATE,CWE-611 -CVE-2020-2305,2022-05-24T17:33:07Z,"XXE vulnerability in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.10,2.10.1,MODERATE,CWE-611 -CVE-2020-2305,2022-05-24T17:33:07Z,"XXE vulnerability in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.11,2.12,MODERATE,CWE-611 -CVE-2020-2305,2022-05-24T17:33:07Z,"XXE vulnerability in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.9,2.9.1,MODERATE,CWE-611 -CVE-2020-2306,2022-05-24T17:33:07Z,"Missing Authorization in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",0,2.8.1,MODERATE,CWE-862 -CVE-2020-2306,2022-05-24T17:33:07Z,"Missing Authorization in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.10,2.10.1,MODERATE,CWE-862 -CVE-2020-2306,2022-05-24T17:33:07Z,"Missing Authorization in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.11,2.12,MODERATE,CWE-862 -CVE-2020-2306,2022-05-24T17:33:07Z,"Missing Authorization in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",2.9,2.9.1,MODERATE,CWE-862 -CVE-2020-23064,2023-06-26T21:30:58Z,"Duplicate Advisory: jQuery Cross Site Scripting vulnerability",org.webjars.npm:jquery,1.0.3,3.5.0,MODERATE,CWE-79 -CVE-2020-2307,2022-05-24T17:33:07Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",0,1.21.6,MODERATE,CWE-200 -CVE-2020-2307,2022-05-24T17:33:07Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.22.0,1.25.4.1,MODERATE,CWE-200 -CVE-2020-2307,2022-05-24T17:33:07Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.26.0,1.26.5,MODERATE,CWE-200 -CVE-2020-2307,2022-05-24T17:33:07Z,"Exposure of Sensitive Information to an Unauthorized Actor in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.27.0,1.27.4,MODERATE,CWE-200 -CVE-2020-2308,2022-05-24T17:33:08Z,"Missing Authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",0,1.21.6,MODERATE,CWE-862 -CVE-2020-2308,2022-05-24T17:33:08Z,"Missing Authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.22.0,1.25.4.1,MODERATE,CWE-862 -CVE-2020-2308,2022-05-24T17:33:08Z,"Missing Authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.26.0,1.26.5,MODERATE,CWE-862 -CVE-2020-2308,2022-05-24T17:33:08Z,"Missing Authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.27.1,1.27.4,MODERATE,CWE-862 -CVE-2020-2309,2022-05-24T17:33:08Z,"Missing authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",0,1.21.6,MODERATE,CWE-862 -CVE-2020-2309,2022-05-24T17:33:08Z,"Missing authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.22.0,1.25.4.1,MODERATE,CWE-862 -CVE-2020-2309,2022-05-24T17:33:08Z,"Missing authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.26.0,1.26.5,MODERATE,CWE-862 -CVE-2020-2309,2022-05-24T17:33:08Z,"Missing authorization in Jenkins Kubernetes Plugin","org.csanchez.jenkins.plugins:kubernetes",1.27.0,1.27.4,MODERATE,CWE-862 -CVE-2020-2310,2022-05-24T17:33:08Z,"Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:ansible",0,1.1,MODERATE,CWE-862 -CVE-2020-2311,2022-05-24T17:33:08Z,"Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration","io.jenkins.plugins:aws-global-configuration",0,1.6,MODERATE,CWE-862 -CVE-2020-2312,2022-05-24T17:33:08Z,"Password written to the build log by Jenkins SQLPlus Script Runner Plugin","org.jenkins-ci.plugins:sqlplus-script-runner",0,2.0.13,MODERATE,CWE-522 -CVE-2020-2313,2022-05-24T17:33:08Z,"Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:azure-keyvault",0,2.1,MODERATE,CWE-862 -CVE-2020-2314,2022-05-24T17:33:08Z,"Password stored in plain text by Jenkins AppSpider Plugin","com.rapid7:jenkinsci-appspider-plugin",0,1.0.13,LOW,CWE-256;CWE-522 -CVE-2020-2315,2022-05-24T17:33:08Z,"XXE vulnerability in Jenkins Visualworks Store Plugin","org.jenkins-ci.plugins:visualworks-store",0,1.1.4,MODERATE,CWE-611 -CVE-2020-2316,2022-05-24T17:33:08Z,"Stored XSS vulnerability in Jenkins Static Analysis Utilities Plugin","org.jvnet.hudson.plugins:analysis-core",0,,MODERATE,CWE-79 -CVE-2020-2317,2022-05-24T17:33:09Z,"Stored XSS vulnerability in Jenkins FindBugs Plugin","org.jvnet.hudson.plugins:findbugs",0,,MODERATE,CWE-79 -CVE-2020-2318,2022-05-24T17:33:09Z,"Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin","org.jenkins-ci.plugins:mailcommander",0,,MODERATE,CWE-256;CWE-522 -CVE-2020-2319,2022-05-24T17:33:09Z,"Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin","org.jenkins-ci.plugins:labmanager",0,,LOW,CWE-256;CWE-522 -CVE-2020-2320,2022-05-24T17:35:09Z,"Jenkins Plugin Installation Manager Tool did not verify plugin downloads","io.jenkins.plugin-management:plugin-management-parent-pom",0,2.2.0,CRITICAL,CWE-494 -CVE-2020-2321,2022-05-24T17:35:08Z,"CSRF vulnerability in Jenkins Shelve Project Plugin","org.jenkins-ci.plugins:shelve-project-plugin",0,3.1,HIGH,CWE-352 -CVE-2020-2322,2022-05-24T17:35:09Z,"Missing permission checks in Jenkins Chaos Monkey Plugin","io.jenkins.plugins:chaos-monkey",0,0.4,HIGH,CWE-401;CWE-862 -CVE-2020-2323,2022-05-24T17:35:09Z,"Missing permission checks in Jenkins Chaos Monkey Plugin","io.jenkins.plugins:chaos-monkey",0,0.4.1,MODERATE,CWE-862 -CVE-2020-2324,2022-05-24T17:35:09Z,"XXE vulnerability in Jenkins CVS Plugin","org.jenkins-ci.plugins:cvs",0,2.17,HIGH,CWE-611 -CVE-2020-23262,2022-02-09T22:18:13Z,"SQL injection without credentials in ming-soft MCMS",net.mingsoft:ms-mcms,0,5.1,CRITICAL,CWE-89 -CVE-2020-23622,2022-08-16T00:00:22Z,"4thline cling uPnP protocol issue can lead to denial of service","org.fourthline.cling:cling-core",2.0.0,,HIGH,CWE-918 -CVE-2020-23811,2022-05-24T17:27:18Z,"xxl-job sensitive data exposure",com.xuxueli:xxl-job,0,,HIGH,CWE-200 -CVE-2020-23814,2022-05-24T17:27:18Z,"xxl-job Multiple cross-site scripting (XSS) vulnerabilities",com.xuxueli:xxl-job,0,2.3.0,MODERATE, -CVE-2020-24164,2022-02-10T20:55:10Z,"Gadget chain attack in Nippy",com.taoensso:nippy,0,2.14.2,HIGH,CWE-502 -CVE-2020-24554,2021-05-07T15:54:54Z,"Open Redirect in Liferay Portal","com.liferay.portal:release.portal.bom",0,7.3.3,HIGH,CWE-601 -CVE-2020-24616,2021-12-09T19:14:51Z,"Code Injection in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.6,HIGH,CWE-502;CWE-94 -CVE-2020-24750,2021-12-09T19:15:36Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-24750,2021-12-09T19:15:36Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.6,HIGH,CWE-502 -CVE-2020-24922,2023-08-11T15:30:46Z,"xuxueli xxl-job Cross-Site Request Forgery Vulnerability",com.xuxueli:xxl-job,0,,HIGH,CWE-352 -CVE-2020-25020,2021-05-07T15:54:36Z,"Improper Restriction of XML External Entity Reference in MPXJ",net.sf.mpxj:mpxj,0,8.1.4,CRITICAL,CWE-611 -CVE-2020-25633,2021-06-03T23:41:34Z,"Generation of Error Message Containing Sensitive Information in RESTEasy client","org.jboss.resteasy:resteasy-client",0,3.14.0.Final,MODERATE,CWE-209 -CVE-2020-25633,2021-06-03T23:41:34Z,"Generation of Error Message Containing Sensitive Information in RESTEasy client","org.jboss.resteasy:resteasy-client",4.0.0,4.5.7.Final,MODERATE,CWE-209 -CVE-2020-25633,2021-06-03T23:41:34Z,"Generation of Error Message Containing Sensitive Information in RESTEasy client","org.jboss.resteasy:resteasy-client-microprofile",0,3.14.0.Final,MODERATE,CWE-209 -CVE-2020-25633,2021-06-03T23:41:34Z,"Generation of Error Message Containing Sensitive Information in RESTEasy client","org.jboss.resteasy:resteasy-client-microprofile",4.0.0,4.5.7.Final,MODERATE,CWE-209 -CVE-2020-25638,2022-02-09T22:57:29Z,"SQL injection in hibernate-core","org.hibernate:hibernate-core",0,5.3.20.Final,HIGH,CWE-89 -CVE-2020-25638,2022-02-09T22:57:29Z,"SQL injection in hibernate-core","org.hibernate:hibernate-core",5.4.0.Final,5.4.24.Final,HIGH,CWE-89 -CVE-2020-25640,2022-02-15T01:38:27Z,"Wildfly logs plaintext passwords","org.wildfly:wildfly-parent",0,21.0.0.Final,MODERATE,CWE-209;CWE-532 -CVE-2020-25644,2022-05-24T17:30:10Z,"Wildfly-OpenSSL memory leak flaw","org.wildfly.openssl:wildfly-openssl-natives-parent",0,1.1.3.Final,HIGH,CWE-401 -CVE-2020-25649,2021-02-18T20:51:54Z,"XML External Entity (XXE) Injection in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.10.0.0,2.10.5.1,HIGH,CWE-611 -CVE-2020-25649,2021-02-18T20:51:54Z,"XML External Entity (XXE) Injection in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.6.0,2.6.7.4,HIGH,CWE-611 -CVE-2020-25649,2021-02-18T20:51:54Z,"XML External Entity (XXE) Injection in Jackson Databind","com.fasterxml.jackson.core:jackson-databind",2.7.0.0,2.9.10.7,HIGH,CWE-611 -CVE-2020-25689,2022-05-24T17:32:58Z,"Uncontrolled Resource Consumption in WildFly",org.wildfly:wildfly-dist,0,21.0.1,MODERATE,CWE-400;CWE-401 -CVE-2020-25711,2022-02-09T22:56:32Z,"Improper Access Control in infinispan-server-runtime","org.infinispan:infinispan-core",0,11.0.6.Final,MODERATE,CWE-269;CWE-862 -CVE-2020-25724,2021-06-08T22:29:46Z,"Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy","org.jboss.resteasy:resteasy-bom",0,2.0-beta-2,MODERATE,CWE-567 -CVE-2020-25802,2022-02-09T23:07:55Z,"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",3.0,3.0.27,HIGH,CWE-913 -CVE-2020-25802,2022-02-09T23:07:55Z,"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",3.1,3.1.7,HIGH,CWE-913 -CVE-2020-25803,2022-02-09T23:07:54Z,"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",3.0,3.0.27,HIGH,CWE-913 -CVE-2020-25803,2022-02-09T23:07:54Z,"Improper Control of Dynamically-Managed Code Resources in Crafter CMS Crafter Studio","org.craftercms:crafter-studio",3.1,3.1.7,HIGH,CWE-913 -CVE-2020-26217,2020-11-16T20:07:59Z,"XStream can be used for Remote Code Execution","com.thoughtworks.xstream:xstream",0,1.4.14-jdk7,HIGH,CWE-78 -CVE-2020-26234,2020-12-08T22:37:59Z,"Disabled Hostname Verification in Opencast","org.opencastproject:opencast-kernel",0,7.9,HIGH,CWE-297 -CVE-2020-26234,2020-12-08T22:37:59Z,"Disabled Hostname Verification in Opencast","org.opencastproject:opencast-kernel",8.0,8.9,HIGH,CWE-297 -CVE-2020-26238,2020-11-24T23:48:38Z,"Template injection in cron-utils",com.cronutils:cron-utils,0,9.1.3,CRITICAL,CWE-74 -CVE-2020-26258,2020-12-21T16:28:42Z,"Server-Side Forgery Request can be activated unmarshalling with XStream","com.thoughtworks.xstream:xstream",0,1.4.15,HIGH,CWE-918 -CVE-2020-26259,2020-12-21T16:28:26Z,"XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling","com.thoughtworks.xstream:xstream",0,1.4.15,MODERATE,CWE-78 -CVE-2020-26282,2020-12-24T20:49:34Z,"Server-Side Template Injection","com.browserup:browserup-proxy",0,2.1.2,HIGH,CWE-74 -CVE-2020-26882,2022-02-10T20:23:28Z,"Data Amplification in Play Framework",com.typesafe.play:play,2.6.0,2.7.6,HIGH,CWE-674 -CVE-2020-26882,2022-02-10T20:23:28Z,"Data Amplification in Play Framework",com.typesafe.play:play,2.8.0,2.8.3,HIGH,CWE-674 -CVE-2020-26883,2022-02-10T20:23:01Z,"Uncontrolled Recursion in Play Framework","com.typesafe.play:play-java",2.6.0,2.7.6,HIGH,CWE-674 -CVE-2020-26883,2022-02-10T20:23:01Z,"Uncontrolled Recursion in Play Framework","com.typesafe.play:play-java",2.8.0,2.8.3,HIGH,CWE-674 -CVE-2020-26883,2022-02-10T20:23:01Z,"Uncontrolled Recursion in Play Framework",com.typesafe.play:play,2.6.0,2.7.6,HIGH,CWE-674 -CVE-2020-26883,2022-02-10T20:23:01Z,"Uncontrolled Recursion in Play Framework",com.typesafe.play:play,2.8.0,2.8.3,HIGH,CWE-674 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-ext-jdk15on",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-ext-jdk16",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-jdk14",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-jdk15",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-jdk15on",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-jdk15to18",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle","org.bouncycastle:bcprov-jdk16",0,1.61,MODERATE,CWE-203 -CVE-2020-26939,2021-04-22T16:16:49Z,"Observable Differences in Behavior to Error Inputs in Bouncy Castle",org.bouncycastle:bc-fips,0,1.0.2,MODERATE,CWE-203 -CVE-2020-26945,2021-04-22T16:14:38Z,"""Deserialization errors in MyBatis""",org.mybatis:mybatis,0,3.5.6,HIGH,CWE-502 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-support-otp-mfa-core",5.3.0,5.3.16,HIGH,CWE-287 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-support-otp-mfa-core",6.0.0,6.1.7.2,HIGH,CWE-287 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-support-otp-mfa-core",6.2.0,6.2.4,HIGH,CWE-287 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-webapp",5.3.0,5.3.16,HIGH,CWE-287 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-webapp",6.0.0,6.1.7.2,HIGH,CWE-287 -CVE-2020-27178,2021-08-02T16:47:10Z,"Improper Authentication in Apereo CAS","org.apereo.cas:cas-server-webapp",6.2.0,6.2.4,HIGH,CWE-287 -CVE-2020-27196,2022-02-10T20:23:25Z,"Out-of-bounds Write in Play Framework","com.typesafe.play:play-java",2.6.0,2.7.6,HIGH,CWE-787 -CVE-2020-27196,2022-02-10T20:23:25Z,"Out-of-bounds Write in Play Framework","com.typesafe.play:play-java",2.8.0,2.8.3,HIGH,CWE-787 -CVE-2020-27196,2022-02-10T20:23:25Z,"Out-of-bounds Write in Play Framework",com.typesafe.play:play,2.6.0,2.7.6,HIGH,CWE-787 -CVE-2020-27196,2022-02-10T20:23:25Z,"Out-of-bounds Write in Play Framework",com.typesafe.play:play,2.8.0,2.8.3,HIGH,CWE-787 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.eclipse.jetty:jetty-webapp",0,9.4.33.v20201020,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.eclipse.jetty:jetty-webapp",10.0.0.beta1,10.0.0.beta3,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.eclipse.jetty:jetty-webapp",11.0.0.beta1,11.0.0.beta3,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.mortbay.jetty:jetty-webapp",0,9.4.33,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.mortbay.jetty:jetty-webapp",10.0.0.beta1,10.0.0.beta3,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27216,2020-11-04T17:50:24Z,"Local Temp Directory Hijacking Vulnerability","org.mortbay.jetty:jetty-webapp",11.0.0.beta1,11.0.0.beta3,HIGH,CWE-378;CWE-379;CWE-552 -CVE-2020-27217,2022-02-10T20:22:06Z,"Improper Validation of Specified Quantity in Input in Eclipse Hono","org.eclipse.hono:hono-core",0,1.4.3,HIGH,CWE-1284 -CVE-2020-27218,2020-12-02T18:28:18Z,"Buffer not correctly recycled in Gzip Request inflation","org.eclipse.jetty:jetty-server",9.4.0,9.4.35.v20201120,MODERATE,CWE-226 -CVE-2020-27219,2022-02-09T22:19:44Z,"Cross-site Scripting in Eclipse Hawkbit","org.eclipse.hawkbit:hawkbit-parent",0,0.3.0M7,MODERATE,CWE-79 -CVE-2020-27223,2021-03-10T03:46:47Z,"DOS vulnerability for Quoted Quality CSV headers","org.eclipse.jetty:jetty-server",10.0.0,10.0.1,MODERATE,CWE-400 -CVE-2020-27223,2021-03-10T03:46:47Z,"DOS vulnerability for Quoted Quality CSV headers","org.eclipse.jetty:jetty-server",11.0.0,11.0.1,MODERATE,CWE-400 -CVE-2020-27223,2021-03-10T03:46:47Z,"DOS vulnerability for Quoted Quality CSV headers","org.eclipse.jetty:jetty-server",9.4.6,9.4.37,MODERATE,CWE-400 -CVE-2020-27782,2022-02-09T00:54:12Z,"Denial of service in Undertow","io.undertow:undertow-core",0,2.0.33,HIGH,CWE-400 -CVE-2020-27782,2022-02-09T00:54:12Z,"Denial of service in Undertow","io.undertow:undertow-core",2.1.0,2.1.5,HIGH,CWE-400 -CVE-2020-27822,2022-05-24T17:35:40Z,"Wildfly has a memory leak vulnerability","org.wildfly:wildfly-parent",19.0.0.Final,21.0.2.Final,MODERATE,CWE-401 -CVE-2020-27822,2022-05-24T17:35:40Z,"Wildfly has a memory leak vulnerability","org.wildfly:wildfly-parent",22.0.0.Alpha1,22.0.0.Beta1,MODERATE,CWE-401 -CVE-2020-27826,2022-03-18T17:55:26Z,"Authentication Bypass in keycloak","org.keycloak:keycloak-core",0,12.0.0,HIGH,CWE-250 -CVE-2020-27838,2022-05-24T17:43:50Z,"Keycloak discloses information without authentication","org.keycloak:keycloak-core",0,13.0.0,MODERATE,CWE-287 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-ext-jdk15on",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-ext-jdk16",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-jdk14",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-jdk15",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-jdk15on",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-jdk15to18",1.65,1.67,HIGH,CWE-670 -CVE-2020-28052,2021-04-30T16:14:15Z,"Logic error in Legion of the Bouncy Castle BC Java","org.bouncycastle:bcprov-jdk16",1.65,1.67,HIGH,CWE-670 -CVE-2020-28088,2022-05-24T19:10:22Z,"Jeecg-Boot CMS arbitrary file upload vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,CRITICAL,CWE-434 -CVE-2020-28191,2022-07-15T20:55:21Z,"Togglz console missing cross-site request forgery (CSRF) protection","org.togglz:togglz-console",0,2.9.4,HIGH,CWE-352 -CVE-2020-28452,2022-01-06T20:23:05Z,"Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12","com.softwaremill.akka-http-session:core_2.12",0.3.0,0.6.1,HIGH,CWE-352 -CVE-2020-28491,2021-12-09T19:17:21Z,"Denial of Service (DoS) in Jackson Dataformat CBOR","com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",2.12.0rc1,2.12.1,HIGH,CWE-770 -CVE-2020-28491,2021-12-09T19:17:21Z,"Denial of Service (DoS) in Jackson Dataformat CBOR","com.fasterxml.jackson.dataformat:jackson-dataformat-cbor",2.8.0rc1,2.11.4,HIGH,CWE-770 -CVE-2020-28865,2022-06-17T00:01:21Z,"Insufficiently Protected Credentials in PowerJob","com.github.kfcfans:powerjob",0,3.3.3,HIGH,CWE-522 -CVE-2020-28923,2022-02-09T22:54:21Z,"Data Amplification in Play Framework",com.typesafe.play:play,2.8.0,2.8.5,LOW,CWE-20 -CVE-2020-29204,2021-10-12T16:41:36Z,"Cross-site Scripting in XXL-JOB",com.xuxueli:xxl-job-core,0,2.3.0,MODERATE,CWE-79 -CVE-2020-29582,2022-05-24T17:40:48Z,"Incorrect Default Permissions in JetBrains Kotlin","org.jetbrains.kotlin:kotlin-stdlib",0,1.4.21,MODERATE,CWE-276 -CVE-2020-35209,2021-12-17T20:41:33Z,"An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.",io.atomix:atomix,0,,HIGH, -CVE-2020-35210,2021-12-17T20:41:09Z,"A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.",io.atomix:atomix,0,,MODERATE,CWE-400 -CVE-2020-35211,2021-12-17T20:40:38Z,"An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.",io.atomix:atomix,0,,HIGH, -CVE-2020-35213,2021-12-17T20:40:50Z,"An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.",io.atomix:atomix,0,,HIGH,CWE-74 -CVE-2020-35214,2021-12-17T20:41:21Z,"An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.",io.atomix:atomix,0,,HIGH, -CVE-2020-35215,2021-12-17T20:41:45Z,"Malicious Atomix node queries expose sensitive information",io.atomix:atomix,0,,MODERATE,CWE-668 -CVE-2020-35216,2021-12-17T20:40:58Z,"An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.",io.atomix:atomix,0,,MODERATE,CWE-362 -CVE-2020-35217,2021-04-22T16:16:18Z,"Cross-Site Request Forgery in Vert.x-Web framework",io.vertx:vertx-web,4.0.0-milestone1,4.0.0-milestone5,HIGH,CWE-352 -CVE-2020-35217,2021-04-22T16:16:18Z,"Cross-Site Request Forgery in Vert.x-Web framework",io.vertx:vertx-web,4.0.0-milestone2,4.0.0-milestone5,HIGH,CWE-352 -CVE-2020-35217,2021-04-22T16:16:18Z,"Cross-Site Request Forgery in Vert.x-Web framework",io.vertx:vertx-web,4.0.0-milestone3,4.0.0-milestone5,HIGH,CWE-352 -CVE-2020-35217,2021-04-22T16:16:18Z,"Cross-Site Request Forgery in Vert.x-Web framework",io.vertx:vertx-web,4.0.0-milestone4,4.0.0-milestone5,HIGH,CWE-352 -CVE-2020-35460,2020-12-18T18:28:23Z,"MPXJ path Traversal vulnerability",net.sf.mpxj:mpxj,0,8.3.5,MODERATE,CWE-22 -CVE-2020-35476,2021-08-02T17:02:21Z,"OS Command Injection in OpenTSDB",net.opentsdb:opentsdb,0,,CRITICAL,CWE-78 -CVE-2020-35490,2021-12-09T19:15:00Z,"Serialization gadgets exploit in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-35491,2021-12-09T19:15:11Z,"Serialization gadgets exploit in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502;CWE-913 -CVE-2020-35509,2022-08-24T00:00:29Z,"Keycloak vulnerable to Improper Certificate Validation","org.keycloak:keycloak-core",0,14.0.0,MODERATE,CWE-295 -CVE-2020-35510,2022-03-18T17:58:30Z,"Uncontrolled Resource Consumption in jboss-remoting","org.jboss.remoting:jboss-remoting",0,5.0.20.Final,HIGH,CWE-400 -CVE-2020-35728,2021-12-09T19:15:24Z,"Serialization gadget exploit in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-35774,2022-02-09T22:37:28Z,"TwitterServer Cross-site Scripting via /histograms endpoint","com.twitter:twitter-server_2.12",0,20.12.0,MODERATE,CWE-79 -CVE-2020-36179,2021-12-09T19:15:54Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36179,2021-12-09T19:15:54Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36180,2021-12-09T19:16:18Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36180,2021-12-09T19:16:18Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36181,2021-12-09T19:16:10Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36181,2021-12-09T19:16:10Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36182,2021-12-09T19:15:46Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36182,2021-12-09T19:15:46Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36183,2021-12-09T19:16:34Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36183,2021-12-09T19:16:34Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.00,2.9.10.8,HIGH,CWE-502 -CVE-2020-36184,2021-12-09T19:16:26Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36185,2021-12-09T19:16:02Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36186,2021-11-19T20:13:06Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36187,2021-12-09T19:16:51Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36188,2021-12-09T19:16:42Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36188,2021-12-09T19:16:42Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36189,2021-12-09T19:16:59Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.5,HIGH,CWE-502 -CVE-2020-36189,2021-12-09T19:16:59Z,"Unsafe Deserialization in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.8,HIGH,CWE-502 -CVE-2020-36282,2021-12-10T17:15:49Z,"Unsafe Deserialization that can Result in Code Execution","com.rabbitmq.jms:rabbitmq-jms",1.0,1.15.2,HIGH,CWE-502 -CVE-2020-36282,2021-12-10T17:15:49Z,"Unsafe Deserialization that can Result in Code Execution","com.rabbitmq.jms:rabbitmq-jms",2.0,2.2.0,HIGH,CWE-502 -CVE-2020-36319,2021-04-19T14:52:14Z,"Potential sensitive data exposure in applications using Vaadin 15",com.vaadin:flow-server,3.0.0,3.0.6,LOW,CWE-200;CWE-668 -CVE-2020-36320,2021-04-19T14:49:32Z,"Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7",com.vaadin:vaadin-bom,7.0.0.beta1,7.7.22,HIGH,CWE-400 -CVE-2020-36320,2021-04-19T14:49:32Z,"Regular expression denial of service (ReDoS) in EmailValidator class in Vaadin 7",com.vaadin:vaadin-server,7.0.0.beta1,7.7.22,HIGH,CWE-400 -CVE-2020-36321,2021-04-19T14:51:58Z,"Directory traversal in development mode handler in Vaadin 14 and 15-17",com.vaadin:flow-server,2.0.0,2.4.2,MODERATE,CWE-20;CWE-22 -CVE-2020-36321,2021-04-19T14:51:58Z,"Directory traversal in development mode handler in Vaadin 14 and 15-17",com.vaadin:flow-server,3.0.0,5.0.0,MODERATE,CWE-20;CWE-22 -CVE-2020-36518,2022-03-12T00:00:36Z,"Deeply nested json in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.12.6.1,HIGH,CWE-787 -CVE-2020-36518,2022-03-12T00:00:36Z,"Deeply nested json in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.13.0,2.13.2.1,HIGH,CWE-787 -CVE-2020-36640,2023-01-05T12:30:28Z,"bonita-connector-webservice XML External Entity vulnerability","org.bonitasoft.connectors:bonita-connector-webservice",0,1.3.1,CRITICAL,CWE-611 -CVE-2020-36641,2023-01-05T12:30:27Z,"aXMLRPC XML External Entity vulnerability",fr.turri:aXMLRPC,0,1.12.1,CRITICAL,CWE-611 -CVE-2020-5206,2020-01-30T21:21:30Z,"Authentication Bypass For Endpoints With Anonymous Access in Opencast","org.opencastproject:opencast-kernel",0,7.6,CRITICAL,CWE-285 -CVE-2020-5206,2020-01-30T21:21:30Z,"Authentication Bypass For Endpoints With Anonymous Access in Opencast","org.opencastproject:opencast-kernel",8.0,8.1,CRITICAL,CWE-285 -CVE-2020-5207,2020-01-27T19:28:40Z,"Request smuggling is possible when both chunked TE and content length specified",io.ktor:ktor-client-cio,0,1.3.0,LOW,CWE-444 -CVE-2020-5207,2020-01-27T19:28:40Z,"Request smuggling is possible when both chunked TE and content length specified",io.ktor:ktor-server-cio,0,1.3.0,LOW,CWE-444 -CVE-2020-5222,2020-01-30T21:21:44Z,"Hard-Coded Key Used For Remember-me Token in Opencast","org.opencastproject:opencast-kernel",0,7.6,MODERATE,CWE-798 -CVE-2020-5222,2020-01-30T21:21:44Z,"Hard-Coded Key Used For Remember-me Token in Opencast","org.opencastproject:opencast-kernel",8.0,8.1,MODERATE,CWE-798 -CVE-2020-5228,2020-01-30T21:22:06Z,"Unauthenticated Access Via OAI-PMH","org.opencastproject:opencast-oaipmh-api",0,7.6,HIGH,CWE-862 -CVE-2020-5228,2020-01-30T21:22:06Z,"Unauthenticated Access Via OAI-PMH","org.opencastproject:opencast-oaipmh-api",8.0,8.1,HIGH,CWE-862 -CVE-2020-5229,2020-01-30T21:21:58Z,"Password Hashing: Do not use MD5","org.opencastproject:opencast-common-jpa-impl",0,7.6,LOW,CWE-327 -CVE-2020-5229,2020-01-30T21:21:58Z,"Password Hashing: Do not use MD5","org.opencastproject:opencast-common-jpa-impl",8.0,8.1,LOW,CWE-327 -CVE-2020-5230,2020-01-30T21:21:50Z,"Unsafe Identifiers in Opencast",org.opencastproject:base,0,7.6,MODERATE,CWE-99 -CVE-2020-5230,2020-01-30T21:21:50Z,"Unsafe Identifiers in Opencast",org.opencastproject:base,8.0,8.1,MODERATE,CWE-99 -CVE-2020-5231,2020-01-30T21:21:37Z,"Users with ROLE_COURSE_ADMIN can create new users in Opencast","org.opencastproject:opencast-kernel",0,7.6,MODERATE,CWE-285 -CVE-2020-5231,2020-01-30T21:21:37Z,"Users with ROLE_COURSE_ADMIN can create new users in Opencast","org.opencastproject:opencast-kernel",8.0,8.1,MODERATE,CWE-285 -CVE-2020-5245,2020-02-24T17:27:27Z,"Remote Code Execution (RCE) vulnerability in dropwizard-validation","io.dropwizard:dropwizard-validation",1.3.0,1.3.19,HIGH,CWE-74 -CVE-2020-5245,2020-02-24T17:27:27Z,"Remote Code Execution (RCE) vulnerability in dropwizard-validation","io.dropwizard:dropwizard-validation",2.0.0,2.0.2,HIGH,CWE-74 -CVE-2020-5280,2020-03-25T17:35:51Z,"Local file inclusion vulnerability in http4s","org.http4s:http4s-server_2.12",0,0.18.26,CRITICAL,CWE-23 -CVE-2020-5280,2020-03-25T17:35:51Z,"Local file inclusion vulnerability in http4s","org.http4s:http4s-server_2.12",0.19.0,0.20.20,CRITICAL,CWE-23 -CVE-2020-5280,2020-03-25T17:35:51Z,"Local file inclusion vulnerability in http4s","org.http4s:http4s-server_2.12",0.21.0,0.21.2,CRITICAL,CWE-23 -CVE-2020-5289,2020-03-30T20:09:58Z,"Read permissions not enforced for client provided filter expressions in Elide.","com.yahoo.elide:elide-core",0,4.5.14,HIGH,CWE-285 -CVE-2020-5397,2020-01-21T20:59:33Z,"CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux","org.springframework:spring-webflux",5.2.0,5.2.3,MODERATE,CWE-352 -CVE-2020-5397,2020-01-21T20:59:33Z,"CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux","org.springframework:spring-webmvc",5.2.0,5.2.3,MODERATE,CWE-352 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webflux",5.0.0.RELEASE,5.0.16.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webflux",5.1.0.RELEASE,5.1.13.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webflux",5.2.0.RELEASE,5.2.3.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webmvc",5.0.0.RELEASE,5.0.16.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webmvc",5.1.0.RELEASE,5.1.13.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5398,2020-01-21T20:59:09Z,"RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application","org.springframework:spring-webmvc",5.2.0.RELEASE,5.2.3.RELEASE,HIGH,CWE-494;CWE-79 -CVE-2020-5403,2022-02-10T20:24:21Z,"Improper Handling of Exceptional Conditions and Improper Input Validation in Reactor Netty","io.projectreactor.netty:reactor-netty-http",0.9.3,0.9.5,HIGH,CWE-20;CWE-755 -CVE-2020-5404,2022-02-10T20:24:17Z,"Insufficiently Protected Credentials in Reactor Netty","io.projectreactor.netty:reactor-netty-http",0.8.0,0.8.16,MODERATE,CWE-522 -CVE-2020-5404,2022-02-10T20:24:17Z,"Insufficiently Protected Credentials in Reactor Netty","io.projectreactor.netty:reactor-netty-http",0.9.0,0.9.5,MODERATE,CWE-522 -CVE-2020-5405,2020-06-05T16:11:36Z,"Directory traversal attack in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.1.0,2.1.7,MODERATE,CWE-22;CWE-23 -CVE-2020-5405,2020-06-05T16:11:36Z,"Directory traversal attack in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.2.0,2.2.2,MODERATE,CWE-22;CWE-23 -CVE-2020-5407,2020-06-05T16:13:29Z,"Signature wrapping vulnerability in Spring Security","org.springframework.security:spring-security-core",5.2.0,5.2.4,HIGH,CWE-347 -CVE-2020-5407,2020-06-05T16:13:29Z,"Signature wrapping vulnerability in Spring Security","org.springframework.security:spring-security-core",5.3.0,5.3.2,HIGH,CWE-347 -CVE-2020-5408,2020-06-15T19:34:31Z,"Insufficient Entropy in Spring Security","org.springframework.security:spring-security-core",0,4.2.16,MODERATE,CWE-329;CWE-330 -CVE-2020-5408,2020-06-15T19:34:31Z,"Insufficient Entropy in Spring Security","org.springframework.security:spring-security-core",5.0.0,5.0.16,MODERATE,CWE-329;CWE-330 -CVE-2020-5408,2020-06-15T19:34:31Z,"Insufficient Entropy in Spring Security","org.springframework.security:spring-security-core",5.1.0,5.1.10,MODERATE,CWE-329;CWE-330 -CVE-2020-5408,2020-06-15T19:34:31Z,"Insufficient Entropy in Spring Security","org.springframework.security:spring-security-core",5.2.0,5.2.4,MODERATE,CWE-329;CWE-330 -CVE-2020-5408,2020-06-15T19:34:31Z,"Insufficient Entropy in Spring Security","org.springframework.security:spring-security-core",5.3.0,5.3.2,MODERATE,CWE-329;CWE-330 -CVE-2020-5410,2020-06-05T16:13:20Z,"Directory traversal attack in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.1.0,2.1.9,HIGH,CWE-22;CWE-23 -CVE-2020-5410,2020-06-05T16:13:20Z,"Directory traversal attack in Spring Cloud Config","org.springframework.cloud:spring-cloud-config-server",2.2.0,2.2.3,HIGH,CWE-22;CWE-23 -CVE-2020-5411,2022-05-24T17:20:22Z,"Deserialization of Untrusted Data in Spring Batch","org.springframework.batch:spring-batch-core",4.0.0,4.2.3,HIGH,CWE-502 -CVE-2020-5412,2021-04-30T17:29:42Z,"Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix","org.springframework.cloud:spring-cloud-netflix",2.1.0,2.1.6,MODERATE,CWE-441;CWE-610 -CVE-2020-5412,2021-04-30T17:29:42Z,"Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix","org.springframework.cloud:spring-cloud-netflix",2.2.0,2.2.4,MODERATE,CWE-441;CWE-610 -CVE-2020-5413,2020-08-05T14:53:06Z,"Code execution in Spring Integration","org.springframework.integration:spring-integration-core",4.3.0,4.3.23,CRITICAL,CWE-502 -CVE-2020-5413,2020-08-05T14:53:06Z,"Code execution in Spring Integration","org.springframework.integration:spring-integration-core",5.1.0,5.1.12,CRITICAL,CWE-502 -CVE-2020-5413,2020-08-05T14:53:06Z,"Code execution in Spring Integration","org.springframework.integration:spring-integration-core",5.2.0,5.2.8,CRITICAL,CWE-502 -CVE-2020-5413,2020-08-05T14:53:06Z,"Code execution in Spring Integration","org.springframework.integration:spring-integration-core",5.3.0,5.3.2,CRITICAL,CWE-502 -CVE-2020-5421,2021-04-30T17:29:51Z,"Improper Input Validation in Spring Framework","org.springframework:spring-framework-bom",0,4.3.29,MODERATE,CWE-35 -CVE-2020-5421,2021-04-30T17:29:51Z,"Improper Input Validation in Spring Framework","org.springframework:spring-framework-bom",5.0.0,5.0.19,MODERATE,CWE-35 -CVE-2020-5421,2021-04-30T17:29:51Z,"Improper Input Validation in Spring Framework","org.springframework:spring-framework-bom",5.1.0,5.1.18,MODERATE,CWE-35 -CVE-2020-5421,2021-04-30T17:29:51Z,"Improper Input Validation in Spring Framework","org.springframework:spring-framework-bom",5.2.0,5.2.9,MODERATE,CWE-35 -CVE-2020-5428,2022-02-09T22:16:53Z,"SQL Injection in Spring Cloud Task","org.springframework.cloud:spring-cloud-task-dependencies",0,2.2.5,MODERATE,CWE-89 -CVE-2020-5497,2020-04-01T16:35:44Z,"XSS in MITREid Connect","org.mitre:openid-connect-server",0,,MODERATE,CWE-79 -CVE-2020-5529,2020-05-21T21:08:33Z,"Code execution vulnerability in HtmlUnit","net.sourceforge.htmlunit:htmlunit",0,2.37.0,HIGH,CWE-665;CWE-94 -CVE-2020-6858,2020-03-03T15:32:03Z,"HTTP Response Splitting in Styx",com.hotels.styx:styx-api,0,1.0.0-rc1,MODERATE,CWE-74 -CVE-2020-6950,2021-09-01T18:23:58Z,"Directory traversal in Eclipse Mojarra","org.glassfish:mojarra-parent",0,2.3.14,HIGH,CWE-22 -CVE-2020-7009,2022-05-24T17:13:01Z,"Improper Privilege Management in Elasticsearch","org.elasticsearch:elasticsearch",6.7.0,6.8.8,HIGH,CWE-266;CWE-269 -CVE-2020-7009,2022-05-24T17:13:01Z,"Improper Privilege Management in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.6.2,HIGH,CWE-266;CWE-269 -CVE-2020-7014,2021-03-18T19:27:20Z,"Privilege Escalation Flaw in Elasticsearch","org.elasticsearch:elasticsearch",6.7.0,6.8.8,MODERATE,CWE-266;CWE-269 -CVE-2020-7014,2021-03-18T19:27:20Z,"Privilege Escalation Flaw in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.6.2,MODERATE,CWE-266;CWE-269 -CVE-2020-7019,2022-05-24T17:26:07Z,"Improper privilege management in elasticsearch","org.elasticsearch:elasticsearch",0,6.8.12,MODERATE,CWE-269 -CVE-2020-7019,2022-05-24T17:26:07Z,"Improper privilege management in elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.9.0,MODERATE,CWE-269 -CVE-2020-7020,2021-03-18T19:27:13Z,"Privilege Context Switching Error in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.13,LOW,CWE-269;CWE-270 -CVE-2020-7020,2021-03-18T19:27:13Z,"Privilege Context Switching Error in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.9.2,LOW,CWE-269;CWE-270 -CVE-2020-7021,2022-05-24T17:41:42Z,"Insertion of Sensitive Information into Log File in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.14,MODERATE,CWE-532 -CVE-2020-7021,2022-05-24T17:41:42Z,"Insertion of Sensitive Information into Log File in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.10.0,MODERATE,CWE-532 -CVE-2020-7226,2020-06-10T20:02:58Z,"Denial of Service in Cryptacular","org.cryptacular:cryptacular",0,1.1.4,HIGH,CWE-770 -CVE-2020-7226,2020-06-10T20:02:58Z,"Denial of Service in Cryptacular","org.cryptacular:cryptacular",1.2.0,1.2.4,HIGH,CWE-770 -CVE-2020-7238,2020-02-21T18:55:50Z,"HTTP Request Smuggling in Netty",io.netty:netty-handler,4.1.43,4.1.45,HIGH,CWE-444 -CVE-2020-7599,2022-05-24T17:12:57Z,"Exposure of Sensitive Information in Gradle publish plugin","com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin",0,0.11.0,MODERATE,CWE-532 -CVE-2020-7599,2022-05-24T17:12:57Z,"Exposure of Sensitive Information in Gradle publish plugin","com.gradle.publish:plugin-publish-plugin",0,0.11.0,MODERATE,CWE-532 -CVE-2020-7611,2020-03-30T20:54:55Z,"Micronaut's HTTP client is vulnerable to HTTP Request Header Injection","io.micronaut:micronaut-http-client",0,1.2.11,CRITICAL,CWE-444 -CVE-2020-7611,2020-03-30T20:54:55Z,"Micronaut's HTTP client is vulnerable to HTTP Request Header Injection","io.micronaut:micronaut-http-client",1.3.0,1.3.2,CRITICAL,CWE-444 -CVE-2020-7622,2020-04-03T15:23:30Z,"Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)",io.jooby:jooby-netty,0,2.2.1,CRITICAL,CWE-444 -CVE-2020-7647,2020-05-13T16:29:26Z,"path traversal in Jooby",io.jooby:jooby,0,2.8.2,MODERATE,CWE-22 -CVE-2020-7647,2020-05-13T16:29:26Z,"path traversal in Jooby",org.jooby:jooby,0,2.8.2,MODERATE,CWE-22 -CVE-2020-7656,2020-05-20T16:18:01Z,"Cross-Site Scripting in jquery",org.webjars.npm:jquery,1.2.1,1.9.0,MODERATE,CWE-79 -CVE-2020-7677,2022-07-18T19:15:29Z,"thenify before 3.3.1 made use of unsafe calls to `eval`.",org.webjars.npm:thenify,0,3.3.1,CRITICAL,CWE-78 -CVE-2020-7692,2021-09-28T16:16:52Z,"Improper Authorization in Google OAuth Client","com.google.oauth-client:google-oauth-client",0,1.31.0,HIGH,CWE-862;CWE-863 -CVE-2020-7712,2021-05-06T18:11:21Z,"trentm/json vulnerable to command injection",org.webjars.npm:json,0,,HIGH,CWE-78 -CVE-2020-7744,2021-04-22T16:15:15Z,"Remote Code Execution and download tracking in Mintegral SDK","com.mintegral.msdk:alphab",0,,MODERATE,CWE-319 -CVE-2020-7780,2022-02-09T23:06:40Z,"Cross-Site Request Forgery","com.softwaremill.akka-http-session:core_2.11",0,0.5.11,MODERATE,CWE-352 -CVE-2020-7780,2022-02-09T23:06:40Z,"Cross-Site Request Forgery","com.softwaremill.akka-http-session:core_2.12",0,0.5.11,MODERATE,CWE-352 -CVE-2020-7780,2022-02-09T23:06:40Z,"Cross-Site Request Forgery","com.softwaremill.akka-http-session:core_2.13",0,0.5.11,MODERATE,CWE-352 -CVE-2020-7961,2022-05-24T17:12:05Z,"Deserialization of Untrusted Data in Liferay Portal","com.liferay.portal:com.liferay.portal.kernel",0,4.35.3,CRITICAL,CWE-502 -CVE-2020-8022,2022-02-09T23:01:49Z,"Incorrect Default Permissions in Apache Tomcat",org.apache.tomcat:tomcat,0,8.0.53,HIGH,CWE-276 -CVE-2020-8022,2022-02-09T23:01:49Z,"Incorrect Default Permissions in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0,9.0.35,HIGH,CWE-276 -CVE-2020-8441,2022-05-24T17:09:22Z,"Deserialization of Untrusted Data in JYaml",org.jyaml:jyaml,0,,CRITICAL,CWE-502 -CVE-2020-8570,2021-01-29T18:12:54Z,"Path Traversal in the Java Kubernetes Client","io.kubernetes:client-java",0,9.0.2,HIGH,CWE-22 -CVE-2020-8570,2021-01-29T18:12:54Z,"Path Traversal in the Java Kubernetes Client","io.kubernetes:client-java",10.0.0,10.0.1,HIGH,CWE-22 -CVE-2020-8840,2020-03-04T20:52:14Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.6.7.4,CRITICAL,CWE-502 -CVE-2020-8840,2020-03-04T20:52:14Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.7,CRITICAL,CWE-502 -CVE-2020-8840,2020-03-04T20:52:14Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.5,CRITICAL,CWE-502 -CVE-2020-8840,2020-03-04T20:52:14Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.3,CRITICAL,CWE-502 -CVE-2020-8897,2021-10-12T16:01:12Z,"Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness","com.amazonaws:aws-encryption-sdk-java",0,2.0.0,HIGH,CWE-327 -CVE-2020-8908,2021-03-25T17:04:19Z,"Information Disclosure in Guava",com.google.guava:guava,0,32.0.0-android,LOW,"CWE-173;CWE-200;CWE-378;CWE-732" -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",0,2.14.22,LOW,CWE-863 -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",2.15.0,2.15.21,LOW,CWE-863 -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",2.16.0,2.16.25,LOW,CWE-863 -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",3.0.0,3.0.15,LOW,CWE-863 -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",3.1.0,3.1.10,LOW,CWE-863 -CVE-2020-8920,2022-05-24T17:35:58Z,"Information leak in Gerrit","com.google.gerrit:gerrit-plugin-api",3.2.0,3.2.5,LOW,CWE-863 -CVE-2020-8929,2020-10-16T00:51:24Z,"Ciphertext Malleability Issue in Tink Java","com.google.crypto.tink:tink",0,1.5.0,MODERATE,CWE-176;CWE-327 -CVE-2020-9296,2022-02-10T23:06:57Z,"Expression Language Injection in Netflix Conductor","com.netflix.conductor:conductor-core",0,2.25.4,CRITICAL,CWE-917 -CVE-2020-9298,2021-05-07T15:54:31Z,"Server-Side Request Forgery in Spinnaker Orca","com.netflix.spinnaker.orca:orca-core",0,8.7.0,HIGH,CWE-918 -CVE-2020-9447,2021-04-22T16:15:33Z,"Cross-site Scripting in GwtUpload","com.googlecode.gwtupload:gwtupload",0,,MODERATE,CWE-79 -CVE-2020-9480,2022-02-10T23:05:20Z,"Improper Authentication in Apache Spark","org.apache.spark:spark-parent_2.11",0,2.4.6,CRITICAL,CWE-287;CWE-306 -CVE-2020-9482,2022-02-09T00:23:06Z,"Insufficient Session Expiration in Apache NiFi Registry","org.apache.nifi.registry:nifi-registry-web-api",0.1.0,0.7.0,MODERATE,CWE-613 -CVE-2020-9484,2020-05-21T18:52:29Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat:tomcat-catalina",10.0.0-M1,10.0.0-M5,HIGH,CWE-502 -CVE-2020-9484,2020-05-21T18:52:29Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat:tomcat-catalina",7.0.0,7.0.104,HIGH,CWE-502 -CVE-2020-9484,2020-05-21T18:52:29Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat:tomcat-catalina",8.0.0,8.5.55,HIGH,CWE-502 -CVE-2020-9484,2020-05-21T18:52:29Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat:tomcat-catalina",9.0.0,9.0.35,HIGH,CWE-502 -CVE-2020-9486,2022-01-06T20:41:02Z,"Insertion of Sensitive Information into Log File in Apache NiFi Stateless","org.apache.nifi:nifi-stateless",1.10.0,1.12.0-RC1,HIGH,CWE-532 -CVE-2020-9487,2022-01-06T20:41:04Z,"Missing Authentication for Critical Function in Apache NiFi",org.apache.nifi:nifi,1.0.0,1.12.0-RC1,HIGH,CWE-306 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j",0,2.3.2,LOW,CWE-295 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j",2.13.0,2.13.2,LOW,CWE-295 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j",2.4.0,2.12.3,LOW,CWE-295 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j-core",0,2.3.2,LOW,CWE-295 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j-core",2.13.0,2.13.2,LOW,CWE-295 -CVE-2020-9488,2020-06-05T14:15:51Z,"Improper validation of certificate with host mismatch in Apache Log4j SMTP appender","org.apache.logging.log4j:log4j-core",2.4.0,2.12.3,LOW,CWE-295 -CVE-2020-9489,2021-05-07T15:53:40Z,"Missing Release of Memory after Effective Lifetime in Apache Tika",org.apache.tika:tika,0,1.24.1,MODERATE,CWE-401;CWE-835 -CVE-2020-9491,2022-01-06T20:41:06Z,"Inadequate Encryption Strength in Apache NiFi",org.apache.nifi:nifi,1.2.0,1.12.0-RC1,HIGH,CWE-327 -CVE-2020-9492,2022-02-09T22:17:38Z,"Improper Privilege Management in Apache Hadoop","org.apache.hadoop:hadoop-common",2.0.0,2.10.1,HIGH,CWE-269;CWE-863 -CVE-2020-9492,2022-02-09T22:17:38Z,"Improper Privilege Management in Apache Hadoop","org.apache.hadoop:hadoop-common",3.0.0,3.1.4,HIGH,CWE-269;CWE-863 -CVE-2020-9492,2022-02-09T22:17:38Z,"Improper Privilege Management in Apache Hadoop","org.apache.hadoop:hadoop-common",3.2.0,3.2.2,HIGH,CWE-269;CWE-863 -CVE-2020-9495,2022-02-10T23:06:22Z,"Injection in Apache Archiva","org.apache.archiva:archiva",0,2.2.5,MODERATE,CWE-74 -CVE-2020-9546,2020-04-23T21:08:40Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,CRITICAL,CWE-502 -CVE-2020-9547,2020-05-15T18:59:10Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.7.9.7,CRITICAL,CWE-502 -CVE-2020-9547,2020-05-15T18:59:10Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.6,CRITICAL,CWE-502 -CVE-2020-9547,2020-05-15T18:59:10Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,CRITICAL,CWE-502 -CVE-2020-9548,2020-05-15T18:59:01Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.0.0,2.7.9.7,CRITICAL,CWE-502 -CVE-2020-9548,2020-05-15T18:59:01Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.6,CRITICAL,CWE-502 -CVE-2020-9548,2020-05-15T18:59:01Z,"jackson-databind mishandles the interaction between serialization gadgets and typing","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.10.4,CRITICAL,CWE-502 -CVE-2021-20190,2021-01-20T21:20:15Z,"Deserialization of untrusted data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.6.7.5,HIGH,CWE-502 -CVE-2021-20190,2021-01-20T21:20:15Z,"Deserialization of untrusted data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.9.10.7,HIGH,CWE-502 -CVE-2021-20195,2021-06-08T23:02:43Z,"keycloak Self Stored Cross-site Scripting vulnerability","org.keycloak:keycloak-core",0,13.0.0,CRITICAL,CWE-116;CWE-20;CWE-79 -CVE-2021-20202,2022-03-18T17:50:45Z,"Temporary Directory Hijacking Vulnerability in Keycloak","org.keycloak:keycloak-core",0,13.0.0,HIGH,CWE-377 -CVE-2021-20218,2022-05-24T17:44:37Z,"Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client","io.fabric8:kubernetes-client",4.12.0,4.13.2,HIGH,CWE-22 -CVE-2021-20218,2022-05-24T17:44:37Z,"Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client","io.fabric8:kubernetes-client",4.2.0,4.7.2,HIGH,CWE-22 -CVE-2021-20218,2022-05-24T17:44:37Z,"Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client","io.fabric8:kubernetes-client",4.8.0,4.11.2,HIGH,CWE-22 -CVE-2021-20218,2022-05-24T17:44:37Z,"Improper Limitation of a Pathname to a Restricted Directory in Fabric8 Kubernetes Client","io.fabric8:kubernetes-client",5.0.0,5.0.2,HIGH,CWE-22 -CVE-2021-20220,2021-06-16T17:47:52Z,"HTTP request smuggling in Undertow","io.undertow:undertow-core",0,2.0.34,MODERATE,CWE-444 -CVE-2021-20220,2021-06-16T17:47:52Z,"HTTP request smuggling in Undertow","io.undertow:undertow-core",2.1.0,2.1.6,MODERATE,CWE-444 -CVE-2021-20222,2021-05-13T22:29:51Z,"Code injection in keycloak","org.keycloak:keycloak-parent",9.0.0,12.0.3,HIGH,CWE-20;CWE-79 -CVE-2021-20250,2022-05-24T19:02:23Z,"JBoss EJB Client information disclosure vulnerability","org.jboss:jboss-ejb-client",0,4.0.39,MODERATE,CWE-200 -CVE-2021-20262,2021-03-12T21:33:42Z,"Keycloak Missing authentication for critical function","org.keycloak:keycloak-core",0,,MODERATE,CWE-306 -CVE-2021-20289,2021-04-07T21:51:33Z,"Exposure of class information in RESTEasy","org.jboss.resteasy:resteasy-core",3.0.0,3.16.0,MODERATE,CWE-209;CWE-668 -CVE-2021-20289,2021-04-07T21:51:33Z,"Exposure of class information in RESTEasy","org.jboss.resteasy:resteasy-core",4.0.0,4.5.10,MODERATE,CWE-209;CWE-668 -CVE-2021-20289,2021-04-07T21:51:33Z,"Exposure of class information in RESTEasy","org.jboss.resteasy:resteasy-core",4.6.0,4.6.1,MODERATE,CWE-209;CWE-668 -CVE-2021-20293,2021-06-15T15:59:27Z,"Cross-Site Scripting","org.jboss.resteasy:resteasy-bom",0,,HIGH,CWE-79 -CVE-2021-20293,2021-06-15T15:59:27Z,"Cross-Site Scripting","org.jboss.resteasy:resteasy-core",0,,HIGH,CWE-79 -CVE-2021-20323,2022-03-26T00:00:31Z,"Cross-site Scripting in Keycloak","org.keycloak:keycloak-core",15.0.0,17.0.0,MODERATE,CWE-79 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongo-java-driver",3.11.0,3.11.3,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongo-java-driver",3.12.0,3.12.8,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver",3.11.0,3.11.3,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver",3.12.0,3.12.8,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-legacy",3.11.0,3.11.3,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-legacy",3.12.0,3.12.8,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-legacy",4.0.0,4.0.6,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-legacy",4.1.0,4.1.2,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-legacy",4.2.0,4.2.1,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-sync",3.11.0,3.11.3,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-sync",3.12.0,3.12.8,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-sync",4.0.0,4.0.6,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-sync",4.1.0,4.1.2,MODERATE,CWE-295 -CVE-2021-20328,2022-05-24T22:28:56Z,"Improper Certificate Validation in MongoDB","org.mongodb:mongodb-driver-sync",4.2.0,4.2.1,MODERATE,CWE-295 -CVE-2021-21028,2021-02-02T15:46:52Z,"Reflected Cross-site Scripting in ACS Commons","com.adobe.acs:acs-aem-commons",0,4.10.0,HIGH,CWE-416;CWE-79 -CVE-2021-21043,2021-05-13T22:31:14Z,"Reflected Cross-site Scripting (XSS) in ACS Commons","com.adobe.acs:acs-aem-commons",0,4.10.0,MODERATE,CWE-787;CWE-79 -CVE-2021-21234,2021-01-05T17:29:40Z,"Directory Traversal in spring-boot-actuator-logview","eu.hinsch:spring-boot-actuator-logview",0,0.2.13,HIGH,CWE-22 -CVE-2021-21290,2021-02-08T21:17:48Z,"Local Information Disclosure Vulnerability in Netty on Unix-Like systems","io.netty:netty-codec-http",4.0.0,4.1.59.Final,MODERATE,CWE-378;CWE-379;CWE-668 -CVE-2021-21290,2021-02-08T21:17:48Z,"Local Information Disclosure Vulnerability in Netty on Unix-Like systems",io.netty:netty,0,,MODERATE,CWE-378;CWE-379;CWE-668 -CVE-2021-21290,2021-02-08T21:17:48Z,"Local Information Disclosure Vulnerability in Netty on Unix-Like systems",org.jboss.netty:netty,0,,MODERATE,CWE-378;CWE-379;CWE-668 -CVE-2021-21293,2021-02-02T21:42:49Z,"Unbounded connection acceptance leads to file handle exhaustion","org.http4s:blaze-core_2.11",0,0.14.15,HIGH,CWE-400;CWE-770 -CVE-2021-21293,2021-02-02T21:42:49Z,"Unbounded connection acceptance leads to file handle exhaustion","org.http4s:blaze-core_2.12",0,0.14.15,HIGH,CWE-400;CWE-770 -CVE-2021-21293,2021-02-02T21:42:49Z,"Unbounded connection acceptance leads to file handle exhaustion","org.http4s:blaze-core_2.13",0,0.14.15,HIGH,CWE-400;CWE-770 -CVE-2021-21294,2021-02-02T21:42:56Z,"Unbounded connection acceptance in http4s-blaze-server","org.http4s:http4s-blaze-server_2.12",0,0.21.17,HIGH,CWE-400;CWE-770 -CVE-2021-21294,2021-02-02T21:42:56Z,"Unbounded connection acceptance in http4s-blaze-server","org.http4s:http4s-blaze-server_2.13",0,0.21.17,HIGH,CWE-400;CWE-770 -CVE-2021-21295,2021-03-09T18:49:49Z,"Possible request smuggling in HTTP/2 due missing validation","io.netty:netty-codec-http2",4.0.0,4.1.60.Final,MODERATE,CWE-444 -CVE-2021-21295,2021-03-09T18:49:49Z,"Possible request smuggling in HTTP/2 due missing validation",io.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-21295,2021-03-09T18:49:49Z,"Possible request smuggling in HTTP/2 due missing validation",org.jboss.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-21331,2021-03-03T23:01:17Z,"Local Information Disclosure Vulnerability","com.datadoghq:datadog-api-client",1.0.0-beta.6,1.0.0-beta.9,LOW,CWE-378;CWE-379 -CVE-2021-21341,2021-03-22T23:27:51Z,"XStream can cause a Denial of Service.","com.thoughtworks.xstream:xstream",0,1.4.16,HIGH,CWE-400;CWE-502;CWE-835 -CVE-2021-21342,2021-03-22T23:28:01Z,"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-502;CWE-918 -CVE-2021-21343,2021-03-22T23:28:13Z,"XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-502;CWE-73 -CVE-2021-21344,2021-03-22T23:28:23Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-434;CWE-502 -CVE-2021-21345,2021-03-22T23:28:38Z,"XStream is vulnerable to a Remote Command Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-78;CWE-94 -CVE-2021-21346,2021-03-22T23:28:49Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-434;CWE-502 -CVE-2021-21347,2021-03-22T23:29:00Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-434;CWE-502 -CVE-2021-21348,2021-03-22T23:29:09Z,"XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-400;CWE-502 -CVE-2021-21349,2021-03-22T23:29:19Z,"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-502;CWE-918 -CVE-2021-21350,2021-03-22T23:29:28Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-434;CWE-502 -CVE-2021-21351,2021-03-22T23:29:37Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.16,MODERATE,CWE-434;CWE-502 -CVE-2021-21361,2021-03-09T00:38:41Z,"Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin","com.bmuschko:gradle-vagrant-plugin",0.6,3.0.0,HIGH,CWE-532 -CVE-2021-21363,2021-03-11T03:09:16Z,"Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory","io.swagger:swagger-codegen",0,2.4.19,LOW,CWE-378;CWE-379 -CVE-2021-21364,2021-03-11T03:09:18Z,"Generated Code Contains Local Information Disclosure Vulnerability","io.swagger:swagger-codegen",0,2.4.19,MODERATE,CWE-200;CWE-378;CWE-732 -CVE-2021-21379,2021-03-23T22:47:26Z,"It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro","org.xwiki.platform:xwiki-platform-rendering-wikimacro-store",11.4,11.10.11,LOW,CWE-281 -CVE-2021-21379,2021-03-23T22:47:26Z,"It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro","org.xwiki.platform:xwiki-platform-rendering-wikimacro-store",12.0,12.6.3,LOW,CWE-281 -CVE-2021-21379,2021-03-23T22:47:26Z,"It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro","org.xwiki.platform:xwiki-platform-rendering-wikimacro-store",12.7,12.8,LOW,CWE-281 -CVE-2021-21380,2021-03-23T22:48:01Z,"Rating Script Service expose XWiki to SQL injection","org.xwiki.platform:xwiki-platform-ratings-api",0,12.9,HIGH,CWE-89 -CVE-2021-21409,2021-03-30T15:10:38Z,"Possible request smuggling in HTTP/2 due missing validation of content-length","io.netty:netty-codec-http2",4.0.0,4.1.61.Final,MODERATE,CWE-444 -CVE-2021-21409,2021-03-30T15:10:38Z,"Possible request smuggling in HTTP/2 due missing validation of content-length",io.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-21409,2021-03-30T15:10:38Z,"Possible request smuggling in HTTP/2 due missing validation of content-length",org.jboss.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-21428,2021-05-11T00:04:40Z,"Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator","org.openapitools:openapi-generator-online",0,5.1.0,CRITICAL,"CWE-269;CWE-377;CWE-378;CWE-379;CWE-668" -CVE-2021-21429,2021-04-29T21:51:37Z,"Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin","org.openapitools:openapi-generator-maven-plugin",0,5.1.0,MODERATE,"CWE-377;CWE-378;CWE-379;CWE-552" -CVE-2021-21430,2021-05-11T00:05:06Z,"Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code","org.openapitools:openapi-generator",0,5.1.0,MODERATE,"CWE-269;CWE-377;CWE-378;CWE-379;CWE-668" -CVE-2021-21479,2021-02-10T02:31:53Z,"Remote Code Execution in SCIMono","com.sap.scimono:scimono-server",0,0.0.19,HIGH,"CWE-59;CWE-62;CWE-690;CWE-74;CWE-77;CWE-917" -CVE-2021-21602,2022-05-24T17:39:12Z,"Arbitrary file read vulnerability in workspace browsers in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-59 -CVE-2021-21602,2022-05-24T17:39:12Z,"Arbitrary file read vulnerability in workspace browsers in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-59 -CVE-2021-21603,2022-05-24T17:39:12Z,"XSS vulnerability in Jenkins notification bar","org.jenkins-ci.main:jenkins-core",0,2.275,MODERATE,CWE-79 -CVE-2021-21603,2022-05-24T17:39:12Z,"XSS vulnerability in Jenkins notification bar","org.jenkins-ci.main:jenkins-core",2.263.2,2.275,MODERATE,CWE-79 -CVE-2021-21604,2022-05-24T17:39:12Z,"Improper handling of REST API XML deserialization errors in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.2,HIGH,CWE-502 -CVE-2021-21604,2022-05-24T17:39:12Z,"Improper handling of REST API XML deserialization errors in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.275,HIGH,CWE-502 -CVE-2021-21605,2022-05-24T17:39:13Z,"Path traversal vulnerability in Jenkins agent names","org.jenkins-ci.main:jenkins-core",0,2.263.2,HIGH,CWE-20;CWE-22 -CVE-2021-21605,2022-05-24T17:39:13Z,"Path traversal vulnerability in Jenkins agent names","org.jenkins-ci.main:jenkins-core",2.264,2.275,HIGH,CWE-20;CWE-22 -CVE-2021-21606,2022-05-24T17:39:12Z,"Arbitrary file existence check in file fingerprints in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-20 -CVE-2021-21606,2022-05-24T17:39:12Z,"Arbitrary file existence check in file fingerprints in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-20 -CVE-2021-21607,2022-05-24T17:39:13Z,"Excessive memory allocation in graph URLs leads to denial of service in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-770 -CVE-2021-21607,2022-05-24T17:39:13Z,"Excessive memory allocation in graph URLs leads to denial of service in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-770 -CVE-2021-21608,2022-05-24T17:39:12Z,"Stored XSS vulnerability in Jenkins button labels","org.jenkins-ci.main:jenkins-core",0,2.275,MODERATE,CWE-79 -CVE-2021-21608,2022-05-24T17:39:12Z,"Stored XSS vulnerability in Jenkins button labels","org.jenkins-ci.main:jenkins-core",2.263.2,2.275,MODERATE,CWE-79 -CVE-2021-21609,2022-05-24T17:39:12Z,"Missing permission check for paths with specific prefix in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-863 -CVE-2021-21609,2022-05-24T17:39:12Z,"Missing permission check for paths with specific prefix in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-863 -CVE-2021-21610,2022-05-24T17:39:13Z,"Reflected XSS vulnerability in Jenkins markup formatter preview","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-79 -CVE-2021-21610,2022-05-24T17:39:13Z,"Reflected XSS vulnerability in Jenkins markup formatter preview","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-79 -CVE-2021-21611,2022-05-24T17:39:13Z,"Stored XSS vulnerability in Jenkins on new item page","org.jenkins-ci.main:jenkins-core",0,2.263.2,MODERATE,CWE-79 -CVE-2021-21611,2022-05-24T17:39:13Z,"Stored XSS vulnerability in Jenkins on new item page","org.jenkins-ci.main:jenkins-core",2.264,2.275,MODERATE,CWE-79 -CVE-2021-21612,2022-05-24T17:39:13Z,"Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin","de.tracetronic.jenkins.plugins:ecutest",0,2.24,MODERATE,CWE-522 -CVE-2021-21613,2022-05-24T17:39:13Z,"XSS vulnerability in Jenkins TICS Plugin",io.jenkins.plugins:tics,0,2020.3.0.7,MODERATE,CWE-79 -CVE-2021-21614,2022-05-24T17:39:13Z,"Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin","org.jenkins-ci.plugins:bumblebee",0,4.1.6,MODERATE,CWE-522 -CVE-2021-21615,2022-05-24T17:40:19Z,"Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.263.3,MODERATE,CWE-367 -CVE-2021-21615,2022-05-24T17:40:19Z,"Time-of-check Time-of-use (TOCTOU) Race Condition in Jenkins","org.jenkins-ci.main:jenkins-core",2.264,2.276,MODERATE,CWE-367 -CVE-2021-21616,2022-05-24T17:43:01Z,"Stored XSS vulnerability in Jenkins Active Choices Plugin",org.biouno:uno-choice,0,2.5.3,MODERATE,CWE-79 -CVE-2021-21617,2022-05-24T17:43:00Z,"CSRF vulnerability in Jenkins Configuration Slicing Plugin","org.jenkins-ci.plugins:configurationslicing",0,1.52,HIGH,CWE-352 -CVE-2021-21618,2022-05-24T17:43:00Z,"Stored XSS vulnerability in Jenkins Repository Connector Plugin","org.jenkins-ci.plugins:repository-connector",0,2.0.3,MODERATE,CWE-79 -CVE-2021-21619,2022-05-24T17:43:01Z,"XSS vulnerability in Jenkins Claim Plugin","org.jenkins-ci.plugins:claim",0,2.18.2,MODERATE,CWE-79 -CVE-2021-21620,2021-06-16T17:29:43Z,"Cross-Site Request Forgery in the Jenkins Claim plugin","org.jenkins-ci.plugins:claim",0,2.18.2,MODERATE,CWE-352 -CVE-2021-21621,2022-05-24T17:43:01Z,"Support bundles can include user session IDs in Jenkins Support Core Plugin","org.jenkins-ci.plugins:support-core",0,2.72.1,LOW,CWE-200 -CVE-2021-21622,2022-05-24T17:43:01Z,"Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin","io.jenkins.plugins:artifact-repository-parameter",0,1.0.1,MODERATE,CWE-79 -CVE-2021-21623,2022-05-24T17:44:47Z,"Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items","org.jenkins-ci.plugins:matrix-auth",0,2.6.6,MODERATE,CWE-863 -CVE-2021-21624,2022-05-24T17:44:48Z,"Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items","org.jenkins-ci.plugins:role-strategy",0,3.1.1,MODERATE,CWE-863 -CVE-2021-21625,2022-05-24T17:44:48Z,"Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:aws-credentials",0,1.28.1,MODERATE,CWE-862 -CVE-2021-21626,2022-05-24T17:44:48Z,"Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents","io.jenkins.plugins:warnings-ng",0,8.5.0,MODERATE,CWE-862 -CVE-2021-21627,2022-05-24T17:44:48Z,"CSRF vulnerability in Jenkins Libvirt Agents Plugin","org.jenkins-ci.plugins:libvirt-slave",0,1.9.1,HIGH,CWE-352 -CVE-2021-21628,2022-05-24T17:45:44Z,"Stored XSS vulnerability in Jenkins Build With Parameters Plugin","org.jenkins-ci.plugins:build-with-parameters",0,1.5.1,MODERATE,CWE-79 -CVE-2021-21629,2022-05-24T17:45:44Z,"CSRF vulnerability in Jenkins Build With Parameters Plugin","org.jenkins-ci.plugins:build-with-parameters",0,1.5.1,HIGH,CWE-352 -CVE-2021-21630,2022-05-24T17:45:44Z,"Stored XSS vulnerability in Jenkins Extra Columns Plugin","org.jenkins-ci.plugins:extra-columns",0,1.23,MODERATE,CWE-79 -CVE-2021-21631,2022-05-24T17:45:45Z,"Missing permission check in Jenkins Cloud Statistics Plugin","org.jenkins-ci.plugins:cloud-stats",0,0.27,MODERATE,CWE-862 -CVE-2021-21632,2022-05-24T17:45:46Z,"Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials","org.jenkins-ci.plugins:dependency-track",0,3.1.1,MODERATE,CWE-862 -CVE-2021-21633,2022-05-24T17:45:45Z,"CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials","org.jenkins-ci.plugins:dependency-track",0,3.1.1,HIGH,CWE-352 -CVE-2021-21634,2022-05-24T17:45:47Z,"Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin","org.jvnet.hudson.plugins:jabber",0,1.42,MODERATE,CWE-522 -CVE-2021-21635,2022-05-24T17:45:45Z,"Stored XSS vulnerability in Jenkins REST List Parameter Plugin","io.jenkins.plugins:rest-list-parameter",0,1.3.1,MODERATE,CWE-79 -CVE-2021-21636,2022-05-24T17:45:46Z,"Missing permission check in Jenkins Team Foundation Server Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:tfs",0,,MODERATE,CWE-862 -CVE-2021-21637,2022-05-24T17:45:46Z,"Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials","org.jenkins-ci.plugins:tfs",0,,MODERATE,CWE-862 -CVE-2021-21638,2022-05-24T17:45:46Z,"CSRF vulnerability in Jenkins Team Foundation Server Plugin allow capturing credentials","org.jenkins-ci.plugins:tfs",0,,HIGH,CWE-352 -CVE-2021-21639,2022-05-24T17:46:47Z,"Lack of type validation in agent related REST API in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.277.2,MODERATE,CWE-20 -CVE-2021-21639,2022-05-24T17:46:47Z,"Lack of type validation in agent related REST API in Jenkins","org.jenkins-ci.main:jenkins-core",2.278,2.287,MODERATE,CWE-20 -CVE-2021-21640,2022-05-24T17:46:47Z,"View name validation bypass in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.277.2,MODERATE,CWE-240 -CVE-2021-21640,2022-05-24T17:46:47Z,"View name validation bypass in Jenkins","org.jenkins-ci.main:jenkins-core",2.278,2.287,MODERATE,CWE-240 -CVE-2021-21641,2022-05-24T17:46:47Z,"CSRF vulnerability in Jenkins promoted builds Plugin","org.jenkins-ci.plugins:promoted-builds",0,3.9.1,MODERATE,CWE-352 -CVE-2021-21642,2022-05-24T17:48:06Z,"XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin","org.jenkins-ci.plugins:config-file-provider",0,3.7.1,HIGH,CWE-611 -CVE-2021-21643,2022-05-24T17:48:06Z,"Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:config-file-provider",0,3.7.1,MODERATE,CWE-863 -CVE-2021-21644,2022-05-24T17:48:05Z,"CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files","org.jenkins-ci.plugins:config-file-provider",0,3.7.1,MODERATE,CWE-352 -CVE-2021-21645,2022-05-24T17:48:06Z,"Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs","org.jenkins-ci.plugins:config-file-provider",0,3.7.1,MODERATE,CWE-862 -CVE-2021-21646,2022-05-24T17:48:06Z,"Remote code execution vulnerability in Jenkins Templating Engine Plugin","org.jenkins-ci.plugins:templating-engine",0,2.2,HIGH,CWE-693 -CVE-2021-21647,2022-05-24T17:48:06Z,"Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds","org.jenkins-ci.plugins:electricflow",0,1.1.18.1,MODERATE,CWE-862 -CVE-2021-21647,2022-05-24T17:48:06Z,"Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds","org.jenkins-ci.plugins:electricflow",1.1.19,1.1.22,MODERATE,CWE-862 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",0,2.3.0.1,MODERATE,CWE-79 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.3.1,2.3.7.1,MODERATE,CWE-79 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.3.14,2.3.14.1,MODERATE,CWE-79 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.3.15,2.3.15.1,MODERATE,CWE-79 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.3.16,2.3.19,MODERATE,CWE-79 -CVE-2021-21648,2021-06-16T17:24:31Z,"Cross-Site Request Forgery in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.3.8,2.3.13.1,MODERATE,CWE-79 -CVE-2021-21649,2021-06-16T17:24:41Z,"Cross-site Scripting in Jenkins Dashboard View Plugin","org.jenkins-ci.plugins:dashboard-view",0,2.12.1,MODERATE,CWE-79 -CVE-2021-21649,2021-06-16T17:24:41Z,"Cross-site Scripting in Jenkins Dashboard View Plugin","org.jenkins-ci.plugins:dashboard-view",2.13,2.16,MODERATE,CWE-79 -CVE-2021-21650,2021-06-16T17:29:08Z,"Missing Authorization in Jenkins S3 publisher Plugin","org.jenkins-ci.plugins:s3",0,0.11.5.1,MODERATE,CWE-862 -CVE-2021-21650,2021-06-16T17:29:08Z,"Missing Authorization in Jenkins S3 publisher Plugin","org.jenkins-ci.plugins:s3",0.11.6,0.11.7,MODERATE,CWE-862 -CVE-2021-21651,2021-06-16T17:29:17Z,"Missing Authorization in Jenkins S3 publisher Plugin","org.jenkins-ci.plugins:s3",0,0.11.5.1,MODERATE,CWE-862 -CVE-2021-21651,2021-06-16T17:29:17Z,"Missing Authorization in Jenkins S3 publisher Plugin","org.jenkins-ci.plugins:s3",0.11.6,0.11.7,MODERATE,CWE-862 -CVE-2021-21652,2021-06-16T17:28:58Z,"CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials","org.jenkins-ci.plugins:xray-connector",0,2.4.1,HIGH,CWE-352 -CVE-2021-21653,2021-06-16T17:29:26Z,"Missing Authorization in jenkins xray-connector","org.jenkins-ci.plugins:xray-connector",0,2.4.1,MODERATE,CWE-862 -CVE-2021-21654,2021-06-16T17:29:35Z,"Missing Authorization in Jenkins P4 plugin","org.jenkins-ci.plugins:p4",0,1.11.5,MODERATE,CWE-862 -CVE-2021-21655,2022-03-18T17:53:10Z,"Cross-Site Request Forgery in Jenkins P4 Plugin","org.jenkins-ci.plugins:p4",0,1.11.5,HIGH,CWE-352 -CVE-2021-21656,2022-03-18T17:52:43Z,"XML external entity (XXE) attacks in Jenkins Xcode integration Plugin","org.jenkins-ci.plugins:xcode-plugin",0,2.0.15,HIGH,CWE-611 -CVE-2021-21657,2022-05-24T19:03:11Z,"XXE vulnerability in Jenkins Filesystem Trigger Plugin","org.jenkins-ci.plugins:fstrigger",0,0.41,HIGH,CWE-611 -CVE-2021-21658,2022-05-24T19:03:11Z,"XML external entity vulnerability in Jenkins Nuget Plugin","org.jenkins-ci.plugins:nuget",0,1.1,CRITICAL,CWE-611 -CVE-2021-21659,2022-05-24T19:03:11Z,"XXE vulnerability in Jenkins URLTrigger Plugin","org.jenkins-ci.plugins:urltrigger",0,0.49,HIGH,CWE-611 -CVE-2021-21660,2022-05-24T19:03:11Z,"XSS vulnerability in Jenkins Markdown Formatter Plugin","io.jenkins.plugins:markdown-formatter",0,0.2.0,MODERATE,CWE-79 -CVE-2021-21661,2021-06-16T17:11:30Z,"Missing Authorization in Jenkins Kubernetes CLI Plugin","org.jenkins-ci.plugins:kubernetes-cli",0,1.10.1,MODERATE,CWE-862 -CVE-2021-21662,2022-05-24T22:01:39Z,"Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs","com.xebialabs.deployit.ci:deployit-plugin",0,10.0.2,MODERATE,CWE-862 -CVE-2021-21663,2022-05-24T19:04:53Z,"Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials","com.xebialabs.deployit.ci:deployit-plugin",0,10.0.2,MODERATE,CWE-862 -CVE-2021-21664,2022-05-24T19:04:53Z,"Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials","com.xebialabs.deployit.ci:deployit-plugin",0,10.0.2,MODERATE,CWE-863 -CVE-2021-21665,2022-05-24T19:04:53Z,"CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials","com.xebialabs.deployit.ci:deployit-plugin",0,10.0.2,HIGH,CWE-352 -CVE-2021-21666,2021-06-16T17:10:50Z,"Cross-site scripting in Jenkins Kiuwan Plugin","org.jenkins-ci.plugins:kiuwanJenkinsPlugin",0,1.6.1,MODERATE,CWE-79 -CVE-2021-21667,2022-01-06T18:45:29Z,"Stored XSS vulnerability in Jenkins Scriptler Plugin","org.jenkins-ci.plugins:scriptler",0,3.3,MODERATE,CWE-79 -CVE-2021-21668,2022-01-06T18:45:09Z,"Stored XSS vulnerability in Jenkins Scriptler Plugin","org.jenkins-ci.plugins:scriptler",0,3.2,MODERATE,CWE-79 -CVE-2021-21669,2022-05-24T19:05:40Z,"XXE vulnerability in Jenkins Generic Webhook Trigger Plugin","org.jenkins-ci.plugins:generic-webhook-trigger",0,1.74,CRITICAL,CWE-611 -CVE-2021-21670,2022-05-24T19:06:36Z,"Improper permission checks allow canceling queue items and aborting builds in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.289.2,MODERATE,CWE-863 -CVE-2021-21670,2022-05-24T19:06:36Z,"Improper permission checks allow canceling queue items and aborting builds in Jenkins","org.jenkins-ci.main:jenkins-core",2.292,2.300,MODERATE,CWE-863 -CVE-2021-21671,2022-05-24T19:06:36Z,"Session fixation vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.289.2,HIGH,CWE-384 -CVE-2021-21671,2022-05-24T19:06:36Z,"Session fixation vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.292,2.300,HIGH,CWE-384 -CVE-2021-21672,2021-07-02T18:36:13Z,"XXE vulnerability in Jenkins Selenium HTML report Plugin","org.jenkins-ci.plugins:seleniumhtmlreport",0,1.1,MODERATE,CWE-611 -CVE-2021-21673,2022-05-24T19:06:35Z,"Open redirect vulnerability in Jenkins CAS Plugin","org.jenkins-ci.plugins:cas-plugin",0,1.6.1,MODERATE,CWE-601 -CVE-2021-21674,2022-05-24T19:06:36Z,"Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests","org.jenkins-ci.plugins:requests",0,2.2.7,MODERATE,CWE-862 -CVE-2021-21675,2022-05-24T19:06:36Z,"CSRF vulnerabilities in Jenkins requests-plugin Plugin","org.jenkins-ci.plugins:requests",0,2.2.13,MODERATE,CWE-352 -CVE-2021-21676,2022-05-24T19:06:35Z,"Missing permission check in Jenkins requests-plugin Plugin allows sending emails","org.jenkins-ci.plugins:requests",0,2.2.8,MODERATE,CWE-862 -CVE-2021-21677,2022-05-24T19:12:36Z,"RCE vulnerability in Jenkins Code Coverage API Plugin","io.jenkins.plugins:code-coverage-api",0,1.4.1,HIGH,CWE-502 -CVE-2021-21678,2022-05-24T19:12:37Z,"Jenkins SAML Plugin allows bypassing CSRF protection for any URL","org.jenkins-ci.plugins:saml",0,2.0.8,HIGH,CWE-352;CWE-693 -CVE-2021-21679,2022-05-24T19:12:36Z,"Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL","org.jenkins-ci.plugins:azure-ad",0,180.v8b1e80e6f242,HIGH,CWE-352;CWE-693 -CVE-2021-21680,2022-05-24T19:12:36Z,"XXE vulnerability in Jenkins Nested View Plugin","org.jenkins-ci.plugins:nested-view",0,1.21,HIGH,CWE-611 -CVE-2021-21681,2022-05-24T19:12:36Z,"Password stored in plain text by Jenkins Nomad Plugin","org.jenkins-ci.plugins:nomad",0,0.7.5,MODERATE,CWE-256;CWE-522 -CVE-2021-21682,2022-05-24T19:16:59Z,"Improper handling of equivalent directory names on Windows in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.2,MODERATE,CWE-42 -CVE-2021-21682,2022-05-24T19:16:59Z,"Improper handling of equivalent directory names on Windows in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.315,MODERATE,CWE-42 -CVE-2021-21683,2022-05-24T19:16:59Z,"Path traversal vulnerability on Windows in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.2,MODERATE,CWE-22 -CVE-2021-21683,2022-05-24T19:16:59Z,"Path traversal vulnerability on Windows in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.315,MODERATE,CWE-22 -CVE-2021-21684,2022-05-24T19:16:59Z,"Stored XSS vulnerability in Jenkins Git Plugin","org.jenkins-ci.plugins:git",0,4.8.3,MODERATE,CWE-116;CWE-79 -CVE-2021-21685,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-862 -CVE-2021-21685,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-862 -CVE-2021-21686,2022-05-24T19:19:45Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-22;CWE-59 -CVE-2021-21686,2022-05-24T19:19:45Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-22;CWE-59 -CVE-2021-21687,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-862 -CVE-2021-21687,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-862 -CVE-2021-21688,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-862 -CVE-2021-21688,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-862 -CVE-2021-21689,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-862 -CVE-2021-21689,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-862 -CVE-2021-21690,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-22;CWE-693 -CVE-2021-21690,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-22;CWE-693 -CVE-2021-21691,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-59;CWE-863 -CVE-2021-21691,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-59;CWE-863 -CVE-2021-21692,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-22;CWE-863 -CVE-2021-21692,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-22;CWE-863 -CVE-2021-21693,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-285;CWE-863 -CVE-2021-21693,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-285;CWE-863 -CVE-2021-21694,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-862 -CVE-2021-21694,2022-05-24T19:19:44Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-862 -CVE-2021-21695,2022-05-24T19:19:43Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-59;CWE-862 -CVE-2021-21695,2022-05-24T19:19:43Z,"Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-59;CWE-862 -CVE-2021-21696,2022-05-24T19:19:43Z,"Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.main:jenkins-core",0,2.303.3,HIGH,CWE-693 -CVE-2021-21696,2022-05-24T19:19:43Z,"Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.main:jenkins-core",2.304,2.319,HIGH,CWE-693 -CVE-2021-21697,2022-05-24T19:19:43Z,"Agent-to-controller access control allows reading/writing most content of build directories in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.303.3,CRITICAL,CWE-184 -CVE-2021-21697,2022-05-24T19:19:43Z,"Agent-to-controller access control allows reading/writing most content of build directories in Jenkins","org.jenkins-ci.main:jenkins-core",2.304,2.319,CRITICAL,CWE-184 -CVE-2021-21698,2022-05-24T19:19:43Z,"Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files","org.jenkins-ci.plugins:subversion",0,2.15.1,MODERATE,CWE-22 -CVE-2021-21699,2022-05-24T19:20:32Z,"Stored XSS vulnerability in Jenkins Active Choices Plugin",org.biouno:uno-choice,0,2.5.7,MODERATE,CWE-79 -CVE-2021-21700,2022-05-24T19:20:33Z,"Stored XSS vulnerability in Jenkins Scriptler Plugin","org.jenkins-ci.plugins:scriptler",0,3.4,MODERATE,CWE-79 -CVE-2021-21701,2022-05-24T19:20:32Z,"XXE vulnerability in Jenkins Performance Plugin","org.jenkins-ci.plugins:performance",0,,MODERATE,CWE-611 -CVE-2021-22044,2022-05-24T19:19:03Z,"Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign","org.springframework.cloud:spring-cloud-openfeign-core",2.2.0,2.2.10,HIGH,CWE-668 -CVE-2021-22044,2022-05-24T19:19:03Z,"Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign","org.springframework.cloud:spring-cloud-openfeign-core",3.0.0,3.0.5,HIGH,CWE-668 -CVE-2021-22047,2022-05-24T19:19:03Z,"Exposure of Resource to Wrong Sphere in Spring Data REST","org.springframework.data:spring-data-rest-core",3.4.0,3.4.14,MODERATE,CWE-668 -CVE-2021-22047,2022-05-24T19:19:03Z,"Exposure of Resource to Wrong Sphere in Spring Data REST","org.springframework.data:spring-data-rest-core",3.5.0,3.5.6,MODERATE,CWE-668 -CVE-2021-22051,2021-11-10T19:45:02Z,"Request injection in Spring Cloud Gateway","org.springframework.cloud:spring-cloud-gateway",2.2.0,2.2.10.RELEASE0.5,MODERATE,CWE-352;CWE-863 -CVE-2021-22051,2021-11-10T19:45:02Z,"Request injection in Spring Cloud Gateway","org.springframework.cloud:spring-cloud-gateway",3.0.0,3.0.5,MODERATE,CWE-352;CWE-863 -CVE-2021-22053,2021-11-23T17:53:33Z,"Code injection in spring-cloud-netflix-hystrix-dashboard","org.springframework.cloud:spring-cloud-netflix-hystrix-dashboard",0,2.2.10.RELEASE,HIGH,CWE-94 -CVE-2021-22060,2022-01-12T23:04:06Z,"Log entry injection in Spring Framework","org.springframework:spring-core",5.2.0,5.2.19,MODERATE, -CVE-2021-22060,2022-01-12T23:04:06Z,"Log entry injection in Spring Framework","org.springframework:spring-core",5.3.0,5.3.14,MODERATE, -CVE-2021-22095,2021-12-01T00:00:40Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",2.2.0,2.2.20,MODERATE,CWE-502 -CVE-2021-22095,2021-12-01T00:00:40Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",2.3.0,2.3.11,MODERATE,CWE-502 -CVE-2021-22096,2022-05-24T19:19:04Z,"Improper Output Neutralization for Logs in Spring Framework","org.springframework:spring",5.2.0,5.2.18,MODERATE,CWE-117 -CVE-2021-22096,2022-05-24T19:19:04Z,"Improper Output Neutralization for Logs in Spring Framework","org.springframework:spring",5.3.0,5.3.11,MODERATE,CWE-117 -CVE-2021-22096,2022-05-24T19:19:04Z,"Improper Output Neutralization for Logs in Spring Framework","org.springframework:spring-core",5.2.0,5.2.18,MODERATE,CWE-117 -CVE-2021-22096,2022-05-24T19:19:04Z,"Improper Output Neutralization for Logs in Spring Framework","org.springframework:spring-core",5.3.0,5.3.11,MODERATE,CWE-117 -CVE-2021-22097,2022-05-24T19:19:03Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",2.2.0,2.2.19,MODERATE,CWE-502 -CVE-2021-22097,2022-05-24T19:19:03Z,"Deserialization of Untrusted Data in Spring AMQP","org.springframework.amqp:spring-amqp",2.3.0,2.3.11,MODERATE,CWE-502 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-bom",0,5.2.9,HIGH,CWE-269 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-bom",5.3.0,5.3.8,HIGH,CWE-269 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-bom",5.4.0,5.4.4,HIGH,CWE-269 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-web",0,5.2.9,HIGH,CWE-269 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-web",5.3.0,5.3.8,HIGH,CWE-269 -CVE-2021-22112,2021-05-10T15:22:39Z,"Privilege escalation in spring security","org.springframework.security:spring-security-web",5.4.0,5.4.4,HIGH,CWE-269 -CVE-2021-22113,2021-05-10T15:18:50Z,"Incorrect Authorization in Spring Cloud Netflix Zuul","org.springframework.cloud:spring-cloud-netflix-zuul",0,2.2.7,MODERATE,CWE-863 -CVE-2021-22114,2022-03-18T17:40:44Z,"Path Traversal in Spring-integration-zip","org.springframework.integration:spring-integration-zip",0,1.0.4,MODERATE,CWE-22 -CVE-2021-22118,2022-05-24T19:03:28Z,"Improper Privilege Management in Spring Framework","org.springframework:spring-web",5.2.0,5.2.15,HIGH,CWE-269;CWE-668 -CVE-2021-22118,2022-05-24T19:03:28Z,"Improper Privilege Management in Spring Framework","org.springframework:spring-web",5.3.0,5.3.7,HIGH,CWE-269;CWE-668 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-core",5.2.0,5.2.11,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-core",5.3.0,5.3.10,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-core",5.4.0,5.4.7,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-core",5.5.0,5.5.1,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-oauth2-client",5.2.0,5.2.11,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-oauth2-client",5.3.0,5.3.10,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-oauth2-client",5.4.0,5.4.7,HIGH,CWE-400;CWE-863 -CVE-2021-22119,2021-07-02T18:33:34Z,"Resource Exhaustion in Spring Security","org.springframework.security:spring-security-oauth2-client",5.5.0,5.5.1,HIGH,CWE-400;CWE-863 -CVE-2021-22132,2021-03-18T19:27:27Z,"Insufficiently Protected Credentials in Elasticsearch","org.elasticsearch:elasticsearch",7.7.0,7.10.2,MODERATE,CWE-522 -CVE-2021-22134,2021-03-18T19:23:57Z,"Exposure of Sensitive Information to an Unauthorized Actor","org.elasticsearch:elasticsearch",7.6.0,7.11.0,MODERATE,CWE-200;CWE-863 -CVE-2021-22135,2021-07-02T18:33:02Z,"API information disclosure flaw in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.15,MODERATE,CWE-200 -CVE-2021-22135,2021-07-02T18:33:02Z,"API information disclosure flaw in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0,7.11.2,MODERATE,CWE-200 -CVE-2021-22137,2022-05-24T19:02:19Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.15,MODERATE,CWE-200;CWE-281 -CVE-2021-22137,2022-05-24T19:02:19Z,"Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch","org.elasticsearch:elasticsearch",7.11.0,7.11.2,MODERATE,CWE-200;CWE-281 -CVE-2021-22144,2021-08-09T20:41:17Z,"Denial of Service in Elasticsearch","org.elasticsearch:elasticsearch",0,6.8.17,MODERATE,CWE-674 -CVE-2021-22144,2021-08-09T20:41:17Z,"Denial of Service in Elasticsearch","org.elasticsearch:elasticsearch",7.0.0-alpha1,7.13.3,MODERATE,CWE-674 -CVE-2021-22145,2022-05-24T19:08:49Z,"Generation of Error Message Containing Sensitive Information in Elasticsearch","org.elasticsearch.client:elasticsearch-rest-client",7.10.0,7.13.4,MODERATE,CWE-209 -CVE-2021-22147,2021-09-20T20:29:40Z,"Exposure of sensitive information in Elasticsearch","org.elasticsearch:elasticsearch",7.11.0,7.14.0,MODERATE,CWE-732;CWE-862 -CVE-2021-22160,2021-06-01T21:53:49Z,"Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow",org.apache.pulsar:pulsar,0,2.7.2,CRITICAL,CWE-347 -CVE-2021-22510,2022-05-24T17:46:58Z,"Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin","org.jenkins-ci.plugins:hp-application-automation-tools-plugin",0,6.8,HIGH,CWE-79 -CVE-2021-22511,2022-05-24T17:46:58Z,"SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin","org.jenkins-ci.plugins:hp-application-automation-tools-plugin",0,6.8,MODERATE,CWE-295 -CVE-2021-22512,2022-05-24T17:46:58Z,"CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin","org.jenkins-ci.plugins:hp-application-automation-tools-plugin",0,6.8,MODERATE,CWE-352 -CVE-2021-22513,2022-05-24T17:46:58Z,"Missing permission checks in Micro Focus Application Automation Tools Plugin","org.jenkins-ci.plugins:hp-application-automation-tools-plugin",0,7.2.3-beta,MODERATE,CWE-862 -CVE-2021-22569,2022-01-07T22:31:44Z,"A potential Denial of Service issue in protobuf-java","com.google.protobuf:protobuf-java",0,3.16.1,HIGH,CWE-696 -CVE-2021-22569,2022-01-07T22:31:44Z,"A potential Denial of Service issue in protobuf-java","com.google.protobuf:protobuf-java",3.18.0,3.18.2,HIGH,CWE-696 -CVE-2021-22569,2022-01-07T22:31:44Z,"A potential Denial of Service issue in protobuf-java","com.google.protobuf:protobuf-java",3.19.0,3.19.2,HIGH,CWE-696 -CVE-2021-22569,2022-01-07T22:31:44Z,"A potential Denial of Service issue in protobuf-java","com.google.protobuf:protobuf-kotlin",3.18.0,3.18.2,HIGH,CWE-696 -CVE-2021-22569,2022-01-07T22:31:44Z,"A potential Denial of Service issue in protobuf-java","com.google.protobuf:protobuf-kotlin",3.19.0,3.19.2,HIGH,CWE-696 -CVE-2021-22570,2022-01-27T00:01:15Z,"NULL Pointer Dereference in Protocol Buffers","com.google.protobuf:protobuf-java",0,3.15.0,HIGH,CWE-476 -CVE-2021-22573,2024-04-09T15:11:24Z,"google-oauth-java-client improperly verifies cryptographic signature","com.google.oauth-client:google-oauth-client",1.16.0-rc,1.33.3,HIGH,CWE-347 -CVE-2021-22696,2021-05-13T22:31:05Z,"Authorization service vulnerable to DDos attacks in Apache CFX","org.apache.cxf:apache-cxf",0,3.3.10,HIGH,CWE-400;CWE-918 -CVE-2021-22696,2021-05-13T22:31:05Z,"Authorization service vulnerable to DDos attacks in Apache CFX","org.apache.cxf:apache-cxf",3.4.0,3.4.3,HIGH,CWE-400;CWE-918 -CVE-2021-22696,2021-05-13T22:31:05Z,"Authorization service vulnerable to DDos attacks in Apache CFX",org.apache.cxf:cxf,0,3.3.10,HIGH,CWE-400;CWE-918 -CVE-2021-22696,2021-05-13T22:31:05Z,"Authorization service vulnerable to DDos attacks in Apache CFX",org.apache.cxf:cxf,3.4.0,3.4.3,HIGH,CWE-400;CWE-918 -CVE-2021-23264,2021-12-16T15:27:35Z,"Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search","org.craftercms:crafter-search",3.1.0,3.1.15,CRITICAL,CWE-402;CWE-668 -CVE-2021-23265,2022-05-17T00:00:33Z,"Improper Privilege Management in craftercms","org.craftercms:craftercms",3.1.0,3.1.18,MODERATE,CWE-269 -CVE-2021-23266,2022-05-17T00:00:33Z,"Log value insertion in craftercms","org.craftercms:craftercms",3.1.0,3.1.18,MODERATE,CWE-116 -CVE-2021-23267,2022-05-17T00:00:34Z,"Crafter CMS Crafter Studio vulnerable to Improper Control of Dynamically-Managed Code Resources","org.craftercms:crafter-studio",3.1.0,3.1.18,HIGH,CWE-913 -CVE-2021-23331,2021-06-16T17:53:20Z,"Insecure temporary file used in com.squareup:connect",com.squareup:connect,0,,LOW,CWE-377 -CVE-2021-23339,2021-05-10T15:17:09Z,"HTTP Request Smuggling in akka-http-core","com.typesafe.akka:akka-http-core",0,10.1.14,MODERATE,CWE-444 -CVE-2021-23339,2021-05-10T15:17:09Z,"HTTP Request Smuggling in akka-http-core","com.typesafe.akka:akka-http-core",10.2.0,10.2.4,MODERATE,CWE-444 -CVE-2021-23369,2021-05-06T15:57:44Z,"Remote code execution in handlebars when compiling templates","org.webjars.bowergithub.wycats:handlebars.js",0,4.7.7,CRITICAL,CWE-94 -CVE-2021-23369,2021-05-06T15:57:44Z,"Remote code execution in handlebars when compiling templates","org.webjars.npm:handlebars",0,4.7.7,CRITICAL,CWE-94 -CVE-2021-23369,2021-05-06T15:57:44Z,"Remote code execution in handlebars when compiling templates",org.webjars:handlebars,0,4.7.7,CRITICAL,CWE-94 -CVE-2021-23408,2021-08-02T16:59:35Z,"Prototype Pollution in GraphHopper","com.graphhopper:graphhopper-web-bundle",0,3.2,MODERATE,CWE-1321 -CVE-2021-23441,2021-09-20T23:18:54Z,"Deserialization of Untrusted Data in com.jsoniter:jsoniter",com.jsoniter:jsoniter,0,,HIGH,CWE-502 -CVE-2021-23463,2021-12-16T14:29:57Z,"Improper Restriction of XML External Entity Reference in com.h2database:h2.",com.h2database:h2,1.4.198,2.0.202,HIGH,CWE-611 -CVE-2021-23792,2022-05-07T00:00:31Z,"External Entity Reference in TwelveMonkeys ImageIO","com.twelvemonkeys.imageio:imageio-metadata",0,3.7.1,CRITICAL,CWE-611 -CVE-2021-23899,2021-06-16T17:34:18Z,"Arbitrary code injection in json-sanitizer","com.mikesamuel:json-sanitizer",0,1.2.2,CRITICAL,CWE-611 -CVE-2021-23900,2021-05-13T22:31:32Z,"Uncaught Exception leading to Denial of Service in json-sanitizer","com.mikesamuel:json-sanitizer",0,1.2.2,HIGH,CWE-248 -CVE-2021-23901,2022-03-18T17:46:29Z,"XML external entity (XXE) injection in Apache Nutch",org.apache.nutch:nutch,0,1.18,CRITICAL,CWE-611 -CVE-2021-23926,2021-06-16T17:37:11Z,"Improper Restriction of Recursive Entity References in Apache XMLBeans","org.apache.xmlbeans:xmlbeans",0,3.0.0,CRITICAL,CWE-776 -CVE-2021-23937,2022-05-24T19:03:11Z,"DNS based denial of service in Apache Wicket","org.apache.wicket:wicket-core",0,7.18.0,HIGH,CWE-20 -CVE-2021-23937,2022-05-24T19:03:11Z,"DNS based denial of service in Apache Wicket","org.apache.wicket:wicket-core",8.0.0,8.12.0,HIGH,CWE-20 -CVE-2021-23937,2022-05-24T19:03:11Z,"DNS based denial of service in Apache Wicket","org.apache.wicket:wicket-core",9.0.0,9.3.0,HIGH,CWE-20 -CVE-2021-24122,2021-05-13T22:30:02Z,"Information Disclosure in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",10.0.0-M1,10.0.0-M10,MODERATE,CWE-200;CWE-706 -CVE-2021-24122,2021-05-13T22:30:02Z,"Information Disclosure in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.107,MODERATE,CWE-200;CWE-706 -CVE-2021-24122,2021-05-13T22:30:02Z,"Information Disclosure in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.60,MODERATE,CWE-200;CWE-706 -CVE-2021-24122,2021-05-13T22:30:02Z,"Information Disclosure in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.40,MODERATE,CWE-200;CWE-706 -CVE-2021-2471,2022-05-24T19:18:20Z,"Incorrect Authorization in MySQL Connector Java","mysql:mysql-connector-java",8.0.0,8.0.27,MODERATE,CWE-863 -CVE-2021-25122,2021-06-16T17:45:29Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",10.0.0,10.0.2,HIGH,CWE-200 -CVE-2021-25122,2021-06-16T17:45:29Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.63,HIGH,CWE-200 -CVE-2021-25122,2021-06-16T17:45:29Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.43,HIGH,CWE-200 -CVE-2021-25329,2021-03-19T20:11:13Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",10.0.0-M1,10.0.2,HIGH,CWE-502 -CVE-2021-25329,2021-03-19T20:11:13Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",7.0.0,7.0.108,HIGH,CWE-502 -CVE-2021-25329,2021-03-19T20:11:13Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",8.0.0,8.5.61,HIGH,CWE-502 -CVE-2021-25329,2021-03-19T20:11:13Z,"Potential remote code execution in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.41,HIGH,CWE-502 -CVE-2021-25640,2022-03-18T17:56:45Z,"Server-Side Request Forgery in Apache Dubbo",com.alibaba:dubbo,2.5.0,2.6.9,MODERATE,CWE-601;CWE-918 -CVE-2021-25640,2022-03-18T17:56:45Z,"Server-Side Request Forgery in Apache Dubbo",org.apache.dubbo:dubbo,2.5.0,2.7.10,MODERATE,CWE-601;CWE-918 -CVE-2021-25641,2022-03-18T17:56:08Z,"Deserializer tampering in Apache Dubbo",com.alibaba:dubbo,2.5.0,2.6.9,CRITICAL,CWE-502 -CVE-2021-25641,2022-03-18T17:56:08Z,"Deserializer tampering in Apache Dubbo",org.apache.dubbo:dubbo,2.5.0,2.7.8,CRITICAL,CWE-502 -CVE-2021-25642,2022-08-26T00:03:33Z,"Deserialization of Untrusted Data in Apache Hadoop YARN","org.apache.hadoop:hadoop-yarn-server",0,2.10.2,HIGH,CWE-502 -CVE-2021-25642,2022-08-26T00:03:33Z,"Deserialization of Untrusted Data in Apache Hadoop YARN","org.apache.hadoop:hadoop-yarn-server",3.0.0,3.2.4,HIGH,CWE-502 -CVE-2021-25642,2022-08-26T00:03:33Z,"Deserialization of Untrusted Data in Apache Hadoop YARN","org.apache.hadoop:hadoop-yarn-server",3.3.0,3.3.4,HIGH,CWE-502 -CVE-2021-25646,2021-06-16T17:40:47Z,"Code injection in Apache Druid",org.apache.druid:druid,0,0.20.1,HIGH,CWE-732 -CVE-2021-25738,2021-10-12T17:50:25Z,"Code injection in Kubernetes Java Client","io.kubernetes:client-java",0,11.0.1,MODERATE,CWE-20;CWE-502 -CVE-2021-25929,2021-05-25T18:46:58Z,"Cross-site Scripting in OpenNMS Horizon",org.opennms:opennms,1.0.0,27.1.1,MODERATE,CWE-79 -CVE-2021-25930,2021-05-25T18:46:49Z,"Cross-Site Request Forgery in OpenNMS Horizon","org.opennms:opennms-config",1.0.0,27.1.1,MODERATE,CWE-352 -CVE-2021-25930,2021-05-25T18:46:49Z,"Cross-Site Request Forgery in OpenNMS Horizon",org.opennms:opennms,1.0.0,27.1.1,MODERATE,CWE-352 -CVE-2021-25931,2021-05-25T18:46:55Z,"Cross-Site Request Forgery in OpenNMS Horizon",org.opennms:opennms,1.0.0,27.1.1,HIGH,CWE-352 -CVE-2021-25933,2021-05-25T18:47:01Z,"Cross-site Scripting in OpenNMS Horizon",org.opennms:opennms,1.0.0,27.1.1,MODERATE,CWE-79 -CVE-2021-25934,2022-05-24T19:03:10Z,"OpenNMS Horizon vulnerable to XSS",org.opennms:opennms,18.0.0-1,,MODERATE,CWE-79 -CVE-2021-25959,2021-09-30T20:50:21Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-client",4.0.0,5.2.0,MODERATE,CWE-79 -CVE-2021-25959,2021-09-30T20:50:21Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-config",4.0.0,5.2.0,MODERATE,CWE-79 -CVE-2021-25959,2021-09-30T20:50:21Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",4.0.0,5.2.0,MODERATE,CWE-79 -CVE-2021-25959,2021-09-30T20:50:21Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-gradle",4.0.0,5.2.0,MODERATE,CWE-79 -CVE-2021-25959,2021-09-30T20:50:21Z,"Cross-site Scripting in OpenCRX",org.opencrx:opencrx-core,4.0.0,5.2.0,MODERATE,CWE-79 -CVE-2021-26074,2021-05-10T15:19:04Z,"Broken Authentication in Atlassian Connect Spring Boot","com.atlassian.connect:atlassian-connect-spring-boot-starter",1.1.0,2.1.3,MODERATE,CWE-287;CWE-863 -CVE-2021-26077,2021-06-16T17:23:12Z,"Improper Authentication in Atlassian Connect Spring Boot","com.atlassian.connect:atlassian-connect-spring-boot",1.1.0,2.1.3,HIGH,CWE-287 -CVE-2021-26077,2021-06-16T17:23:12Z,"Improper Authentication in Atlassian Connect Spring Boot","com.atlassian.connect:atlassian-connect-spring-boot",2.1.4,2.1.5,HIGH,CWE-287 -CVE-2021-26117,2021-06-16T17:39:35Z,"Improper Authentication in Apache ActiveMQ and Apache Artemis","org.apache.activemq:activemq-parent",0,5.15.14,HIGH,CWE-287 -CVE-2021-26117,2021-06-16T17:39:35Z,"Improper Authentication in Apache ActiveMQ and Apache Artemis","org.apache.activemq:activemq-parent",5.16.0,5.16.1,HIGH,CWE-287 -CVE-2021-26117,2021-06-16T17:39:35Z,"Improper Authentication in Apache ActiveMQ and Apache Artemis","org.apache.activemq:apache-artemis",0,2.16.0,HIGH,CWE-287 -CVE-2021-26118,2021-06-16T17:39:05Z,"Apache ActiveMQ Artemis vulnerable to Improper Access Control","org.apache.activemq:artemis-openwire-protocol",0,2.16.0,HIGH,CWE-284;CWE-287 -CVE-2021-26291,2021-06-16T17:32:49Z,"Origin Validation Error in Apache Maven","org.apache.maven:maven-compat",0,3.8.1,CRITICAL,CWE-346 -CVE-2021-26291,2021-06-16T17:32:49Z,"Origin Validation Error in Apache Maven","org.apache.maven:maven-core",0,3.8.1,CRITICAL,CWE-346 -CVE-2021-26296,2021-06-16T17:31:39Z,"Cryptographically weak CSRF tokens in Apache MyFaces","org.apache.myfaces.core:myfaces-core-module",0,2.0.25,HIGH,CWE-330;CWE-352 -CVE-2021-26296,2021-06-16T17:31:39Z,"Cryptographically weak CSRF tokens in Apache MyFaces","org.apache.myfaces.core:myfaces-core-module",2.1.0,2.1.19,HIGH,CWE-330;CWE-352 -CVE-2021-26296,2021-06-16T17:31:39Z,"Cryptographically weak CSRF tokens in Apache MyFaces","org.apache.myfaces.core:myfaces-core-module",2.2.0,2.2.14,HIGH,CWE-330;CWE-352 -CVE-2021-26296,2021-06-16T17:31:39Z,"Cryptographically weak CSRF tokens in Apache MyFaces","org.apache.myfaces.core:myfaces-core-module",2.3.0,2.3.8,HIGH,CWE-330;CWE-352 -CVE-2021-26544,2021-05-13T22:30:41Z,"Apache Livy Cross-site scripting (XSS) in session names","org.apache.livy:livy-server",0.7.0-incubating,0.7.1-incubating,MODERATE,CWE-79 -CVE-2021-26715,2021-05-13T22:30:52Z,"Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server","org.mitre:openid-connect-server",0,,HIGH,CWE-918 -CVE-2021-26919,2021-06-16T17:51:58Z,"Arbitrary code execution in Apache Druid",org.apache.druid:druid,0,0.20.2,HIGH,CWE-668 -CVE-2021-26920,2021-08-13T15:21:50Z,"Druid ingestion system Authenticated users can read data from other sources than intended","org.apache.druid:druid-core",0,0.21.0,MODERATE,CWE-863 -CVE-2021-27568,2021-06-16T18:03:47Z,"Improper Check for Unusual or Exceptional Conditions in json-smart","net.minidev:json-smart-mini",0,1.3.2,MODERATE,CWE-754 -CVE-2021-27568,2021-06-16T18:03:47Z,"Improper Check for Unusual or Exceptional Conditions in json-smart",net.minidev:json-smart,0,1.3.2,MODERATE,CWE-754 -CVE-2021-27568,2021-06-16T18:03:47Z,"Improper Check for Unusual or Exceptional Conditions in json-smart",net.minidev:json-smart,2.0.0,2.3.1,MODERATE,CWE-754 -CVE-2021-27568,2021-06-16T18:03:47Z,"Improper Check for Unusual or Exceptional Conditions in json-smart",net.minidev:json-smart,2.4.0,2.4.1,MODERATE,CWE-754 -CVE-2021-27576,2021-06-16T17:43:36Z,"Uncontrolled Resource Consumption in Apache OpenMeetings server","org.apache.openmeetings:openmeetings-parent",4.0.0,6.0.0,HIGH,CWE-400 -CVE-2021-27578,2021-09-07T22:55:56Z,"Cross-site Scripting in Apache Zeppelin","org.apache.zeppelin:zeppelin",0,0.9.0,MODERATE,CWE-79 -CVE-2021-27582,2021-05-13T22:31:22Z,"Autobinding vulnerability in MITREid Connect","org.mitre:openid-connect-parent",0,,CRITICAL,CWE-1321;CWE-915 -CVE-2021-27644,2021-11-03T17:30:18Z,"SQL injection in Apache DolphinScheduler ","org.apache.dolphinscheduler:dolphinscheduler-server",0,1.3.6,HIGH,CWE-89 -CVE-2021-27738,2022-01-08T00:43:04Z,"Server-Side Request Forgery in Apache Kylin",org.apache.kylin:kylin,0,3.1.3,MODERATE,CWE-918 -CVE-2021-27807,2021-06-16T17:56:46Z,"Excessive Iteration Denial of Service in Apache PDFBox",org.apache.pdfbox:pdfbox,2.0.0,2.0.23,MODERATE,CWE-834 -CVE-2021-27850,2021-06-16T17:33:19Z,"Remote code execution in Apache Tapestry","org.apache.tapestry:tapestry-core",5.4.0,5.6.3,CRITICAL,CWE-502;CWE-922 -CVE-2021-27850,2021-06-16T17:33:19Z,"Remote code execution in Apache Tapestry","org.apache.tapestry:tapestry-core",5.7.0,5.7.1,CRITICAL,CWE-502;CWE-922 -CVE-2021-27905,2021-05-10T15:18:06Z,"Server-Side Request Forgery in Apache Solr","org.apache.solr:solr-parent",0,8.8.2,HIGH,CWE-918 -CVE-2021-27906,2021-05-13T22:30:13Z,"Uncontrolled Memory Allocation in Apache PDFBox",org.apache.pdfbox:pdfbox,2.0.0,2.0.23,MODERATE,CWE-789 -CVE-2021-28099,2021-03-29T18:25:26Z,"Insecure temporary file in Netflix OSS Hollow","com.netflix.hollow:hollow",0,,MODERATE,CWE-377 -CVE-2021-28100,2021-03-30T16:23:12Z,"Netflix/Priam: Temporary Directory Information Disclosure",com.netflix.priam:priam,0,,MODERATE,CWE-377 -CVE-2021-28163,2021-04-06T17:32:00Z,"Directory exposure in jetty","org.eclipse.jetty:jetty-deploy",10.0.0,10.0.2,LOW,CWE-200;CWE-59 -CVE-2021-28163,2021-04-06T17:32:00Z,"Directory exposure in jetty","org.eclipse.jetty:jetty-deploy",11.0.0,11.0.2,LOW,CWE-200;CWE-59 -CVE-2021-28163,2021-04-06T17:32:00Z,"Directory exposure in jetty","org.eclipse.jetty:jetty-deploy",9.4.32,9.4.39,LOW,CWE-200;CWE-59 -CVE-2021-28164,2021-04-06T17:31:01Z,"Authorization Before Parsing and Canonicalization in jetty","org.eclipse.jetty:jetty-webapp",9.4.37,9.4.39,MODERATE,CWE-200;CWE-551;CWE-863 -CVE-2021-28165,2021-04-06T17:31:30Z,"Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources","org.eclipse.jetty:jetty-server",10.0.0,10.0.2,HIGH,CWE-400;CWE-551;CWE-755 -CVE-2021-28165,2021-04-06T17:31:30Z,"Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources","org.eclipse.jetty:jetty-server",11.0.0,11.0.2,HIGH,CWE-400;CWE-551;CWE-755 -CVE-2021-28165,2021-04-06T17:31:30Z,"Jetty vulnerable to incorrect handling of invalid large TLS frame, exhausting CPU resources","org.eclipse.jetty:jetty-server",7.2.2,9.4.39,HIGH,CWE-400;CWE-551;CWE-755 -CVE-2021-28168,2021-04-23T16:55:01Z,"Local information disclosure via system temporary directory","org.glassfish.jersey.core:jersey-common",2.28,2.34,MODERATE,"CWE-378;CWE-379;CWE-668;CWE-732" -CVE-2021-28168,2021-04-23T16:55:01Z,"Local information disclosure via system temporary directory","org.glassfish.jersey.core:jersey-common",3.0.0,3.0.2,MODERATE,"CWE-378;CWE-379;CWE-668;CWE-732" -CVE-2021-28169,2021-06-10T15:43:22Z,"Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability","org.eclipse.jetty:jetty-servlets",0,9.4.41,MODERATE,CWE-200 -CVE-2021-28169,2021-06-10T15:43:22Z,"Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability","org.eclipse.jetty:jetty-servlets",10.0.0,10.0.3,MODERATE,CWE-200 -CVE-2021-28169,2021-06-10T15:43:22Z,"Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability","org.eclipse.jetty:jetty-servlets",11.0.0,11.0.3,MODERATE,CWE-200 -CVE-2021-28170,2021-10-06T17:48:38Z,"Improper Input Validation in Jakarta Expression Language",com.sun.el:el-ri,0,3.0.4,MODERATE,CWE-20;CWE-917 -CVE-2021-28490,2022-05-24T19:11:39Z,"Cross-Site Request Forgery in OWASP CSRFGuard",org.owasp:csrfguard,0,4.0.0,HIGH,CWE-352 -CVE-2021-28655,2023-07-06T19:24:05Z,"Apache Zeppelin Improper Input Validation vulnerability","org.apache.zeppelin:zeppelin",0,0.10.0,MODERATE,CWE-20 -CVE-2021-28656,2024-04-09T12:30:46Z,"Apache Zeppelin CSRF vulnerability in the Credentials page","org.apache.zeppelin:zeppelin-web",0,,MODERATE,CWE-352 -CVE-2021-28657,2021-05-10T15:23:25Z,"Infinite loop in Apache Tika",org.apache.tika:tika,0,1.26,MODERATE,CWE-400;CWE-835 -CVE-2021-29061,2022-01-06T18:44:27Z,"ReDOS in Vfsjfilechooser2","com.github.fracpete:vfsjfilechooser2",0,0.2.9,HIGH,CWE-770 -CVE-2021-29262,2021-05-10T15:18:17Z,"Improper permission handling in Apache Solr","org.apache.solr:solr-core",0,8.8.2,HIGH,CWE-279;CWE-522 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO","org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-io",1.4,,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO","org.checkerframework.annotatedlib:commons-io",2.6,2.7,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO","org.smartboot.servlet:servlet-core",0.1.9,,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO",com.cosium.vet:vet,1.0,,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO",com.virjar:ratel-api,1.0.0,,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO",commons-io:commons-io,0,2.7,MODERATE,CWE-20;CWE-22 -CVE-2021-29425,2021-04-26T16:04:00Z,"Path Traversal and Improper Input Validation in Apache Commons IO",net.hasor:cobble-lang,4.4.1,,MODERATE,CWE-20;CWE-22 -CVE-2021-29441,2021-04-27T20:09:17Z,"Authentication Bypass","com.alibaba.nacos:nacos-common",0,1.4.1,HIGH,CWE-290 -CVE-2021-29442,2021-04-27T20:09:25Z,"Authentication bypass for specific endpoint","com.alibaba.nacos:nacos-common",0,1.4.1,HIGH,CWE-306 -CVE-2021-29451,2021-04-19T14:56:33Z,"Missing validation of JWT signature in `ManyDesigns/Portofino`","com.manydesigns:portofino-core",5.0.0,5.2.1,CRITICAL,CWE-347 -CVE-2021-29451,2021-04-19T14:56:33Z,"Missing validation of JWT signature in `ManyDesigns/Portofino`","com.manydesigns:portofino-dispatcher",5.0.0,5.2.1,CRITICAL,CWE-347 -CVE-2021-29459,2021-04-22T16:11:55Z,"XSS Cross Site Scripting","org.xwiki.platform:xwiki-platform-oldcore",0,12.6.3,CRITICAL,CWE-79 -CVE-2021-29459,2021-04-22T16:11:55Z,"XSS Cross Site Scripting","org.xwiki.platform:xwiki-platform-oldcore",12.6.4,12.8,CRITICAL,CWE-79 -CVE-2021-29459,2021-04-22T16:11:55Z,"XSS Cross Site Scripting","org.xwiki.platform:xwiki-platform-web",0,12.6.3,CRITICAL,CWE-79 -CVE-2021-29459,2021-04-22T16:11:55Z,"XSS Cross Site Scripting","org.xwiki.platform:xwiki-platform-web",12.6.4,12.8,CRITICAL,CWE-79 -CVE-2021-29479,2021-07-01T17:02:38Z,"Cached redirect poisoning via X-Forwarded-Host header",io.ratpack:ratpack-core,0,1.9.0,HIGH,CWE-807 -CVE-2021-29480,2021-07-01T17:02:26Z,"Ratpack's default client side session signing key is highly predictable","io.ratpack:ratpack-session",0,1.9.0,MODERATE,CWE-330;CWE-340 -CVE-2021-29481,2021-07-01T17:02:13Z,"Unencrypted storage of client side sessions","io.ratpack:ratpack-session",0,1.9.0,MODERATE,CWE-312 -CVE-2021-29485,2021-07-01T17:01:16Z,"Remote Code Execution Vulnerability in Session Storage",io.ratpack:ratpack-core,0,1.9.0,CRITICAL,CWE-502 -CVE-2021-29505,2021-05-18T18:36:27Z,"XStream is vulnerable to a Remote Command Execution attack","com.thoughtworks.xstream:xstream",0,1.4.17,HIGH,CWE-502;CWE-74;CWE-94 -CVE-2021-29506,2021-05-19T23:02:57Z,"Navigate endpoint is vulnerable to regex injection that may lead to Denial of Service.","com.graphhopper:graphhopper-nav",0,2.4,MODERATE,CWE-400 -CVE-2021-29620,2021-06-28T16:38:29Z,"XXE vulnerability on Launch import with externally-defined DTD file","com.epam.reportportal:service-api",3.1.0,5.4.0,HIGH,CWE-611 -CVE-2021-29943,2021-05-10T15:17:58Z,"Incorrect Authorization in Apache Solr","org.apache.solr:solr-parent",0,8.8.2,CRITICAL,CWE-863 -CVE-2021-30129,2021-08-02T16:54:09Z,"Buffer Overflow in Apache Mina SSHD","org.apache.sshd:sshd-core",2.0.0,2.7.0,HIGH,CWE-772 -CVE-2021-30129,2021-08-02T16:54:09Z,"Buffer Overflow in Apache Mina SSHD","org.apache.sshd:sshd-mina",2.0.0,2.7.0,HIGH,CWE-772 -CVE-2021-30179,2022-03-18T17:57:32Z,"Deserialization of Untrusted Data in Apache Dubbo",com.alibaba:dubbo,2.5.0,2.6.9,CRITICAL,CWE-502 -CVE-2021-30179,2022-03-18T17:57:32Z,"Deserialization of Untrusted Data in Apache Dubbo",org.apache.dubbo:dubbo,2.5.0,2.7.10,CRITICAL,CWE-502 -CVE-2021-30180,2022-03-18T17:58:01Z,"Code injection in Apache Dubbo",org.apache.dubbo:dubbo,2.7.0,2.7.10,CRITICAL,CWE-444;CWE-94 -CVE-2021-30181,2022-03-18T17:57:04Z,"Code injection in Apache Dubbo",com.alibaba:dubbo,2.5.0,2.6.9,CRITICAL,CWE-94 -CVE-2021-30181,2022-03-18T17:57:04Z,"Code injection in Apache Dubbo",org.apache.dubbo:dubbo,2.5.0,2.7.10,CRITICAL,CWE-94 -CVE-2021-30468,2022-01-06T18:37:14Z,"Infinite loop in Apache CFX","org.apache.cxf:apache-cxf",0,3.3.11,HIGH,CWE-400;CWE-835 -CVE-2021-30468,2022-01-06T18:37:14Z,"Infinite loop in Apache CFX","org.apache.cxf:apache-cxf",3.4.0,3.4.4,HIGH,CWE-400;CWE-835 -CVE-2021-30468,2022-01-06T18:37:14Z,"Infinite loop in Apache CFX",org.apache.cxf:cxf,0,3.3.11,HIGH,CWE-400;CWE-835 -CVE-2021-30468,2022-01-06T18:37:14Z,"Infinite loop in Apache CFX",org.apache.cxf:cxf,3.4.0,3.4.4,HIGH,CWE-400;CWE-835 -CVE-2021-30638,2022-03-18T17:53:58Z,"Information Exposure in Apache Tapestry","org.apache.tapestry:tapestry-core",5.4.0,5.6.4,HIGH,CWE-200;CWE-863 -CVE-2021-30638,2022-03-18T17:53:58Z,"Information Exposure in Apache Tapestry","org.apache.tapestry:tapestry-core",5.7.0,5.7.2,HIGH,CWE-200;CWE-863 -CVE-2021-30639,2021-08-13T15:21:02Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,0,8.5.65,HIGH,CWE-755 -CVE-2021-30639,2021-08-13T15:21:02Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,10.0.3,10.0.5,HIGH,CWE-755 -CVE-2021-30639,2021-08-13T15:21:02Z,"Improper Handling of Exceptional Conditions in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0,9.0.45,HIGH,CWE-755 -CVE-2021-30640,2021-08-13T15:21:24Z,"Authentication Bypass by Alternate Name in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.5,MODERATE,CWE-116;CWE-287;CWE-289 -CVE-2021-30640,2021-08-13T15:21:24Z,"Authentication Bypass by Alternate Name in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.65,MODERATE,CWE-116;CWE-287;CWE-289 -CVE-2021-30640,2021-08-13T15:21:24Z,"Authentication Bypass by Alternate Name in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0M1,9.0.45,MODERATE,CWE-116;CWE-287;CWE-289 -CVE-2021-31164,2021-06-16T17:17:24Z,"Command injection in Apache Unomi",org.apache.unomi:unomi,0,1.5.5,HIGH,CWE-74 -CVE-2021-3137,2021-01-29T18:13:03Z,"Cross Site Scripting (XSS) in XWiki","org.xwiki.commons:xwiki-commons",0,12.10.3,MODERATE,CWE-79 -CVE-2021-31403,2021-04-19T14:51:06Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8",com.vaadin:vaadin-bom,7.0.0,7.7.24,MODERATE,CWE-203;CWE-208 -CVE-2021-31403,2021-04-19T14:51:06Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8",com.vaadin:vaadin-bom,8.0.0,8.12.3,MODERATE,CWE-203;CWE-208 -CVE-2021-31403,2021-04-19T14:51:06Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8",com.vaadin:vaadin-server,7.0.0,7.7.24,MODERATE,CWE-203;CWE-208 -CVE-2021-31403,2021-04-19T14:51:06Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8",com.vaadin:vaadin-server,8.0.0,8.12.3,MODERATE,CWE-203;CWE-208 -CVE-2021-31404,2021-04-19T14:51:25Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:flow-server,1.0.0,1.0.14,MODERATE,CWE-203;CWE-208 -CVE-2021-31404,2021-04-19T14:51:25Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:flow-server,1.1.0,2.4.7,MODERATE,CWE-203;CWE-208 -CVE-2021-31404,2021-04-19T14:51:25Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:flow-server,3.0.0,5.0.3,MODERATE,CWE-203;CWE-208 -CVE-2021-31405,2021-04-19T14:47:34Z,"Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17",com.vaadin:vaadin-bom,14.0.6,14.4.4,HIGH,CWE-400 -CVE-2021-31405,2021-04-19T14:47:34Z,"Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17",com.vaadin:vaadin-bom,15.0.0,17.0.11,HIGH,CWE-400 -CVE-2021-31406,2021-04-19T14:50:38Z,"Timing side channel vulnerability in endpoint request handler in Vaadin 15-19",com.vaadin:flow-server,3.0.0,5.0.4,MODERATE,CWE-203;CWE-208 -CVE-2021-31406,2021-04-19T14:50:38Z,"Timing side channel vulnerability in endpoint request handler in Vaadin 15-19",com.vaadin:flow-server,6.0.0,6.0.1,MODERATE,CWE-203;CWE-208 -CVE-2021-31407,2021-04-19T14:50:49Z,"OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure",com.vaadin:flow-server,1.2.0,2.4.8,HIGH,CWE-402;CWE-668 -CVE-2021-31407,2021-04-19T14:50:49Z,"OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure",com.vaadin:flow-server,6.0.0,6.0.1,HIGH,CWE-402;CWE-668 -CVE-2021-31408,2021-04-22T16:11:17Z,"Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19",com.vaadin:vaadin-bom,18.0.0,19.0.4,MODERATE,CWE-287;CWE-613 -CVE-2021-31409,2021-05-04T17:42:02Z,"Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8","com.vaadin:vaadin-compatibility-server",8.0.0,8.13.0,HIGH,CWE-400 -CVE-2021-31411,2021-05-06T15:27:12Z,"Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19",com.vaadin:vaadin-bom,14.0.3,14.5.3,HIGH,CWE-379 -CVE-2021-31411,2021-05-06T15:27:12Z,"Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19",com.vaadin:vaadin-bom,15.0.0,19.0.5,HIGH,CWE-379 -CVE-2021-31412,2021-06-28T16:55:58Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:vaadin-bom,10.0.0,10.0.19,MODERATE,CWE-1295;CWE-20;CWE-668 -CVE-2021-31412,2021-06-28T16:55:58Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:vaadin-bom,11.0.0,14.6.2,MODERATE,CWE-1295;CWE-20;CWE-668 -CVE-2021-31412,2021-06-28T16:55:58Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:vaadin-bom,15.0.0,19.0.9,MODERATE,CWE-1295;CWE-20;CWE-668 -CVE-2021-31522,2022-01-08T00:43:01Z,"Kylin can receive user input and load any class through Class.forName(...).",org.apache.kylin:kylin,0,3.1.3,MODERATE,CWE-470 -CVE-2021-31522,2022-01-08T00:43:01Z,"Kylin can receive user input and load any class through Class.forName(...).",org.apache.kylin:kylin,4.0.0,4.0.1,MODERATE,CWE-470 -CVE-2021-31635,2023-06-26T21:30:59Z,"jFinal Server-Side Template Injection vulnerability",com.jfinal:jfinal,0,,CRITICAL,CWE-94 -CVE-2021-31649,2022-05-24T19:06:05Z,"JFinal Java Deserialization Vulnerability",com.jfinal:jfinal,0,,CRITICAL,CWE-502 -CVE-2021-31684,2022-02-10T22:46:22Z,"Out of bounds read in json-smart",net.minidev:json-smart,1.3.0,1.3.3,HIGH,CWE-125;CWE-787 -CVE-2021-31684,2022-02-10T22:46:22Z,"Out of bounds read in json-smart",net.minidev:json-smart,2.4.0,2.4.4,HIGH,CWE-125;CWE-787 -CVE-2021-31805,2022-04-13T00:00:30Z,"Expression Language Injection in Apache Struts","org.apache.struts:struts2-core",2.0.0,2.5.30,CRITICAL,CWE-917 -CVE-2021-31811,2021-06-15T15:54:32Z,"Uncontrolled memory consumption","org.apache.pdfbox:pdfbox-parent",2.0.0,2.0.24,MODERATE,CWE-770;CWE-789 -CVE-2021-31811,2021-06-15T15:54:32Z,"Uncontrolled memory consumption",org.apache.pdfbox:pdfbox,2.0.0,2.0.24,MODERATE,CWE-770;CWE-789 -CVE-2021-31812,2021-06-15T15:54:29Z,"Infinite Loop in Apache PDFBox","org.apache.pdfbox:pdfbox-parent",2.0.0,2.0.24,MODERATE,CWE-834;CWE-835 -CVE-2021-31812,2021-06-15T15:54:29Z,"Infinite Loop in Apache PDFBox",org.apache.pdfbox:pdfbox,2.0.0,2.0.24,MODERATE,CWE-834;CWE-835 -CVE-2021-32012,2021-07-22T19:48:17Z,"Denial of Service in SheetJS Pro",org.webjars.npm:xlsx,0,0.17.0,MODERATE,CWE-400 -CVE-2021-32013,2021-07-22T19:48:13Z,"Denial of Service in SheetsJS Pro",org.webjars.npm:xlsx,0,0.17.0,MODERATE,CWE-400 -CVE-2021-32014,2021-07-22T19:47:15Z,"Denial of Service in SheetJS Pro",org.webjars.npm:xlsx,0,0.17.0,MODERATE,CWE-345;CWE-400 -CVE-2021-32053,2021-06-16T17:21:11Z,"Uncontrolled Resource Consumption in JPA Server in HAPI FHIR","ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base",0,5.4.0,MODERATE,CWE-400 -CVE-2021-32620,2021-05-18T18:36:21Z,"XWiki users registered with email verification can self re-activate their disabled accounts","org.xwiki.commons:xwiki-commons-core",11.6,11.10.13,HIGH,CWE-285;CWE-863 -CVE-2021-32620,2021-05-18T18:36:21Z,"XWiki users registered with email verification can self re-activate their disabled accounts","org.xwiki.commons:xwiki-commons-core",12.0,12.6.7,HIGH,CWE-285;CWE-863 -CVE-2021-32620,2021-05-18T18:36:21Z,"XWiki users registered with email verification can self re-activate their disabled accounts","org.xwiki.commons:xwiki-commons-core",12.10.0,12.10.2,HIGH,CWE-285;CWE-863 -CVE-2021-32621,2021-05-18T18:36:16Z,"Script injection without script or programming rights through Gadget titles","org.xwiki.commons:xwiki-commons-core",0,12.6.7,HIGH,CWE-94 -CVE-2021-32621,2021-05-18T18:36:16Z,"Script injection without script or programming rights through Gadget titles","org.xwiki.commons:xwiki-commons-core",12.10.0,12.10.3,HIGH,CWE-94 -CVE-2021-32623,2021-06-17T20:11:35Z,"Billion laughs attack (XML bomb)","org.opencastproject:opencast-kernel",0,9.6,HIGH,CWE-776 -CVE-2021-32643,2021-05-28T15:54:39Z,"StaticFile.fromUrl can leak presence of a directory",org.http4s:http4s-core,0.21.7,0.21.24,MODERATE,CWE-22 -CVE-2021-32643,2021-05-28T15:54:39Z,"StaticFile.fromUrl can leak presence of a directory",org.http4s:http4s-core,0.22.0-M1,0.22.0-RC1,MODERATE,CWE-22 -CVE-2021-32643,2021-05-28T15:54:39Z,"StaticFile.fromUrl can leak presence of a directory",org.http4s:http4s-core,0.23.0-M1,0.23.0-RC1,MODERATE,CWE-22 -CVE-2021-32643,2021-05-28T15:54:39Z,"StaticFile.fromUrl can leak presence of a directory",org.http4s:http4s-core,1.0.0-M1,1.0.0-M23,MODERATE,CWE-22 -CVE-2021-32729,2021-07-02T19:19:31Z,"A user without PR can reset user authentication failures information","org.xwiki.platform:xwiki-platform-security-authentication-script",11.6,12.6.8,LOW,CWE-287;CWE-693;CWE-732 -CVE-2021-32729,2021-07-02T19:19:31Z,"A user without PR can reset user authentication failures information","org.xwiki.platform:xwiki-platform-security-authentication-script",12.7,12.10.4,LOW,CWE-287;CWE-693;CWE-732 -CVE-2021-32730,2021-07-02T19:19:13Z,"No CSRF protection on the password change form","org.xwiki.platform:xwiki-platform-administration-ui",0,12.10.5,MODERATE,CWE-352 -CVE-2021-32730,2021-07-02T19:19:13Z,"No CSRF protection on the password change form","org.xwiki.platform:xwiki-platform-administration-ui",13.0,13.2,MODERATE,CWE-352 -CVE-2021-32731,2021-07-02T19:19:04Z,"The reset password form reveal users email address","org.xwiki.platform:xwiki-platform-web",13.1,13.2,MODERATE,CWE-200;CWE-668 -CVE-2021-32732,2022-02-10T22:42:46Z,"Cross-Site Request Forgery in xwiki-platform","org.xwiki.platform:xwiki-platform-administration-ui",0,12.10.5,HIGH,CWE-352 -CVE-2021-32732,2022-02-10T22:42:46Z,"Cross-Site Request Forgery in xwiki-platform","org.xwiki.platform:xwiki-platform-administration-ui",13.0,13.2RC1,HIGH,CWE-352 -CVE-2021-32769,2021-07-26T21:15:08Z,"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core","io.micronaut:micronaut-http-server-netty",0,2.5.9,HIGH,CWE-22 -CVE-2021-32824,2023-01-03T18:30:25Z,"Apache Dubbo vulnerable to remote code execution via Telnet Handler","org.apache.dubbo:dubbo-parent",0,2.6.10,CRITICAL,CWE-502 -CVE-2021-32824,2023-01-03T18:30:25Z,"Apache Dubbo vulnerable to remote code execution via Telnet Handler","org.apache.dubbo:dubbo-parent",2.7.0,2.7.10,CRITICAL,CWE-502 -CVE-2021-32827,2021-08-30T16:24:38Z,"Injection in MockServer","org.mock-server:mockserver",0,,MODERATE,CWE-74;CWE-79 -CVE-2021-32828,2023-01-06T00:30:17Z,"Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution","org.nuxeo.ecm.platform:nuxeo-platform-oauth",0,,MODERATE,CWE-502;CWE-79 -CVE-2021-33036,2022-06-16T00:00:21Z,"User account escalation in Apache Hadoop","org.apache.hadoop:hadoop-yarn-server-common",2.2.0,2.10.2,HIGH,CWE-22;CWE-502 -CVE-2021-33036,2022-06-16T00:00:21Z,"User account escalation in Apache Hadoop","org.apache.hadoop:hadoop-yarn-server-common",3.0.0,3.2.3,HIGH,CWE-22;CWE-502 -CVE-2021-33036,2022-06-16T00:00:21Z,"User account escalation in Apache Hadoop","org.apache.hadoop:hadoop-yarn-server-common",3.3.0,3.3.2,HIGH,CWE-22;CWE-502 -CVE-2021-33037,2021-08-13T15:21:14Z,"HTTP Request Smuggling in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.7,MODERATE,CWE-444 -CVE-2021-33037,2021-08-13T15:21:14Z,"HTTP Request Smuggling in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.68,MODERATE,CWE-444 -CVE-2021-33037,2021-08-13T15:21:14Z,"HTTP Request Smuggling in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0-M1,9.0.48,MODERATE,CWE-444 -CVE-2021-3312,2021-10-12T17:23:40Z,"XML External Entity Reference in org.opencms:opencms-core",org.opencms:opencms-core,11.0.0,12.0.0,MODERATE,CWE-611 -CVE-2021-33192,2021-08-13T15:21:35Z,"Cross-site scripting in Apache Jena Fuseki","org.apache.jena:jena-fuseki",2.0.0,4.1.0,MODERATE,CWE-79 -CVE-2021-33330,2022-05-24T22:28:20Z,"Exposure of Resource to Wrong Sphere in Liferay Portal","com.liferay.portal:release.portal.bom",7.2.0,7.3.3,MODERATE,CWE-668 -CVE-2021-33348,2021-08-13T15:22:14Z,"Cross-site scripting in jfinal",com.jfinal:jfinal,0,4.9.11,MODERATE,CWE-79 -CVE-2021-33561,2021-06-08T23:10:24Z,"Cross-site scripting in Shopizer",com.shopizer:shopizer,0,2.17.0,MODERATE,CWE-79 -CVE-2021-33562,2021-06-08T23:08:20Z,"Cross-site scripting in Shopizer",com.shopizer:shopizer,0,2.17.0,MODERATE,CWE-79 -CVE-2021-33604,2021-06-28T16:56:07Z,"Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19",com.vaadin:vaadin-bom,14.0.0,14.6.2,LOW,CWE-172 -CVE-2021-33604,2021-06-28T16:56:07Z,"Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19",com.vaadin:vaadin-bom,15.0.0,19.0.9,LOW,CWE-172 -CVE-2021-33605,2021-08-30T16:16:38Z,"Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20","com.vaadin:vaadin-checkbox-flow",12.0.0,14.6.8,MODERATE,CWE-754 -CVE-2021-33605,2021-08-30T16:16:38Z,"Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20","com.vaadin:vaadin-checkbox-flow",15.0.0,20.0.6,MODERATE,CWE-754 -CVE-2021-33609,2021-10-13T18:54:09Z,"Denial of service in DataCommunicator class in Vaadin 8",com.vaadin:vaadin-server,8.0.6,8.14.1,MODERATE,CWE-20;CWE-400 -CVE-2021-33611,2021-11-03T17:33:32Z,"Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14","org.webjars.bowergithub.vaadin:vaadin-menu-bar",1.0.0,1.2.1,MODERATE,CWE-79 -CVE-2021-33611,2021-11-03T17:33:32Z,"Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14",com.vaadin:vaadin-bom,14.0.0,14.4.5,MODERATE,CWE-79 -CVE-2021-33813,2021-07-27T19:02:56Z,"XML External Entity (XXE) Injection in JDOM",org.jdom:jdom,0,,HIGH,CWE-611 -CVE-2021-33900,2021-08-09T20:40:53Z,"Missing encryption in Apache Directory Studio","org.apache.directory.studio:org.apache.directory.studio.parent",0,2.0.0.v20210717-M17,HIGH,CWE-311;CWE-319 -CVE-2021-3396,2022-05-24T17:42:35Z,"OpenNMS Horizon RCE via JEXL2 expression","org.opennms.features:org.opennms.features.measurements",16.0.0,27.0.4,HIGH,CWE-863 -CVE-2021-3396,2022-05-24T17:42:35Z,"OpenNMS Horizon RCE via JEXL2 expression","org.opennms:opennms-provision",16.0.0,27.0.4,HIGH,CWE-863 -CVE-2021-3396,2022-05-24T17:42:35Z,"OpenNMS Horizon RCE via JEXL2 expression",org.opennms:opennms,16.0.0,27.0.4,HIGH,CWE-863 -CVE-2021-3396,2022-05-24T17:42:35Z,"OpenNMS Horizon RCE via JEXL2 expression",org.opennms:opennms-util,16.0.0,27.0.4,HIGH,CWE-863 -CVE-2021-3424,2022-04-28T21:00:21Z,"Keycloak is vulnerable to IDN homograph attack","org.keycloak:keycloak-services",0,18.0.0,MODERATE,CWE-287 -CVE-2021-34371,2021-09-01T18:31:29Z,"Deserialization of Untrusted Data in Neo4j",org.neo4j:neo4j,0,3.5.0,CRITICAL,CWE-502 -CVE-2021-34428,2021-06-23T20:23:04Z,"SessionListener can prevent a session from being invalidated breaking logout","org.eclipse.jetty:jetty-server",0,9.4.41,LOW,CWE-613 -CVE-2021-34428,2021-06-23T20:23:04Z,"SessionListener can prevent a session from being invalidated breaking logout","org.eclipse.jetty:jetty-server",10.0.0,10.0.3,LOW,CWE-613 -CVE-2021-34428,2021-06-23T20:23:04Z,"SessionListener can prevent a session from being invalidated breaking logout","org.eclipse.jetty:jetty-server",11.0.0,11.0.3,LOW,CWE-613 -CVE-2021-34429,2021-07-19T15:15:24Z,"Encoded URIs can access WEB-INF directory in Eclipse Jetty","org.eclipse.jetty:jetty-webapp",10.0.1,10.0.6,MODERATE,CWE-200;CWE-551;CWE-863 -CVE-2021-34429,2021-07-19T15:15:24Z,"Encoded URIs can access WEB-INF directory in Eclipse Jetty","org.eclipse.jetty:jetty-webapp",11.0.1,11.0.6,MODERATE,CWE-200;CWE-551;CWE-863 -CVE-2021-34429,2021-07-19T15:15:24Z,"Encoded URIs can access WEB-INF directory in Eclipse Jetty","org.eclipse.jetty:jetty-webapp",9.4.37,9.4.43,MODERATE,CWE-200;CWE-551;CWE-863 -CVE-2021-34538,2022-07-17T00:00:45Z,"Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization.",org.apache.hive:hive,0,3.1.3,HIGH,CWE-306 -CVE-2021-3461,2022-04-03T00:01:01Z,"Keycloak insufficient session expiration","org.keycloak:keycloak-parent",0,14.0.0,HIGH,CWE-613 -CVE-2021-34797,2022-01-06T22:23:25Z,"Insertion of Sensitive Information into Log File in Apache Geode","org.apache.geode:geode-core",0,1.12.5,HIGH,CWE-532 -CVE-2021-34797,2022-01-06T22:23:25Z,"Insertion of Sensitive Information into Log File in Apache Geode","org.apache.geode:geode-core",1.13.0,1.13.5,HIGH,CWE-532 -CVE-2021-34802,2022-05-24T19:09:23Z,"Improper Privilege Management in Neo4j Graph Database",org.neo4j:neo4j-kernel,4.2.0,4.2.8,HIGH,CWE-269 -CVE-2021-3503,2022-04-19T00:00:50Z,"Metrics exposure in Wildfly","org.wildfly:wildfly-metrics",0,23.0.1.Final,MODERATE,CWE-200 -CVE-2021-35043,2021-08-02T16:58:43Z,"Cross-site Scripting in OWASP AntiSamy","org.owasp.antisamy:antisamy",1.5.7,1.6.4,MODERATE,CWE-79 -CVE-2021-3513,2022-08-23T00:00:17Z,"Incorrect implementation of lockout feature in Keycloak","org.keycloak:keycloak-parent",0,13.0.0,HIGH,CWE-209;CWE-522 -CVE-2021-3536,2021-05-25T18:45:05Z,"Cross-site Scripting in Wildfly","org.wildfly:wildfly-parent",0,23.0.2.Final,LOW,CWE-79 -CVE-2021-35515,2021-08-02T16:55:07Z,"Excessive Iteration in Compress","org.apache.commons:commons-compress",0,1.21,HIGH,CWE-834;CWE-835 -CVE-2021-35516,2021-08-02T16:55:15Z,"Improper Handling of Length Parameter Inconsistency in Compress","org.apache.commons:commons-compress",0,1.21,HIGH,CWE-130;CWE-770 -CVE-2021-35517,2021-08-02T16:55:39Z,"Improper Handling of Length Parameter Inconsistency in Compress","org.apache.commons:commons-compress",0,1.21,HIGH,CWE-130;CWE-770 -CVE-2021-3597,2022-05-25T00:00:21Z,"undertow Race Condition vulnerability","io.undertow:undertow-core",0,2.0.39.Final,MODERATE,CWE-362 -CVE-2021-3597,2022-05-25T00:00:21Z,"undertow Race Condition vulnerability","io.undertow:undertow-core",2.1.0,2.2.9.Final,MODERATE,CWE-362 -CVE-2021-36090,2021-08-02T16:55:53Z,"Improper Handling of Length Parameter Inconsistency in Compress","org.apache.commons:commons-compress",0,1.21,HIGH,CWE-130 -CVE-2021-36151,2022-02-06T00:01:07Z,"Hadoop token in temp file visible to all users in Apache Gobblin","org.apache.gobblin:gobblin-core",0,0.16.0,MODERATE,CWE-200 -CVE-2021-36152,2022-02-06T00:01:07Z,"Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service","org.apache.gobblin:gobblin-core",0,0.16.0,CRITICAL, -CVE-2021-36161,2021-09-10T17:54:37Z,"Remote Code Execution in Apache Dubbo",org.apache.dubbo:dubbo,0,2.7.13,CRITICAL,CWE-134 -CVE-2021-36162,2021-09-08T20:14:24Z,"Remote Code Execution in Apache Dubbo",org.apache.dubbo:dubbo,0,2.7.13,HIGH,CWE-77 -CVE-2021-36162,2021-09-08T20:14:24Z,"Remote Code Execution in Apache Dubbo",org.apache.dubbo:dubbo,3.0.0,3.0.2,HIGH,CWE-77 -CVE-2021-36163,2021-09-08T20:14:14Z,"Hessian protocol configuration vulnerability in Apache Dubbo",org.apache.dubbo:dubbo,0,2.6.10.1,CRITICAL,CWE-502 -CVE-2021-36163,2021-09-08T20:14:14Z,"Hessian protocol configuration vulnerability in Apache Dubbo",org.apache.dubbo:dubbo,2.7.0,2.7.13,CRITICAL,CWE-502 -CVE-2021-3629,2022-05-25T00:00:22Z,"Undertow Uncontrolled Resource Consumption","io.undertow:undertow-core",0,2.0.40.Final,HIGH,CWE-400 -CVE-2021-3629,2022-05-25T00:00:22Z,"Undertow Uncontrolled Resource Consumption","io.undertow:undertow-core",2.1.0,2.2.11.Final,HIGH,CWE-400 -CVE-2021-3632,2022-08-27T00:00:45Z,"Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow","org.keycloak:keycloak-core",0,15.1.0,HIGH,CWE-287 -CVE-2021-3637,2021-07-13T17:43:23Z,"Allocation of resources without limits or throttling in keycloak-model-infinispan","org.keycloak:keycloak-model-infinispan",0,14.0.0,HIGH,CWE-770 -CVE-2021-36372,2021-11-23T17:57:14Z,"Improper Privilege Management in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,CRITICAL,CWE-273 -CVE-2021-36373,2021-08-02T16:56:17Z,"Improper Handling of Length Parameter Inconsistency in Apache Ant",org.apache.ant:ant,0,1.9.16,MODERATE,CWE-130 -CVE-2021-36373,2021-08-02T16:56:17Z,"Improper Handling of Length Parameter Inconsistency in Apache Ant",org.apache.ant:ant,1.10.0,1.10.11,MODERATE,CWE-130 -CVE-2021-36374,2021-08-02T16:56:31Z,"Improper Handling of Length Parameter Inconsistency in Apache Ant",org.apache.ant:ant,1.10.0,1.10.11,MODERATE,CWE-130 -CVE-2021-36374,2021-08-02T16:56:31Z,"Improper Handling of Length Parameter Inconsistency in Apache Ant",org.apache.ant:ant,1.9.0,1.9.16,MODERATE,CWE-130 -CVE-2021-3642,2022-05-24T19:10:03Z,"Observable Discrepancy in Wildfly Elytron","org.wildfly.security:wildfly-elytron",0,1.10.14,MODERATE,CWE-203 -CVE-2021-3642,2022-05-24T19:10:03Z,"Observable Discrepancy in Wildfly Elytron","org.wildfly.security:wildfly-elytron",1.11.0,1.15.5,MODERATE,CWE-203 -CVE-2021-3642,2022-05-24T19:10:03Z,"Observable Discrepancy in Wildfly Elytron","org.wildfly.security:wildfly-elytron",1.16.0,1.16.1,MODERATE,CWE-203 -CVE-2021-3644,2022-08-27T00:00:45Z,"wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault","org.wildfly.core:wildfly-server",0,16.0.1.Final,LOW, -CVE-2021-3644,2022-08-27T00:00:45Z,"wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault","org.wildfly.core:wildfly-server",17.0.0.Beta2,17.0.0.Beta3,LOW, -CVE-2021-36737,2022-01-08T00:46:20Z,"Cross-site Scripting in Apache Pluto","org.apache.portals.pluto:pluto-portal",0,3.1.1,MODERATE,CWE-79 -CVE-2021-36738,2022-01-08T00:46:17Z,"Cross-site Scripting in Apache Pluto","org.apache.portals.pluto:pluto-portal",0,3.1.1,MODERATE,CWE-79 -CVE-2021-36739,2022-01-08T00:46:21Z,"Cross-site Scripting in Apache Pluto","org.apache.portals.pluto:pluto-portal",0,3.1.1,MODERATE,CWE-79 -CVE-2021-36749,2021-09-27T20:13:25Z,"Druid ingestion system Authenticated users can read data from other sources than intended ","org.apache.druid:druid-core",0,0.22.0,MODERATE,CWE-668;CWE-863 -CVE-2021-36774,2022-01-08T00:43:04Z,"SQL Injection in Apache Kylin",org.apache.kylin:kylin,0,3.1.3,MODERATE,CWE-668;CWE-89 -CVE-2021-3690,2022-07-15T21:07:20Z,"Undertow vulnerable to memory exhaustion due to buffer leak","io.undertow:undertow-core",0,2.0.40,HIGH,CWE-400;CWE-401 -CVE-2021-3690,2022-07-15T21:07:20Z,"Undertow vulnerable to memory exhaustion due to buffer leak","io.undertow:undertow-core",2.2.0,2.2.10,HIGH,CWE-400;CWE-401 -CVE-2021-37136,2021-09-09T17:11:21Z,"Bzip2Decoder doesn't allow setting size restrictions for decompressed data",io.netty:netty,0,,HIGH,CWE-400 -CVE-2021-37136,2021-09-09T17:11:21Z,"Bzip2Decoder doesn't allow setting size restrictions for decompressed data",io.netty:netty-codec,0,4.1.68.Final,HIGH,CWE-400 -CVE-2021-37136,2021-09-09T17:11:21Z,"Bzip2Decoder doesn't allow setting size restrictions for decompressed data",org.jboss.netty:netty,0,,HIGH,CWE-400 -CVE-2021-37137,2021-09-09T17:11:31Z," SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way",io.netty:netty,0,,HIGH,CWE-400 -CVE-2021-37137,2021-09-09T17:11:31Z," SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way",io.netty:netty-codec,4.0.0,4.1.68.Final,HIGH,CWE-400 -CVE-2021-37137,2021-09-09T17:11:31Z," SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way",org.jboss.netty:netty,0,,HIGH,CWE-400 -CVE-2021-3717,2022-05-25T00:00:22Z,"Wildfly-Core user account mismanagement","org.wildfly.core:wildfly-core-parent",0,17.0,HIGH,CWE-552 -CVE-2021-37304,2023-02-03T18:30:26Z,"Insecure Permissions issue in jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,,HIGH,CWE-732 -CVE-2021-37305,2023-02-03T18:30:27Z,"Insecure Permissions issue in jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,,HIGH,CWE-732 -CVE-2021-37306,2023-02-03T18:30:26Z,"Insecure Permissions issue in jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,,HIGH,CWE-732 -CVE-2021-37404,2022-06-14T00:00:37Z,"Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2","org.apache.hadoop:hadoop-common",0,2.10.2,CRITICAL,CWE-120;CWE-131;CWE-787 -CVE-2021-37404,2022-06-14T00:00:37Z,"Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2","org.apache.hadoop:hadoop-common",3.0.0,3.2.3,CRITICAL,CWE-120;CWE-131;CWE-787 -CVE-2021-37404,2022-06-14T00:00:37Z,"Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2","org.apache.hadoop:hadoop-common",3.3.0,3.3.2,CRITICAL,CWE-120;CWE-131;CWE-787 -CVE-2021-37533,2022-12-03T15:30:26Z,"Apache Commons Net vulnerable to information leakage via malicious server",commons-net:commons-net,0,3.9.0,MODERATE,CWE-20 -CVE-2021-3754,2022-08-27T00:00:45Z,"Keycloak user may register themselves with same email ID of any existing user","org.keycloak:keycloak-core",0,,MODERATE,CWE-20 -CVE-2021-37578,2021-08-09T20:41:37Z,"Deserialization of Untrusted Data in Apache jUDDI","org.apache.juddi:juddi-core",0,3.3.10,CRITICAL,CWE-502 -CVE-2021-37579,2021-09-10T17:56:23Z,"Security check skip in Apache Dubbo",org.apache.dubbo:dubbo,0,2.7.13,CRITICAL,CWE-502 -CVE-2021-37579,2021-09-10T17:56:23Z,"Security check skip in Apache Dubbo",org.apache.dubbo:dubbo,3.0.0,3.0.2,CRITICAL,CWE-502 -CVE-2021-37580,2021-11-17T23:15:30Z,"Improper Authentication in Apache ShenYu Admin","org.apache.shenyu:shenyu-admin",2.3.0,2.4.1,CRITICAL,CWE-287 -CVE-2021-37714,2021-08-23T19:42:38Z,"Uncaught Exception in jsoup",org.jsoup:jsoup,0,1.14.2,HIGH,CWE-248;CWE-835 -CVE-2021-37942,2023-11-22T03:30:19Z,"APM Java Agent Local Privilege Escalation issue","co.elastic.apm:apm-agent-parent",1.18.0,1.27.1,HIGH,CWE-269 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka-clients",2.0.0,2.6.3,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka-clients",2.7.0,2.7.2,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka-clients",2.8.0,2.8.1,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.11",2.0.0,,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.12",2.0.0,2.6.3,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.12",2.7.0,2.7.2,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.12",2.8.0,2.8.1,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.13",2.4.0,2.6.3,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.13",2.7.0,2.7.2,MODERATE,CWE-203 -CVE-2021-38153,2021-09-23T23:18:58Z,"Observable Discrepancy in Apache Kafka","org.apache.kafka:kafka_2.13",2.8.0,2.8.1,MODERATE,CWE-203 -CVE-2021-3827,2022-04-27T21:25:59Z,"ECP SAML binding bypasses authentication flows","org.keycloak:keycloak-saml-core",0,18.0.0,HIGH,CWE-287 -CVE-2021-38294,2021-10-27T18:51:22Z,"Command injection leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,1.0.0,1.2.4,CRITICAL,CWE-74;CWE-78 -CVE-2021-38294,2021-10-27T18:51:22Z,"Command injection leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,2.0.0,2.1.1,CRITICAL,CWE-74;CWE-78 -CVE-2021-38294,2021-10-27T18:51:22Z,"Command injection leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,2.2.0,2.2.1,CRITICAL,CWE-74;CWE-78 -CVE-2021-38296,2022-03-11T00:02:36Z,"Authentication Bypass by Capture-replay in Apache Spark","org.apache.spark:spark-core",0,3.1.3,HIGH,CWE-294 -CVE-2021-38542,2022-01-08T00:40:33Z,"Command Injection in Apache James","org.apache.james:james-server",0,3.6.1,MODERATE,CWE-327;CWE-77 -CVE-2021-38555,2021-09-13T20:06:31Z,"XML Injection in Any23","org.apache.any23:apache-any23",0,2.5,CRITICAL,CWE-611 -CVE-2021-3856,2022-08-27T00:00:45Z,"Keycloak has Files or Directories Accessible to External Parties","org.keycloak:keycloak-core",0,15.1.0,MODERATE,CWE-22;CWE-552 -CVE-2021-3859,2022-07-15T21:32:13Z,"Undertow vulnerable to Denial of Service (DoS) attacks","io.undertow:undertow-core",0,2.2.15,HIGH,CWE-214;CWE-400;CWE-668 -CVE-2021-3869,2022-05-24T19:18:01Z,"Improper Restriction of XML External Entity Reference in Stanford CoreNLP","edu.stanford.nlp:stanford-corenlp",0,4.3.1,HIGH,CWE-611 -CVE-2021-3878,2022-05-24T19:17:42Z,"Improper Restriction of XML External Entity Reference in Stanford CoreNLP","edu.stanford.nlp:stanford-corenlp",0,4.3.1,CRITICAL,CWE-611 -CVE-2021-39132,2021-09-01T18:27:01Z,"YAML deserialization can run untrusted code",org.rundeck:rundeck-core,0,3.3.14,MODERATE,CWE-502 -CVE-2021-39132,2021-09-01T18:27:01Z,"YAML deserialization can run untrusted code",org.rundeck:rundeck-core,3.4.0,3.4.3,MODERATE,CWE-502 -CVE-2021-39133,2021-09-01T18:26:48Z,"Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server",org.rundeck:rundeck-core,0,3.3.14,HIGH,CWE-352 -CVE-2021-39133,2021-09-01T18:26:48Z,"Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server",org.rundeck:rundeck-core,3.4.0,3.4.3,HIGH,CWE-352 -CVE-2021-39139,2021-08-25T14:48:47Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-3914,2022-08-26T00:03:29Z,"SmallRye Health UI Cross-site Scripting vulnerability","io.smallrye:smallrye-health-ui",0,3.1.2,MODERATE,CWE-79 -CVE-2021-39140,2021-08-25T14:48:39Z,"XStream can cause a Denial of Service","com.thoughtworks.xstream:xstream",0,1.4.18,MODERATE,CWE-502;CWE-835 -CVE-2021-39141,2021-08-25T14:48:31Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39144,2021-08-25T14:48:19Z,"XStream is vulnerable to a Remote Command Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-306;CWE-502;CWE-94 -CVE-2021-39145,2021-08-25T14:48:12Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39146,2021-08-25T14:47:57Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39147,2021-08-25T14:47:46Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39148,2021-08-25T14:47:38Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39149,2021-08-25T14:47:28Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-434;CWE-502 -CVE-2021-39150,2021-08-25T14:47:19Z,"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502;CWE-918 -CVE-2021-39151,2021-08-25T14:47:09Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-434;CWE-502 -CVE-2021-39152,2021-08-25T14:46:59Z,"A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502;CWE-918 -CVE-2021-39153,2021-08-25T14:46:49Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-502 -CVE-2021-39154,2021-08-25T14:46:38Z,"XStream is vulnerable to an Arbitrary Code Execution attack","com.thoughtworks.xstream:xstream",0,1.4.18,HIGH,CWE-434;CWE-502 -CVE-2021-39177,2021-09-07T23:04:04Z,"User impersonation due to incorrect handling of the login JWT",org.geysermc:connector,0,1.4.2-SNAPSHOT,HIGH,CWE-287 -CVE-2021-39185,2021-09-02T16:52:18Z,"Default CORS config allows any origin with credentials",org.http4s:http4s-server,0,0.21.27,CRITICAL,CWE-346 -CVE-2021-39185,2021-09-02T16:52:18Z,"Default CORS config allows any origin with credentials",org.http4s:http4s-server,0.22.0,0.22.3,CRITICAL,CWE-346 -CVE-2021-39185,2021-09-02T16:52:18Z,"Default CORS config allows any origin with credentials",org.http4s:http4s-server,0.23.0,0.23.2,CRITICAL,CWE-346 -CVE-2021-39194,2021-09-07T23:08:40Z,"Improper Handling of Missing Values in kaml","com.charleskorn.kaml:kaml",0,0.35.3,MODERATE,CWE-230;CWE-835 -CVE-2021-39231,2021-11-23T18:18:25Z,"Exposure of sensitive information in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,CRITICAL,CWE-668;CWE-862 -CVE-2021-39232,2021-11-23T17:56:54Z,"Incorrect Authorization in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,HIGH,CWE-862;CWE-863 -CVE-2021-39233,2021-11-23T18:17:59Z,"Incorrect Authorization in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,CRITICAL,CWE-863 -CVE-2021-39234,2021-11-23T17:56:30Z,"Incorrect Authorization in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,MODERATE,CWE-863 -CVE-2021-39235,2021-11-23T18:17:41Z,"Incorrect permissions in Apache Ozone","org.apache.ozone:ozone-main",0,1.2.0,MODERATE,CWE-732 -CVE-2021-39236,2021-11-23T17:56:45Z,"Apache Ozone user impersonation due to non-validation of Ozone S3 tokens","org.apache.hadoop:hadoop-ozone-ozone-manager",0,1.2.0,HIGH,CWE-862;CWE-863 -CVE-2021-39239,2021-09-20T20:22:05Z,"XML External Entity Reference in Apache Jena","org.apache.jena:jena-core",0,4.2.0,HIGH,CWE-611 -CVE-2021-40110,2022-01-08T00:40:30Z,"Denial of Service in Apache James","org.apache.james:james-server",3.1.0,3.6.1,HIGH, -CVE-2021-40111,2022-01-08T00:40:37Z,"Infinite Loop in Apache James","org.apache.james:james-server",0,3.6.1,MODERATE,CWE-835 -CVE-2021-40143,2021-09-08T17:42:18Z,"HTTP header injection in Sonatype Nexus Repository","org.sonatype.nexus:nexus-repository",3.0.0,3.34.0-01,HIGH,CWE-74 -CVE-2021-40146,2021-09-13T20:06:38Z,"Remote Code Execution in Any23","org.apache.any23:apache-any23",0,2.5,CRITICAL, -CVE-2021-40331,2023-05-05T09:30:15Z,"Apache Ranger Hive Plugin missing permissions check","org.apache.ranger:ranger-hive-plugin",2.0.0,2.4.0,HIGH,CWE-732 -CVE-2021-40369,2021-12-02T17:49:14Z,"Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation","org.apache.jspwiki:jspwiki-main",0,2.11.0,MODERATE,CWE-79 -CVE-2021-4040,2022-08-25T00:00:27Z,"org.apache.activemq:artemis-core-client Vulnerable to Out-of-Bounds Write","org.apache.activemq:artemis-core-client",0,2.19.1,MODERATE,CWE-400;CWE-787 -CVE-2021-40525,2022-01-21T23:36:47Z,"Path traversal in Apache James","org.apache.james:james-server",0,3.6.1,CRITICAL,CWE-22 -CVE-2021-40660,2022-06-15T00:00:24Z,"Regular expression denial of service in Delight Nashorn Sandbox","org.javadelight:delight-nashorn-sandbox",0,0.3.1,HIGH,CWE-1333 -CVE-2021-40690,2021-09-20T23:18:41Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario","org.apache.santuario:xmlsec",0,2.1.7,HIGH,CWE-200 -CVE-2021-40690,2021-09-20T23:18:41Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario","org.apache.santuario:xmlsec",2.2.0,2.2.3,HIGH,CWE-200 -CVE-2021-40822,2022-05-03T00:00:44Z,"GeoServer allows SSRF via the option for setting a proxy host",org.geoserver:gs-main,0,,HIGH,CWE-918 -CVE-2021-40822,2022-05-03T00:00:44Z,"GeoServer allows SSRF via the option for setting a proxy host",org.geoserver:gs-main,2.19.0,,HIGH,CWE-918 -CVE-2021-40824,2022-05-24T19:14:16Z,"Logic error in Matrix SDK for Android","org.matrix.android:matrix-android-sdk2",0,1.2.2,MODERATE,CWE-327 -CVE-2021-40828,2021-11-24T21:02:24Z,"Improper certificate management in AWS IoT Device SDK v2","software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk",0,1.3.3,MODERATE,CWE-295 -CVE-2021-40829,2021-11-24T21:11:16Z,"Improper certificate management in AWS IoT Device SDK v2","software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk",0,1.4.2,HIGH,CWE-295 -CVE-2021-40830,2021-11-24T21:12:04Z,"Improper certificate management in AWS IoT Device SDK v2","software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk",0,1.5.0,HIGH,CWE-295 -CVE-2021-40831,2021-11-24T20:35:03Z,"Improper certificate management in AWS IoT Device SDK v2","software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk",0,1.5.0,HIGH,CWE-295 -CVE-2021-40865,2021-10-27T18:52:06Z,"Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,1.0.0,1.2.4,CRITICAL,CWE-502 -CVE-2021-40865,2021-10-27T18:52:06Z,"Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,2.1.0,2.1.1,CRITICAL,CWE-502 -CVE-2021-40865,2021-10-27T18:52:06Z,"Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm",org.apache.storm:storm,2.2.0,2.2.1,CRITICAL,CWE-502 -CVE-2021-4104,2021-12-14T19:49:31Z,"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data","org.zenframework.z8.dependencies.commons:log4j-1.2.17",0,,HIGH,CWE-502 -CVE-2021-4104,2021-12-14T19:49:31Z,"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data",log4j:log4j,1.2.0,,HIGH,CWE-502 -CVE-2021-41042,2022-07-08T00:00:42Z,"XML External Entity Reference in Eclipse Lyo","org.eclipse.lyo:lyo-parent",1.0.0,5.0.0.Final,MODERATE,CWE-611 -CVE-2021-41079,2021-09-20T20:45:44Z,"Infinite loop in Tomcat due to parsing error",org.apache.tomcat:tomcat,10.0.0,10.0.4,HIGH,CWE-20;CWE-835 -CVE-2021-41079,2021-09-20T20:45:44Z,"Infinite loop in Tomcat due to parsing error",org.apache.tomcat:tomcat,8.5.0,8.5.64,HIGH,CWE-20;CWE-835 -CVE-2021-41079,2021-09-20T20:45:44Z,"Infinite loop in Tomcat due to parsing error",org.apache.tomcat:tomcat,9.0.0,9.0.44,HIGH,CWE-20;CWE-835 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-client,0,0.21.29,HIGH,CWE-74;CWE-918 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-client,0.22.0,0.22.5,HIGH,CWE-74;CWE-918 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-client,0.23.0,0.23.4,HIGH,CWE-74;CWE-918 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-server,0,0.21.29,HIGH,CWE-74;CWE-918 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-server,0.22.0,0.22.5,HIGH,CWE-74;CWE-918 -CVE-2021-41084,2021-09-22T19:18:41Z,"Response Splitting from unsanitized headers",org.http4s:http4s-server,0.23.0,0.23.4,HIGH,CWE-74;CWE-918 -CVE-2021-41182,2021-10-26T14:55:02Z,"XSS in the `altField` option of the Datepicker widget in jquery-ui","org.webjars.npm:jquery-ui",0,1.13.0,MODERATE,CWE-79 -CVE-2021-41183,2021-10-26T14:55:21Z,"XSS in `*Text` options of the Datepicker widget in jquery-ui","org.webjars.npm:jquery-ui",0,1.13.0,MODERATE,CWE-79 -CVE-2021-41184,2021-10-26T14:55:12Z,"XSS in the `of` option of the `.position()` util in jquery-ui","org.webjars.npm:jquery-ui",0,1.13.0,MODERATE,CWE-79 -CVE-2021-41189,2021-11-01T19:18:16Z,"Communities and collections administrators can escalate their privilege up to system administrator",org.dspace:dspace-api,7.0,7.1,HIGH,CWE-863 -CVE-2021-41193,2022-03-01T18:58:23Z,"Use of Externally-Controlled Format String in wire-avs",com.wire:avs,0,7.1.12,HIGH,CWE-134 -CVE-2021-41269,2021-11-15T23:27:11Z,"Critical vulnerability found in cron-utils",com.cronutils:cron-utils,0,9.1.6,CRITICAL,CWE-94 -CVE-2021-41303,2021-09-20T20:18:11Z,"Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass","org.apache.shiro:shiro-core",0,1.8.0,CRITICAL,CWE-287 -CVE-2021-4133,2022-01-06T18:32:58Z,"Improper Authorization in Keycloak","org.keycloak:keycloak-services",0,15.1.1,HIGH,CWE-863 -CVE-2021-41411,2022-06-17T00:01:28Z,"XML External Entity Reference in drools",org.drools:drools-core,0,7.60.0.Final,CRITICAL,CWE-611 -CVE-2021-41532,2021-11-23T18:17:50Z,"Apache Ozone exposes OM, SCM and Datanode metadata","org.apache.ozone:ozone-main",0,1.2.0,MODERATE,CWE-668 -CVE-2021-41561,2022-01-06T23:59:25Z,"Improper Input Validation in Parquet-MR","org.apache.parquet:parquet",0,1.11.2,HIGH,CWE-20 -CVE-2021-41561,2022-01-06T23:59:25Z,"Improper Input Validation in Parquet-MR","org.apache.parquet:parquet",1.12.0,1.12.2,HIGH,CWE-20 -CVE-2021-41571,2022-02-02T00:01:52Z,"Improper Input Validation in Apache Pulsar",org.apache.pulsar:pulsar,0,,MODERATE,CWE-20;CWE-863 -CVE-2021-41571,2022-02-02T00:01:52Z,"Improper Input Validation in Apache Pulsar",org.apache.pulsar:pulsar,2.7.0,2.7.4,MODERATE,CWE-20;CWE-863 -CVE-2021-41571,2022-02-02T00:01:52Z,"Improper Input Validation in Apache Pulsar",org.apache.pulsar:pulsar,2.8.0,2.8.1,MODERATE,CWE-20;CWE-863 -CVE-2021-41616,2021-10-04T20:12:30Z,"Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils","org.apache.ddlutils:ddlutils",0,,CRITICAL,CWE-502 -CVE-2021-41766,2022-01-28T22:24:48Z,"Insecure Java Deserialization in Apache Karaf","org.apache.karaf.management:org.apache.karaf.management.server",0,4.3.6,HIGH,CWE-502 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.0.0-beta-1,5.0.3,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.1.0,5.1.2,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.11.0,5.11.2,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.2.0,5.3.2,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.5.0,5.7.4,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.8.0,5.8.1,MODERATE,CWE-502;CWE-94 -CVE-2021-4178,2022-07-15T05:17:35Z,"fabric8 kubernetes-client vulnerable ","io.fabric8:kubernetes-client",5.9.0,5.10.2,MODERATE,CWE-502;CWE-94 -CVE-2021-41862,2021-10-04T20:14:31Z,"Expression injection in AviatorScript","com.googlecode.aviator:aviator",5.2.1,,CRITICAL,CWE-74 -CVE-2021-41973,2021-11-03T17:30:35Z,"Infinite loop in Apache MINA","org.apache.mina:mina-core",0,2.0.22,MODERATE,CWE-835 -CVE-2021-41973,2021-11-03T17:30:35Z,"Infinite loop in Apache MINA","org.apache.mina:mina-core",2.1.0,2.1.5,MODERATE,CWE-835 -CVE-2021-42010,2022-10-24T19:00:16Z,"Heron allows CRLF log injection","org.apache.heron:heron-api",0,0.20.5-incubating,CRITICAL,CWE-116 -CVE-2021-42340,2021-10-15T18:51:34Z,"Missing Release of Resource after Effective Lifetime in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.12,HIGH,CWE-772 -CVE-2021-42340,2021-10-15T18:51:34Z,"Missing Release of Resource after Effective Lifetime in Apache Tomcat",org.apache.tomcat:tomcat,10.1.0-M1,10.1.0-M6,HIGH,CWE-772 -CVE-2021-42340,2021-10-15T18:51:34Z,"Missing Release of Resource after Effective Lifetime in Apache Tomcat",org.apache.tomcat:tomcat,8.5.60,8.5.72,HIGH,CWE-772 -CVE-2021-42340,2021-10-15T18:51:34Z,"Missing Release of Resource after Effective Lifetime in Apache Tomcat",org.apache.tomcat:tomcat,9.0.40,9.0.54,HIGH,CWE-772 -CVE-2021-42357,2022-01-21T23:52:00Z,"Cross-site Scripting in Apache Knox SSO","org.apache.knox:gateway-service-knoxsso",0,1.6.1,MODERATE,CWE-79 -CVE-2021-42392,2022-01-06T23:55:09Z,"RCE in H2 Console",com.h2database:h2,1.1.100,2.0.206,CRITICAL,CWE-502 -CVE-2021-42550,2021-12-17T20:00:50Z,"Deserialization of Untrusted Data in logback","ch.qos.logback:logback-core",0,1.2.9,MODERATE,CWE-502 -CVE-2021-42567,2021-12-10T20:24:11Z,"Cross-site Scripting in Apereo CAS","org.apereo.cas:cas-server-core-web",0,6.4.2,MODERATE,CWE-79 -CVE-2021-42575,2021-10-19T20:15:50Z,"Policies not properly enforced in OWASP Java HTML Sanitizer","com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer",0,20211018.1,CRITICAL,CWE-20 -CVE-2021-42697,2022-05-24T19:19:40Z,"Uncontrolled Recursion in Akka HTTP","com.typesafe.akka:akka-http",10.1.0,10.2.7,HIGH,CWE-674;CWE-787 -CVE-2021-42767,2022-02-01T22:01:14Z,"Neo4j Graph Database vulnerable to Path Traversal",org.neo4j.procedure:apoc,0,3.5.17,CRITICAL,CWE-22 -CVE-2021-42767,2022-02-01T22:01:14Z,"Neo4j Graph Database vulnerable to Path Traversal",org.neo4j.procedure:apoc,4.2.0,4.2.10,CRITICAL,CWE-22 -CVE-2021-42767,2022-02-01T22:01:14Z,"Neo4j Graph Database vulnerable to Path Traversal",org.neo4j.procedure:apoc,4.3.0.0,4.3.0.4,CRITICAL,CWE-22 -CVE-2021-42767,2022-02-01T22:01:14Z,"Neo4j Graph Database vulnerable to Path Traversal",org.neo4j.procedure:apoc,4.4.0.0,4.4.0.1,CRITICAL,CWE-22 -CVE-2021-43090,2022-03-26T00:00:32Z,"Improper Restriction of XML External Entity Reference in soa-model","com.predic8:soa-model-core",0,1.6.4,CRITICAL,CWE-611 -CVE-2021-43090,2022-03-26T00:00:32Z,"Improper Restriction of XML External Entity Reference in soa-model","com.predic8:soa-model-parent",0,1.6.4,CRITICAL,CWE-611 -CVE-2021-43113,2021-12-16T00:02:15Z,"Command injection in itext7-core",com.itextpdf:itext7-core,0,7.1.17,CRITICAL,CWE-77 -CVE-2021-43113,2021-12-16T00:02:15Z,"Command injection in itext7-core",com.itextpdf:itextpdf,0,5.5.13.3,CRITICAL,CWE-77 -CVE-2021-43116,2022-07-06T00:00:30Z,"Use of Hard-coded Credentials in Nacos","com.alibaba.nacos:nacos-client",0,,HIGH,CWE-287;CWE-798 -CVE-2021-43142,2022-04-01T00:00:45Z,"Improper Restriction of XML External Entity Reference in wutka jox",com.wutka:jox,0,,MODERATE,CWE-611 -CVE-2021-43297,2022-01-12T22:51:04Z,"Deserialization of Untrusted Data in Dubbo",org.apache.dubbo:dubbo,2.6.0,2.6.12,CRITICAL,CWE-502 -CVE-2021-43297,2022-01-12T22:51:04Z,"Deserialization of Untrusted Data in Dubbo",org.apache.dubbo:dubbo,2.7.0,2.7.15,CRITICAL,CWE-502 -CVE-2021-43297,2022-01-12T22:51:04Z,"Deserialization of Untrusted Data in Dubbo",org.apache.dubbo:dubbo,3.0.0,3.0.5,CRITICAL,CWE-502 -CVE-2021-43466,2021-11-10T19:52:33Z,"Template injection in thymeleaf-spring5","org.thymeleaf:thymeleaf-spring5",0,3.0.13.RELEASE,CRITICAL,CWE-94 -CVE-2021-43570,2021-11-10T20:48:00Z,"Improper Verification of Cryptographic Signature in starkbank-ecdsa","com.starkbank:starkbank-ecdsa",0,1.0.1,CRITICAL,CWE-347 -CVE-2021-43576,2022-05-24T19:20:33Z,"XXE vulnerability in Jenkins pom2config Plugin","org.jenkins-ci.plugins:pom2config",0,,MODERATE,CWE-611 -CVE-2021-43577,2022-05-24T19:20:32Z,"XXE vulnerability in Jenkins OWASP Dependency-Check Plugin","org.jenkins-ci.plugins:dependency-check-jenkins-plugin",0,5.1.2,HIGH,CWE-611 -CVE-2021-43578,2022-05-24T19:20:32Z,"Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files","org.jenkins-ci.plugins:squashtm-publisher-plugin",0,,HIGH,CWE-693 -CVE-2021-43795,2021-12-02T22:25:54Z,"Path Traversal in com.linecorp.armeria:armeria","com.linecorp.armeria:armeria",1.12.0,1.13.4,HIGH,CWE-22 -CVE-2021-43797,2021-12-09T19:09:17Z,"HTTP request smuggling in netty","io.netty:netty-codec-http",4.0.0,4.1.71.Final,MODERATE,CWE-444 -CVE-2021-43797,2021-12-09T19:09:17Z,"HTTP request smuggling in netty",io.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-43797,2021-12-09T19:09:17Z,"HTTP request smuggling in netty",org.jboss.netty:netty,0,,MODERATE,CWE-444 -CVE-2021-43807,2021-12-14T21:43:00Z,"HTTP Method Spoofing","org.opencastproject:opencast-common",0,9.10,HIGH,CWE-290 -CVE-2021-43821,2021-12-14T21:44:03Z,"Files Accessible to External Parties in Opencast","org.opencastproject:opencast-ingest-service-impl",0,10.6,CRITICAL,CWE-552 -CVE-2021-43841,2022-02-10T22:42:48Z,"Cross-site Scripting by SVG upload in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",0,12.10.6,MODERATE,CWE-79 -CVE-2021-43841,2022-02-10T22:42:48Z,"Cross-site Scripting by SVG upload in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",13.0,13.3RC1,MODERATE,CWE-79 -CVE-2021-43841,2022-02-10T22:42:48Z,"Cross-site Scripting by SVG upload in xwiki-platform","org.xwiki.platform:xwiki-platform-tool-configuration-resources",0,12.10.6,MODERATE,CWE-79 -CVE-2021-43841,2022-02-10T22:42:48Z,"Cross-site Scripting by SVG upload in xwiki-platform","org.xwiki.platform:xwiki-platform-tool-configuration-resources",13.0,13.3RC1,MODERATE,CWE-79 -CVE-2021-43859,2022-02-01T00:48:15Z,"Denial of Service by injecting highly recursive collections or maps in XStream","com.thoughtworks.xstream:xstream",0,1.4.19,HIGH,CWE-400;CWE-502 -CVE-2021-43980,2022-09-29T00:00:25Z,"Apache Tomcat Race Condition vulnerability",org.apache.tomcat:tomcat,10.0.0-M1,10.0.20,LOW,CWE-362 -CVE-2021-43980,2022-09-29T00:00:25Z,"Apache Tomcat Race Condition vulnerability",org.apache.tomcat:tomcat,10.1.0-M1,10.1.0-M14,LOW,CWE-362 -CVE-2021-43980,2022-09-29T00:00:25Z,"Apache Tomcat Race Condition vulnerability",org.apache.tomcat:tomcat,8.5.0,8.5.78,LOW,CWE-362 -CVE-2021-43980,2022-09-29T00:00:25Z,"Apache Tomcat Race Condition vulnerability",org.apache.tomcat:tomcat,9.0.0-M1,9.0.62,LOW,CWE-362 -CVE-2021-44138,2022-04-05T00:00:28Z,"Path Traversal in Caucho Resin",com.caucho:resin,4.0.52,,HIGH,CWE-22 -CVE-2021-44140,2021-11-29T17:59:24Z,"Incorrect Default Permissions in Apache JSPWiki","org.apache.jspwiki:jspwiki-main",0,2.11.0,CRITICAL,CWE-276 -CVE-2021-44145,2022-01-05T17:33:32Z,"Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi",org.apache.nifi:nifi,0,1.15.1,MODERATE,CWE-200 -CVE-2021-44228,2021-12-10T00:40:56Z,"Remote code injection in Log4j","com.guicedee.services:log4j-core",0,,CRITICAL,"CWE-20;CWE-400;CWE-502;CWE-917" -CVE-2021-44228,2021-12-10T00:40:56Z,"Remote code injection in Log4j","org.apache.logging.log4j:log4j-core",2.0-beta9,2.3.1,CRITICAL,"CWE-20;CWE-400;CWE-502;CWE-917" -CVE-2021-44228,2021-12-10T00:40:56Z,"Remote code injection in Log4j","org.apache.logging.log4j:log4j-core",2.13.0,2.15.0,CRITICAL,"CWE-20;CWE-400;CWE-502;CWE-917" -CVE-2021-44228,2021-12-10T00:40:56Z,"Remote code injection in Log4j","org.apache.logging.log4j:log4j-core",2.4,2.12.2,CRITICAL,"CWE-20;CWE-400;CWE-502;CWE-917" -CVE-2021-44521,2022-02-12T00:00:48Z,"Apache Cassandra vulnerable to Code Injection due to unsafe configuration","org.apache.cassandra:cassandra-all",0,3.0.26,CRITICAL,CWE-732;CWE-94 -CVE-2021-44521,2022-02-12T00:00:48Z,"Apache Cassandra vulnerable to Code Injection due to unsafe configuration","org.apache.cassandra:cassandra-all",3.11.0,3.11.12,CRITICAL,CWE-732;CWE-94 -CVE-2021-44521,2022-02-12T00:00:48Z,"Apache Cassandra vulnerable to Code Injection due to unsafe configuration","org.apache.cassandra:cassandra-all",4.0.0,4.0.2,CRITICAL,CWE-732;CWE-94 -CVE-2021-44548,2022-01-06T21:32:35Z,"Apache Solr Improper Input Validation and Path Traversal","org.apache.solr:solr-parent",0,8.11.1,CRITICAL,CWE-20;CWE-22;CWE-40 -CVE-2021-44549,2021-12-16T14:12:49Z,"Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail","org.apache.sling:org.apache.sling.commons.messaging.mail",0,2.0,HIGH,CWE-295;CWE-297 -CVE-2021-44550,2022-02-25T00:01:07Z,"Access Control vulnerability within CoreNLP","edu.stanford.nlp:stanford-corenlp",0,4.4.0,CRITICAL,CWE-863 -CVE-2021-44585,2022-03-11T00:01:59Z,"Cross-site Scripting in jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,3.1.0,MODERATE,CWE-79 -CVE-2021-44585,2022-03-11T00:01:59Z,"Cross-site Scripting in jeecg-boot","org.jeecgframework.boot:jeecg-boot-base-core",0,3.1.0,MODERATE,CWE-79 -CVE-2021-44667,2022-03-12T00:00:27Z,"Cross-site Scripting in Nacos","com.alibaba.nacos:nacos-common",0,2.0.4,MODERATE,CWE-79 -CVE-2021-44791,2022-07-08T00:00:43Z,"Apache Druid before 0.23.0 vulnerable to reflected XSS via unescaped URL parameters",org.apache.druid:druid,0,0.23.0,MODERATE,CWE-79 -CVE-2021-44832,2022-01-04T16:14:20Z,"Improper Input Validation and Injection in Apache Log4j2","org.apache.logging.log4j:log4j-core",2.0-beta7,2.3.2,MODERATE,CWE-20;CWE-74 -CVE-2021-44832,2022-01-04T16:14:20Z,"Improper Input Validation and Injection in Apache Log4j2","org.apache.logging.log4j:log4j-core",2.13.0,2.17.1,MODERATE,CWE-20;CWE-74 -CVE-2021-44832,2022-01-04T16:14:20Z,"Improper Input Validation and Injection in Apache Log4j2","org.apache.logging.log4j:log4j-core",2.4,2.12.4,MODERATE,CWE-20;CWE-74 -CVE-2021-44868,2022-02-18T00:00:34Z,"SQL injection in MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-89 -CVE-2021-44878,2022-01-08T00:36:05Z,"Pac4j token validation bypass if OpenID Connect provider supports none algorithm",org.pac4j:pac4j-oidc,0,4.5.5,HIGH,CWE-347 -CVE-2021-44878,2022-01-08T00:36:05Z,"Pac4j token validation bypass if OpenID Connect provider supports none algorithm",org.pac4j:pac4j-oidc,5.0,5.3.1,HIGH,CWE-347 -CVE-2021-45029,2022-01-28T22:13:27Z,"Code injection in ShenYu","org.apache.shenyu:shenyu-common",2.4.0,2.4.2,CRITICAL,CWE-94 -CVE-2021-45046,2021-12-14T18:01:28Z,"Incomplete fix for Apache Log4j vulnerability","org.apache.logging.log4j:log4j-core",0,2.12.2,CRITICAL,CWE-502;CWE-917 -CVE-2021-45046,2021-12-14T18:01:28Z,"Incomplete fix for Apache Log4j vulnerability","org.apache.logging.log4j:log4j-core",2.13.0,2.16.0,CRITICAL,CWE-502;CWE-917 -CVE-2021-45105,2021-12-18T18:00:07Z,"Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion","org.apache.logging.log4j:log4j-core",0,2.3.1,HIGH,CWE-20;CWE-674 -CVE-2021-45105,2021-12-18T18:00:07Z,"Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion","org.apache.logging.log4j:log4j-core",2.13.0,2.17.0,HIGH,CWE-20;CWE-674 -CVE-2021-45105,2021-12-18T18:00:07Z,"Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion","org.apache.logging.log4j:log4j-core",2.4.0,2.12.3,HIGH,CWE-20;CWE-674 -CVE-2021-45456,2022-01-08T00:42:59Z,"Command Injection in Apache Kylin",org.apache.kylin:kylin,0,4.0.1,MODERATE,CWE-77 -CVE-2021-45457,2022-01-08T00:43:16Z,"In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.",org.apache.kylin:kylin,0,3.1.3,HIGH,CWE-522 -CVE-2021-45457,2022-01-08T00:43:16Z,"In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.",org.apache.kylin:kylin,4.0.0,4.0.1,HIGH,CWE-522 -CVE-2021-45458,2022-01-08T00:43:09Z,"Use of Hard-coded Credentials in Apache Kylin",org.apache.kylin:kylin,0,3.1.3,HIGH,CWE-326;CWE-330;CWE-798 -CVE-2021-45458,2022-01-08T00:43:09Z,"Use of Hard-coded Credentials in Apache Kylin",org.apache.kylin:kylin,4.0.0,4.0.1,HIGH,CWE-326;CWE-330;CWE-798 -CVE-2021-46036,2022-02-19T00:01:25Z,"File upload leading to RCE in MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434 -CVE-2021-46037,2022-02-19T00:01:25Z,"Path traversal in MCMS",net.mingsoft:ms-mcms,0,,HIGH,CWE-22 -CVE-2021-46062,2022-02-19T00:01:24Z,"MCMS Arbitrary File Deletion vulnerability",net.mingsoft:ms-basic,0,2.1.16,HIGH,CWE-22 -CVE-2021-46062,2022-02-19T00:01:24Z,"MCMS Arbitrary File Deletion vulnerability",net.mingsoft:ms-mcms,0,5.2.11,HIGH,CWE-22 -CVE-2021-46063,2022-02-19T00:01:24Z,"Server Side Template Injection in MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-74 -CVE-2021-46089,2022-01-26T00:01:25Z,"SQL Injection in JeecgBoot","org.jeecgframework.boot:jeecg-boot-base",0,,CRITICAL,CWE-89 -CVE-2021-46089,2022-01-26T00:01:25Z,"SQL Injection in JeecgBoot","org.jeecgframework.boot:jeecg-boot-base-core",0,,CRITICAL,CWE-89 -CVE-2021-46361,2022-02-12T00:00:37Z,"Arbitrary code execution in Magnolia CMS","info.magnolia:magnolia-core",0,6.2.12,CRITICAL, -CVE-2021-46363,2022-02-12T00:00:37Z,"Arbitrary code execution in Magnolia CMS","info.magnolia:magnolia-core",0,6.2.4,HIGH,CWE-1236 -CVE-2021-46364,2022-02-12T00:00:37Z,"Deserialization of Untrusted Data in Magnolia CMS","info.magnolia:magnolia-core",0,6.2.4,HIGH,CWE-502 -CVE-2021-46365,2022-02-12T00:00:37Z,"Improper Restriction of XML External Entity Reference in Magnolia CMS","info.magnolia:magnolia-core",0,6.2.4,HIGH,CWE-611 -CVE-2021-46366,2022-02-12T00:00:37Z,"Cross-Site Request Forgery in Magnolia CMS","info.magnolia:magnolia-core",0,6.2.4,HIGH,CWE-352 -CVE-2021-46383,2022-01-27T00:01:02Z,"Mingsoft MCMS SQL injection vulnerability",net.mingsoft:ms-mcms,0,5.2.6,HIGH,CWE-89 -CVE-2021-46384,2022-03-05T00:00:41Z,"Remote code execution in net.mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,5.2.6,CRITICAL,CWE-287 -CVE-2021-46385,2022-01-27T00:00:52Z,"Mingsoft MCMS SQL injection vulnerability",net.mingsoft:ms-mcms,0,,HIGH,CWE-89 -CVE-2021-46386,2022-01-27T00:01:00Z,"Mingsoft MCMS vulnerable to Remote Code Execution via file upload.",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434 -CVE-2021-46877,2023-03-19T00:30:25Z,"jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode","com.fasterxml.jackson.core:jackson-databind",2.10.0,2.12.6,HIGH, -CVE-2021-46877,2023-03-19T00:30:25Z,"jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode","com.fasterxml.jackson.core:jackson-databind",2.13.0,2.13.1,HIGH, -CVE-2021-47621,2024-06-21T06:31:12Z,"ClassGraph XML External Entity Reference","io.github.classgraph:classgraph",0,4.8.112,MODERATE,CWE-611 -CVE-2022-0084,2022-08-27T00:00:44Z,"XNIO `notifyReadClosed` method logging message to unexpected end",org.jboss.xnio:xnio-all,0,,HIGH,CWE-770 -CVE-2022-0198,2022-01-14T21:07:23Z,"XML External Entity Reference in edu.stanford.nlp:stanford-corenlp","edu.stanford.nlp:stanford-corenlp",0,,MODERATE,CWE-611 -CVE-2022-0219,2022-01-21T18:13:42Z,"Improper Restriction of XML External Entity Reference in skylot/jadx","io.github.skylot:jadx-core",0,1.3.2,MODERATE,CWE-611 -CVE-2022-0225,2022-08-27T00:00:44Z,"Keycloak XSS via use of malicious payload as group name when creating new group from admin console","org.keycloak:keycloak-core",0,,MODERATE,CWE-79 -CVE-2022-0239,2022-01-21T23:43:11Z,"corenlp is vulnerable to Improper Restriction of XML External Entity Reference","edu.stanford.nlp:stanford-corenlp",0,,CRITICAL,CWE-611 -CVE-2022-0265,2022-03-04T00:00:15Z,"XML External Entity Reference in Hazelcast",com.hazelcast:hazelcast,5.1-beta1,5.1,CRITICAL,CWE-611 -CVE-2022-0272,2022-04-22T00:00:36Z,"XML External Entity Reference in detekt","io.gitlab.arturbosch.detekt:detekt-core",0,1.20.0,HIGH,CWE-611 -CVE-2022-0538,2022-02-10T00:00:30Z,"DoS vulnerability in bundled XStream library in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.319.3,MODERATE,CWE-502 -CVE-2022-0538,2022-02-10T00:00:30Z,"DoS vulnerability in bundled XStream library in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.320,2.334,MODERATE,CWE-502 -CVE-2022-0671,2022-02-19T00:01:28Z,"Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX","org.eclipse.lemminx:lemminx-parent",0,0.19.0,CRITICAL,CWE-400;CWE-918 -CVE-2022-0672,2022-02-19T00:01:28Z,"Exposure of Sensitive Information to an Unauthorized Actor in LemMinX","org.eclipse.lemminx:lemminx-parent",0,0.19.0,MODERATE,CWE-200 -CVE-2022-0673,2022-02-19T00:01:27Z,"Path Traversal in LemMinX","org.eclipse.lemminx:lemminx-parent",0,0.19.0,MODERATE,CWE-22 -CVE-2022-0839,2022-03-05T00:00:45Z,"Improper Restriction of XML External Entity Reference in Liquibase","org.liquibase:liquibase-core",0,4.8.0,CRITICAL,CWE-611 -CVE-2022-1245,2022-04-26T21:21:00Z,"Keycloak vulnerable to privilege escalation on Token Exchange feature","org.keycloak:keycloak-services",0,18.0.0,CRITICAL,CWE-639;CWE-862;CWE-863 -CVE-2022-1274,2023-03-01T17:58:01Z,"HTML Injection in Keycloak Admin REST API","org.keycloak:keycloak-services",0,20.0.5,MODERATE,CWE-79;CWE-80 -CVE-2022-1278,2022-09-14T00:00:48Z,"WildFly vulnerable to Insecure Default Initialization of Resource",org.wildfly.bom:wildfly,0,27.0.0.Beta1,HIGH,CWE-1188 -CVE-2022-1415,2023-09-11T21:30:17Z,"Drools Core Deserialization of Untrusted Data vulnerability",org.drools:drools-core,0,7.69.0.Final,MODERATE,CWE-502 -CVE-2022-1438,2023-03-01T16:18:55Z,"Keycloak vulnerable to Cross-site Scripting","org.keycloak:keycloak-services",0,,MODERATE,CWE-79 -CVE-2022-1466,2022-04-27T00:00:19Z,"Improper authorization in Keycloak","org.keycloak:keycloak-core",0,17.0.1,MODERATE,CWE-863 -CVE-2022-1471,2022-12-12T21:19:47Z,"SnakeYaml Constructor Deserialization Remote Code Execution",org.yaml:snakeyaml,0,2.0,HIGH,CWE-20;CWE-502 -CVE-2022-1782,2022-05-19T00:00:30Z,"Cross-site Scripting in com.erudika:para-core",com.erudika:para-core,0,1.45.11,CRITICAL,CWE-79 -CVE-2022-1848,2022-05-25T00:00:37Z,"Business Logic Errors in Para",com.erudika:para-core,0,1.46.0,MODERATE, -CVE-2022-2047,2022-07-07T20:55:34Z,"Jetty invalid URI parsing may produce invalid HttpURI.authority","org.eclipse.jetty:jetty-http",0,9.4.47,LOW,CWE-20 -CVE-2022-2047,2022-07-07T20:55:34Z,"Jetty invalid URI parsing may produce invalid HttpURI.authority","org.eclipse.jetty:jetty-http",10.0.0,10.0.10,LOW,CWE-20 -CVE-2022-2047,2022-07-07T20:55:34Z,"Jetty invalid URI parsing may produce invalid HttpURI.authority","org.eclipse.jetty:jetty-http",11.0.0,11.0.10,LOW,CWE-20 -CVE-2022-2048,2022-07-07T20:55:40Z,"Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service","org.eclipse.jetty.http2:http2-server",0,9.4.47,HIGH,CWE-400;CWE-410 -CVE-2022-2048,2022-07-07T20:55:40Z,"Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service","org.eclipse.jetty.http2:http2-server",10.0.0,10.0.10,HIGH,CWE-400;CWE-410 -CVE-2022-2048,2022-07-07T20:55:40Z,"Jetty vulnerable to Invalid HTTP/2 requests that can lead to denial of service","org.eclipse.jetty.http2:http2-server",11.0.0,11.0.10,HIGH,CWE-400;CWE-410 -CVE-2022-2053,2022-08-06T00:00:46Z,"Undertow vulnerable to Dos via Large AJP request","io.undertow:undertow-core",0,2.2.19.Final,HIGH,CWE-400 -CVE-2022-2053,2022-08-06T00:00:46Z,"Undertow vulnerable to Dos via Large AJP request","io.undertow:undertow-core",2.3.0.Alpha1,2.3.0.Alpha2,HIGH,CWE-400 -CVE-2022-20612,2022-01-21T23:37:57Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.319.2,MODERATE,CWE-352 -CVE-2022-20612,2022-01-21T23:37:57Z,"Cross-Site Request Forgery in Jenkins","org.jenkins-ci.main:jenkins-core",2.320,2.330,MODERATE,CWE-352 -CVE-2022-20613,2022-01-13T00:01:04Z,"Cross-Site Request Forgery in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",0,1.34.2,MODERATE,CWE-352 -CVE-2022-20613,2022-01-13T00:01:04Z,"Cross-Site Request Forgery in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",391.ve4a38c1bcf4b,408.vd726a,MODERATE,CWE-352 -CVE-2022-20614,2022-01-13T00:01:04Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",0,1.34.2,MODERATE,CWE-732;CWE-862 -CVE-2022-20614,2022-01-13T00:01:04Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin","org.jenkins-ci.plugins:mailer",391.ve4a38c1bcf4b,408.vd726a,MODERATE,CWE-732;CWE-862 -CVE-2022-20615,2022-01-13T00:01:04Z,"Stored XSS vulnerability in Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",0,1.18.1,MODERATE,CWE-79 -CVE-2022-20615,2022-01-13T00:01:04Z,"Stored XSS vulnerability in Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",1.19,1.20,MODERATE,CWE-79 -CVE-2022-20616,2022-01-13T00:01:03Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin","org.jenkins-ci.plugins:credentials-binding",0,1.24.1,MODERATE,CWE-732;CWE-862 -CVE-2022-20616,2022-01-13T00:01:03Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin","org.jenkins-ci.plugins:credentials-binding",1.25,1.27.1,MODERATE,CWE-732;CWE-862 -CVE-2022-20617,2022-01-13T00:01:03Z,"OS command execution vulnerability in Jenkins Docker Commons Plugin","org.jenkins-ci.plugins:docker-commons",0,1.18,HIGH,CWE-78 -CVE-2022-20618,2022-01-13T00:01:02Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",0,2.9.7.2,MODERATE,CWE-732;CWE-862 -CVE-2022-20618,2022-01-13T00:01:02Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",2.9.8,2.9.11.2,MODERATE,CWE-732;CWE-862 -CVE-2022-20618,2022-01-13T00:01:02Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",720.vbe985dd73d66,725.vd9f8be0fa250,MODERATE,CWE-732;CWE-862 -CVE-2022-20618,2022-01-13T00:01:02Z,"Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",726.v7e6f53de133c,746.v350d2781c184,MODERATE,CWE-732;CWE-862 -CVE-2022-20619,2022-01-13T00:01:00Z,"Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",0,2.9.7.2,HIGH,CWE-352 -CVE-2022-20619,2022-01-13T00:01:00Z,"Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",2.9.8,2.9.11.2,HIGH,CWE-352 -CVE-2022-20619,2022-01-13T00:01:00Z,"Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",720.vbe985dd73d66,725.vd9f8be0fa250,HIGH,CWE-352 -CVE-2022-20619,2022-01-13T00:01:00Z,"Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",726.v7e6f53de133c,746.v350d2781c184,HIGH,CWE-352 -CVE-2022-20620,2022-01-13T00:00:58Z,"Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:ssh-agent",0,1.22.1,MODERATE,CWE-668;CWE-862 -CVE-2022-20620,2022-01-13T00:00:58Z,"Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:ssh-agent",1.23,1.23.2,MODERATE,CWE-668;CWE-862 -CVE-2022-20621,2022-01-13T00:00:57Z,"Access key stored in plain text by Jenkins Metrics Plugin","org.jenkins-ci.plugins:metrics",0,4.0.2.7.1,MODERATE,CWE-522 -CVE-2022-20621,2022-01-13T00:00:57Z,"Access key stored in plain text by Jenkins Metrics Plugin","org.jenkins-ci.plugins:metrics",4.0.2.8,4.0.2.8.1,MODERATE,CWE-522 -CVE-2022-21126,2022-11-29T18:30:18Z,"HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere","com.github.samtools:htsjdk",0,3.0.1,HIGH,CWE-668 -CVE-2022-21363,2022-01-20T00:00:48Z,"Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java","mysql:mysql-connector-java",0,8.0.28,MODERATE,CWE-280 -CVE-2022-21653,2022-01-06T23:48:35Z,"Hash collision in typelevel jawn","org.typelevel:jawn-parser",0,1.3.2,MODERATE,CWE-326;CWE-400 -CVE-2022-21700,2022-01-21T23:19:36Z,"Memory leak in micronaut-core","io.micronaut:micronaut-http",0,3.2.7,MODERATE,CWE-400 -CVE-2022-21724,2022-02-02T00:04:20Z,"pgjdbc Does Not Check Class Instantiation when providing Plugin Classes","org.postgresql:postgresql",42.3.0,42.3.2,HIGH,CWE-665;CWE-668;CWE-74 -CVE-2022-21724,2022-02-02T00:04:20Z,"pgjdbc Does Not Check Class Instantiation when providing Plugin Classes","org.postgresql:postgresql",9.4.1208,42.2.25,HIGH,CWE-665;CWE-668;CWE-74 -CVE-2022-2191,2022-07-07T20:55:37Z,"Jetty SslConnection does not release pooled ByteBuffers in case of errors","org.eclipse.jetty:jetty-server",10.0.0,10.0.10,HIGH,CWE-404 -CVE-2022-2191,2022-07-07T20:55:37Z,"Jetty SslConnection does not release pooled ByteBuffers in case of errors","org.eclipse.jetty:jetty-server",11.0.0,11.0.10,HIGH,CWE-404 -CVE-2022-2232,2023-11-29T21:33:07Z,"Keycloak vulnerable to LDAP Injection on UsernameForm Login","org.keycloak:keycloak-ldap-federation",0,23.0.1,LOW,CWE-90 -CVE-2022-2232,2023-11-29T21:33:07Z,"Keycloak vulnerable to LDAP Injection on UsernameForm Login","org.keycloak:keycloak-services",0,23.0.1,LOW,CWE-90 -CVE-2022-2256,2022-09-23T16:32:51Z,"Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles","org.keycloak:keycloak-parent",0,19.0.2,MODERATE,CWE-79 -CVE-2022-22880,2022-02-17T00:00:26Z,"SQL Injection in Jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,,CRITICAL,CWE-89 -CVE-2022-22880,2022-02-17T00:00:26Z,"SQL Injection in Jeecg-boot","org.jeecgframework.boot:jeecg-boot-base-core",0,,CRITICAL,CWE-89 -CVE-2022-22881,2022-02-17T00:00:25Z,"SQL Injection in Jeecg-boot","org.jeecgframework.boot:jeecg-boot-base",0,,CRITICAL,CWE-89 -CVE-2022-22881,2022-02-17T00:00:25Z,"SQL Injection in Jeecg-boot","org.jeecgframework.boot:jeecg-boot-base-core",0,,CRITICAL,CWE-89 -CVE-2022-22885,2022-02-17T00:00:26Z,"Improper Certificate Validation in Hutool",cn.hutool:hutool-http,0,5.7.19,CRITICAL,CWE-295 -CVE-2022-22929,2022-01-22T00:00:50Z,"Arbitrary File Upload in Mingsoft MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434 -CVE-2022-22930,2022-01-22T00:00:50Z,"RCE in Mingsoft MCMS",net.mingsoft:ms-mcms,0,5.2.9,CRITICAL,CWE-1336 -CVE-2022-22931,2022-02-08T00:00:34Z,"Path Traversal in Apache James Server","org.apache.james:james-server",0,3.6.2,MODERATE,CWE-22 -CVE-2022-22932,2022-01-28T22:25:03Z,"Path traversal in Apache Karaf","org.apache.karaf:apache-karaf",0,4.2.15,MODERATE,CWE-22 -CVE-2022-22932,2022-01-28T22:25:03Z,"Path traversal in Apache Karaf","org.apache.karaf:apache-karaf",4.3.0,4.3.6,MODERATE,CWE-22 -CVE-2022-22947,2022-03-04T00:00:15Z,"Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured","org.springframework.cloud:spring-cloud-gateway",0,3.0.7,CRITICAL,CWE-917;CWE-94 -CVE-2022-22947,2022-03-04T00:00:15Z,"Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured","org.springframework.cloud:spring-cloud-gateway",3.1.0,3.1.1,CRITICAL,CWE-917;CWE-94 -CVE-2022-22950,2022-04-03T00:01:00Z,"Allocation of Resources Without Limits or Throttling in Spring Framework","org.springframework:spring-expression",0,5.2.20.RELEASE,MODERATE,CWE-770 -CVE-2022-22950,2022-04-03T00:01:00Z,"Allocation of Resources Without Limits or Throttling in Spring Framework","org.springframework:spring-expression",5.3.0,5.3.17,MODERATE,CWE-770 -CVE-2022-22963,2022-04-03T00:00:59Z,"Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression","org.springframework.cloud:spring-cloud-function-context",0,3.1.7,CRITICAL,CWE-917;CWE-94 -CVE-2022-22963,2022-04-03T00:00:59Z,"Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression","org.springframework.cloud:spring-cloud-function-context",3.2.0,3.2.3,CRITICAL,CWE-917;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework.boot:spring-boot-starter-web",0,2.5.12,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework.boot:spring-boot-starter-web",2.6.0,2.6.6,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework.boot:spring-boot-starter-webflux",0,2.5.12,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework.boot:spring-boot-starter-webflux",2.6.0,2.6.6,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-beans",0,5.2.20.RELEASE,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-beans",5.3.0,5.3.18,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-webflux",0,5.2.20.RELEASE,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-webflux",5.3.0,5.3.18,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-webmvc",0,5.2.20.RELEASE,CRITICAL,CWE-74;CWE-94 -CVE-2022-22965,2022-03-31T18:30:50Z,"Remote Code Execution in Spring Framework","org.springframework:spring-webmvc",5.3.0,5.3.18,CRITICAL,CWE-74;CWE-94 -CVE-2022-22968,2022-04-15T00:00:32Z,"Improper handling of case sensitivity in Spring Framework","org.springframework:spring-context",0,5.2.21.RELEASE,HIGH,CWE-178 -CVE-2022-22968,2022-04-15T00:00:32Z,"Improper handling of case sensitivity in Spring Framework","org.springframework:spring-context",5.3.0,5.3.19,HIGH,CWE-178 -CVE-2022-22969,2022-04-22T00:00:33Z,"Denial of service in Spring Security OAuth2","org.springframework.security.oauth:spring-security-oauth2",2.4.0.RELEASE,2.4.2.RELEASE,MODERATE,CWE-400 -CVE-2022-22969,2022-04-22T00:00:33Z,"Denial of service in Spring Security OAuth2","org.springframework.security.oauth:spring-security-oauth2",2.5.0.RELEASE,2.5.2.RELEASE,MODERATE,CWE-400 -CVE-2022-22970,2022-05-13T00:00:28Z,"Denial of service in Spring Framework","org.springframework:spring-beans",0,5.2.22.RELEASE,HIGH,CWE-770 -CVE-2022-22970,2022-05-13T00:00:28Z,"Denial of service in Spring Framework","org.springframework:spring-beans",5.3.0,5.3.20,HIGH,CWE-770 -CVE-2022-22971,2022-05-13T00:00:29Z,"Allocation of Resources Without Limits or Throttling in Spring Framework","org.springframework:spring-messaging",0,5.2.22.RELEASE,MODERATE,CWE-770 -CVE-2022-22971,2022-05-13T00:00:29Z,"Allocation of Resources Without Limits or Throttling in Spring Framework","org.springframework:spring-messaging",5.3.0,5.3.20,MODERATE,CWE-770 -CVE-2022-22976,2022-05-20T00:00:38Z,"Integer overflow in BCrypt class in Spring Security","org.springframework.security:spring-security-core",5.2.0.RELEASE,5.5.7,MODERATE,CWE-190 -CVE-2022-22976,2022-05-20T00:00:38Z,"Integer overflow in BCrypt class in Spring Security","org.springframework.security:spring-security-core",5.6.0,5.6.4,MODERATE,CWE-190 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-core",0,5.4.11,CRITICAL,CWE-285;CWE-863 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-core",5.5.0,5.5.7,CRITICAL,CWE-285;CWE-863 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-core",5.6.0,5.6.4,CRITICAL,CWE-285;CWE-863 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-web",0,5.4.11,CRITICAL,CWE-285;CWE-863 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-web",5.5.0,5.5.7,CRITICAL,CWE-285;CWE-863 -CVE-2022-22978,2022-05-20T00:00:39Z,"Authorization bypass in Spring Security","org.springframework.security:spring-security-web",5.6.0,5.6.4,CRITICAL,CWE-285;CWE-863 -CVE-2022-22979,2022-06-22T00:00:54Z,"Denial of Service in Spring Cloud Function","org.springframework.cloud:spring-cloud-function-parent",0,3.2.6,HIGH,CWE-770 -CVE-2022-22980,2022-06-24T00:00:30Z,"SpEL Injection in Spring Data MongoDB","org.springframework.data:spring-data-mongodb",0,3.3.5,CRITICAL,CWE-917 -CVE-2022-22980,2022-06-24T00:00:30Z,"SpEL Injection in Spring Data MongoDB","org.springframework.data:spring-data-mongodb",3.4.0,3.4.1,CRITICAL,CWE-917 -CVE-2022-23059,2022-03-30T00:00:27Z,"Cross site scripting in Shopizer",com.shopizer:shopizer,2.0.2,3.0.0,MODERATE,CWE-79 -CVE-2022-23082,2022-06-01T00:00:35Z,"Path traversal in CureKit",io.whitesource:curekit,1.0.1,1.1.4,HIGH,CWE-22 -CVE-2022-23105,2022-01-13T00:00:55Z,"User passwords transmitted in plain text by Jenkins Active Directory Plugin","org.jenkins-ci.plugins:active-directory",0,2.25.1,MODERATE,CWE-319 -CVE-2022-23106,2022-01-21T23:38:30Z,"Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",0,1.47.1,LOW,CWE-203;CWE-208 -CVE-2022-23106,2022-01-21T23:38:30Z,"Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",1.48,1.53.1,LOW,CWE-203;CWE-208 -CVE-2022-23106,2022-01-21T23:38:30Z,"Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",1.54,1.54.1,LOW,CWE-203;CWE-208 -CVE-2022-23106,2022-01-21T23:38:30Z,"Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin","io.jenkins:configuration-as-code",1.55,1.55.1,LOW,CWE-203;CWE-208 -CVE-2022-23107,2022-01-21T23:38:05Z,"Path Traversal in Jenkins Warnings Next Generation Plugin","io.jenkins.plugins:warnings-ng",0,9.0.2,HIGH,CWE-22 -CVE-2022-23107,2022-01-21T23:38:05Z,"Path Traversal in Jenkins Warnings Next Generation Plugin","io.jenkins.plugins:warnings-ng",9.1.0,9.5.2,HIGH,CWE-22 -CVE-2022-23107,2022-01-21T23:38:05Z,"Path Traversal in Jenkins Warnings Next Generation Plugin","io.jenkins.plugins:warnings-ng",9.6.0,9.7.1,HIGH,CWE-22 -CVE-2022-23107,2022-01-21T23:38:05Z,"Path Traversal in Jenkins Warnings Next Generation Plugin","io.jenkins.plugins:warnings-ng",9.8.0,9.10.3,HIGH,CWE-22 -CVE-2022-23108,2022-01-13T00:00:54Z,"Stored XSS vulnerability in Jenkins Badge Plugin","org.jenkins-ci.plugins:badge",0,1.9.1,MODERATE,CWE-79 -CVE-2022-23109,2022-01-13T00:00:54Z,"Improper credentials masking in Jenkins HashiCorp Vault Plugin","com.datapipe.jenkins.plugins:hashicorp-vault-plugin",0,3.8.0,MODERATE,CWE-522 -CVE-2022-23110,2022-01-13T00:00:54Z,"Stored XSS vulnerability in Jenkins Publish Over SSH Plugin","org.jenkins-ci.plugins:publish-over-ssh",0,1.23,MODERATE,CWE-79 -CVE-2022-23111,2022-01-13T00:00:53Z,"CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin","org.jenkins-ci.plugins:publish-over-ssh",0,1.23,MODERATE,CWE-352 -CVE-2022-23112,2022-01-13T00:00:53Z,"Missing permission check in Jenkins Publish Over SSH Plugin","org.jenkins-ci.plugins:publish-over-ssh",0,1.24,MODERATE,CWE-862 -CVE-2022-23113,2022-01-13T00:00:53Z,"Path traversal vulnerability in Jenkins Publish Over SSH Plugin","org.jenkins-ci.plugins:publish-over-ssh",0,1.23,MODERATE,CWE-22 -CVE-2022-23114,2022-01-13T00:00:53Z,"Password stored in plain text by Jenkins Publish Over SSH Plugin","org.jenkins-ci.plugins:publish-over-ssh",0,1.23,LOW,CWE-522 -CVE-2022-23115,2022-01-13T00:00:53Z,"CSRF vulnerability in Jenkins batch task Plugin","org.jenkins-ci.plugins:batch-task",0,,MODERATE,CWE-352 -CVE-2022-23116,2022-01-13T00:00:52Z,"Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets","org.conjur.jenkins:conjur-credentials",0,1.0.10,MODERATE,CWE-311 -CVE-2022-23117,2022-01-13T00:00:53Z,"Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials","org.conjur.jenkins:conjur-credentials",0,1.0.10,MODERATE,CWE-269 -CVE-2022-23118,2022-01-13T00:00:52Z,"Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin","ru.yandex.jenkins.plugins.debuilder:debian-package-builder",0,,HIGH,CWE-269;CWE-668;CWE-693 -CVE-2022-23181,2022-02-01T00:45:44Z,"Race condition in Apache Tomcat",org.apache.tomcat:tomcat,0,8.5.75,HIGH,CWE-367 -CVE-2022-23181,2022-02-01T00:45:44Z,"Race condition in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0,10.0.16,HIGH,CWE-367 -CVE-2022-23181,2022-02-01T00:45:44Z,"Race condition in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0,9.0.58,HIGH,CWE-367 -CVE-2022-23221,2022-01-21T23:07:39Z,"Arbitrary code execution in H2 Console",com.h2database:h2,0,2.1.210,CRITICAL,CWE-88 -CVE-2022-23223,2022-01-28T22:13:57Z,"Password exposure in ShenYu","org.apache.shenyu:shenyu-common",2.4.0,2.4.2,HIGH,CWE-522 -CVE-2022-23302,2022-01-21T23:27:14Z,"Deserialization of Untrusted Data in Log4j 1.x","org.zenframework.z8.dependencies.commons:log4j-1.2.17",0,,HIGH,CWE-502 -CVE-2022-23302,2022-01-21T23:27:14Z,"Deserialization of Untrusted Data in Log4j 1.x",log4j:log4j,0,,HIGH,CWE-502 -CVE-2022-23305,2022-01-21T23:26:47Z,"SQL Injection in Log4j 1.2.x","org.zenframework.z8.dependencies.commons:log4j-1.2.17",0,,CRITICAL,CWE-89 -CVE-2022-23305,2022-01-21T23:26:47Z,"SQL Injection in Log4j 1.2.x",log4j:log4j,0,,CRITICAL,CWE-89 -CVE-2022-23307,2022-01-19T00:01:15Z,"Deserialization of Untrusted Data in Apache Log4j","org.zenframework.z8.dependencies.commons:log4j-1.2.17",0,,CRITICAL,CWE-502 -CVE-2022-23307,2022-01-19T00:01:15Z,"Deserialization of Untrusted Data in Apache Log4j",log4j:log4j,0,,CRITICAL,CWE-502 -CVE-2022-23315,2022-01-22T00:00:48Z,"Arbitrary file upload in Mingsoft MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434 -CVE-2022-23437,2022-01-27T16:13:07Z,"Infinite Loop in Apache Xerces Java",xerces:xercesImpl,0,2.12.2,MODERATE,CWE-91 -CVE-2022-23457,2022-04-27T21:09:43Z,"Path traversal in the OWASP Enterprise Security API",org.owasp.esapi:esapi,0,2.3.0.0,HIGH,CWE-22 -CVE-2022-23463,2022-09-25T00:00:15Z,"Nepxion Discovery vulnerable to SpEL Injection leading to Remote Code Execution",com.nepxion:discovery,0,,CRITICAL,CWE-917 -CVE-2022-23464,2022-09-25T00:00:15Z,"Nepxion Discovery vulnerable to potential Information Disclosure due to Server-Side Request Forgery ",com.nepxion:discovery,0,,MODERATE,CWE-918 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-beam",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-beam-sql",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-drill",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-elasticsearch",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-elasticsearch-8",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-flink",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-flink-table",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-hive",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-logparser",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-nifi-processors",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-snowflake",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23496,2022-12-08T15:52:54Z,"Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List","nl.basjes.parse.useragent:yauaa-trino",7.0.0,7.9.0,HIGH,CWE-755 -CVE-2022-23532,2023-01-13T21:28:46Z,"org.neo4j.procedure:apoc Path Traversal Vulnerability",org.neo4j.procedure:apoc,0,4.3.0.12,HIGH,CWE-22 -CVE-2022-23532,2023-01-13T21:28:46Z,"org.neo4j.procedure:apoc Path Traversal Vulnerability",org.neo4j.procedure:apoc,4.4.0.0,4.4.0.12,HIGH,CWE-22 -CVE-2022-23553,2024-08-05T21:18:58Z,"Alpine allows URL access filter bypass",us.springett:alpine,0,1.10.4,HIGH,CWE-863 -CVE-2022-23554,2024-08-05T21:18:58Z,"Alpine allows Authentication Filter bypass",us.springett:alpine,0,1.10.4,MODERATE,CWE-287;CWE-697 -CVE-2022-23596,2022-02-01T00:47:23Z,"Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive",com.github.junrar:junrar,0,7.4.1,HIGH,CWE-400;CWE-835 -CVE-2022-23615,2022-02-09T21:21:53Z,"Partial authorization bypass on document save in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",1.0,13.0,MODERATE,CWE-863 -CVE-2022-23616,2022-02-09T21:32:10Z,"Remote code execution in xwiki-platform","org.xwiki.platform:xwiki-platform-administration-ui",3.1-milestone-1,13.1RC1,HIGH,CWE-74 -CVE-2022-23617,2022-02-09T21:41:46Z,"Missing authorization in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",0,12.10.6,MODERATE,CWE-862 -CVE-2022-23617,2022-02-09T21:41:46Z,"Missing authorization in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",13.0,13.2-rc-1,MODERATE,CWE-862 -CVE-2022-23618,2022-02-09T21:42:47Z,"URL Redirection to Untrusted Site ('Open Redirect')","org.xwiki.platform:xwiki-platform-oldcore",0,12.10.7,MODERATE,CWE-601 -CVE-2022-23618,2022-02-09T21:42:47Z,"URL Redirection to Untrusted Site ('Open Redirect')","org.xwiki.platform:xwiki-platform-oldcore",13.0.0,13.3RC1,MODERATE,CWE-601 -CVE-2022-23619,2022-02-09T21:51:19Z,"Information exposure in xwiki-platform","org.xwiki.platform:xwiki-platform-web",0,12.10.9,MODERATE,CWE-200;CWE-640 -CVE-2022-23619,2022-02-09T21:51:19Z,"Information exposure in xwiki-platform","org.xwiki.platform:xwiki-platform-web",13.0.0,13.4.1,MODERATE,CWE-200;CWE-640 -CVE-2022-23619,2022-02-09T21:51:19Z,"Information exposure in xwiki-platform","org.xwiki.platform:xwiki-platform-web",13.5RC1,13.6RC1,MODERATE,CWE-200;CWE-640 -CVE-2022-23620,2022-02-09T21:53:29Z,"Path traversal in xwiki-platform-skin-skinx","org.xwiki.platform:xwiki-platform-skin-skinx",6.2-rc-1,13.6,MODERATE,CWE-116;CWE-22 -CVE-2022-23621,2022-02-09T21:56:05Z,"Missing authorization in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",0,12.10.9,MODERATE,CWE-552;CWE-862 -CVE-2022-23621,2022-02-09T21:56:05Z,"Missing authorization in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",13.0.0,13.4.3,MODERATE,CWE-552;CWE-862 -CVE-2022-23621,2022-02-09T21:56:05Z,"Missing authorization in xwiki-platform","org.xwiki.platform:xwiki-platform-oldcore",13.6-rc-1,13.7-rc-1,MODERATE,CWE-552;CWE-862 -CVE-2022-23622,2022-02-09T23:25:44Z,"Cross site scripting in registration template in xwiki-platform","org.xwiki.platform:xwiki-platform-web-templates",13.0.0,13.4.7,HIGH,CWE-79 -CVE-2022-23622,2022-02-09T23:25:44Z,"Cross site scripting in registration template in xwiki-platform","org.xwiki.platform:xwiki-platform-web-templates",13.10.0,13.10.3,HIGH,CWE-79 -CVE-2022-23622,2022-02-09T23:25:44Z,"Cross site scripting in registration template in xwiki-platform","org.xwiki.platform:xwiki-platform-web-templates",2.6.1,12.10.11,HIGH,CWE-79 -CVE-2022-23640,2022-03-02T21:30:54Z,"Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer","com.monitorjbl:xlsx-streamer",0,2.1.0,CRITICAL,CWE-611;CWE-776 -CVE-2022-23708,2022-03-04T00:00:15Z," Elasticsearch privilege escalation","org.elasticsearch:elasticsearch",7.16.0,7.17.1,MODERATE,CWE-269 -CVE-2022-23710,2022-03-04T00:00:15Z,"Withdrawn: Cross-site Scripting in Kibana","org.elasticsearch:elasticsearch",7.16.0,7.17.1,MODERATE,CWE-79 -CVE-2022-23712,2022-06-07T00:00:33Z,"Improper Check for Unusual or Exceptional Conditions in Elasticsearch","org.elasticsearch:elasticsearch",8.0.0,8.2.1,HIGH,CWE-754 -CVE-2022-23848,2022-02-21T00:00:19Z,"Command injection in Alluxio","org.alluxio:alluxio-core-common",0,2.7.3,CRITICAL, -CVE-2022-23898,2022-03-04T00:00:17Z,"SQL injection in net.mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-89 -CVE-2022-23899,2022-03-04T00:00:17Z,"SQL injection in net.mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-89 -CVE-2022-2390,2022-08-13T00:00:43Z,"Google Play Services SDK leads to apps having incorrectly set mutability flag","com.google.android.gms:play-services-basement",0,18.0.2,MODERATE,CWE-471 -CVE-2022-23913,2022-02-06T00:00:55Z,"Apache ActiveMQ Artemis Uncontrolled Resource Consumption (DoS)","org.apache.activemq:artemis-core-client",0,2.19.1,HIGH,CWE-400;CWE-770 -CVE-2022-23944,2022-01-28T22:13:44Z,"Missing authentication in ShenYu","org.apache.shenyu:shenyu-common",2.4.0,2.4.2,CRITICAL,CWE-306;CWE-862 -CVE-2022-23945,2022-01-28T22:14:11Z,"Missing authentication in ShenYu","org.apache.shenyu:shenyu-common",2.4.0,2.4.2,HIGH,CWE-306;CWE-862 -CVE-2022-23974,2022-04-06T00:01:28Z,"Logic error in Apache Pinot",org.apache.pinot:pinot,0,0.10.0,HIGH,CWE-674 -CVE-2022-24196,2022-02-02T00:01:45Z,"Allocation of Resources Without Limits or Throttling in iText",com.itextpdf:itext7-core,0,7.1.18,MODERATE,CWE-770 -CVE-2022-24197,2022-02-02T00:01:45Z,"Out-of-bounds Write in iText",com.itextpdf:itext7-core,0,7.1.18,MODERATE,CWE-787 -CVE-2022-24198,2022-02-02T00:01:45Z,"Out-of-bounds Read in iText",com.itextpdf:itext7-core,0,7.2.0,MODERATE,CWE-125 -CVE-2022-24280,2022-09-25T00:00:18Z,"Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint",org.apache.pulsar:pulsar,0,2.7.5,MODERATE,CWE-20 -CVE-2022-24280,2022-09-25T00:00:18Z,"Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint",org.apache.pulsar:pulsar,2.8.0,2.8.3,MODERATE,CWE-20 -CVE-2022-24280,2022-09-25T00:00:18Z,"Proxy component of Apache Pulsar subject to abuse as Denial of Service endpoint",org.apache.pulsar:pulsar,2.9.0,2.9.2,MODERATE,CWE-20 -CVE-2022-24289,2022-02-12T00:00:48Z,"Deserialization of untrusted data in Apache Cayenne","org.apache.cayenne:cayenne-server",0,4.1.1,HIGH,CWE-502 -CVE-2022-24329,2022-02-26T00:00:43Z,"Improper Locking in JetBrains Kotlin","org.jetbrains.kotlin:kotlin-stdlib",0,1.6.0,MODERATE,CWE-667;CWE-829 -CVE-2022-24434,2022-05-21T00:00:25Z,"Crash in HeaderParser in dicer",org.webjars.npm:dicer,0,,HIGH,CWE-248 -CVE-2022-24613,2022-02-25T00:01:05Z,"Improper Handling of Exceptional Conditions inn metadata-extractor","com.drewnoakes:metadata-extractor",0,2.18.0,MODERATE,CWE-755 -CVE-2022-24614,2022-02-25T00:01:05Z,"Allocation of Resources Without Limits or Throttling in metadata-extractor","com.drewnoakes:metadata-extractor",0,2.18.0,HIGH,CWE-770 -CVE-2022-24615,2022-02-25T00:01:04Z,"Uncaught Exception in zip4j",net.lingala.zip4j:zip4j,0,2.10.0,MODERATE,CWE-248;CWE-755 -CVE-2022-2466,2022-09-01T00:00:23Z,"Quarkus does not terminate HTTP requests header context","io.quarkus:quarkus-core-parent",2.10.0,2.10.4,CRITICAL,CWE-444 -CVE-2022-24697,2023-07-06T19:24:01Z,"Apache Kylin vulnerable to remote code execution","org.apache.kylin:kylin-core-common",0,4.0.2,CRITICAL,CWE-77 -CVE-2022-24697,2023-07-06T19:24:01Z,"Apache Kylin vulnerable to remote code execution","org.apache.kylin:kylin-server-base",0,4.0.2,CRITICAL,CWE-77 -CVE-2022-24697,2023-07-06T19:24:01Z,"Apache Kylin vulnerable to remote code execution","org.apache.kylin:kylin-spark-project",0,4.0.2,CRITICAL,CWE-77 -CVE-2022-24721,2022-03-15T19:02:36Z,"Improper Authorization in org.cometd.oort","org.cometd.java:cometd-java-oort",0,5.0.11,HIGH,CWE-863 -CVE-2022-24721,2022-03-15T19:02:36Z,"Improper Authorization in org.cometd.oort","org.cometd.java:cometd-java-oort",6.0.0,6.0.6,HIGH,CWE-863 -CVE-2022-24721,2022-03-15T19:02:36Z,"Improper Authorization in org.cometd.oort","org.cometd.java:cometd-java-oort",7.0.0,7.0.6,HIGH,CWE-863 -CVE-2022-24816,2023-09-19T20:35:16Z,"Improper Control of Generation of Code ('Code Injection') in jai-ext","it.geosolutions.jaiext.jiffle:jt-jiffle",0,1.1.22,CRITICAL,CWE-94 -CVE-2022-24816,2023-09-19T20:35:16Z,"Improper Control of Generation of Code ('Code Injection') in jai-ext","it.geosolutions.jaiext.jiffle:jt-jiffle-language",0,1.1.22,CRITICAL,CWE-94 -CVE-2022-24819,2022-04-08T21:53:38Z,"Unauthenticated user can retrieve the list of users through uorgsuggest.vm","org.xwiki.platform:xwiki-platform-web-templates",0,12.10.11,MODERATE,CWE-359 -CVE-2022-24819,2022-04-08T21:53:38Z,"Unauthenticated user can retrieve the list of users through uorgsuggest.vm","org.xwiki.platform:xwiki-platform-web-templates",13.0.0,13.4.4,MODERATE,CWE-359 -CVE-2022-24819,2022-04-08T21:53:38Z,"Unauthenticated user can retrieve the list of users through uorgsuggest.vm","org.xwiki.platform:xwiki-platform-web-templates",13.5.0,13.9,MODERATE,CWE-359 -CVE-2022-24820,2022-04-08T22:00:54Z,"Unauthenticated user can list hidden document from multiple velocity templates in XWiki","org.xwiki.platform:xwiki-platform-web",0,12.10.11,MODERATE,CWE-200;CWE-306;CWE-359 -CVE-2022-24820,2022-04-08T22:00:54Z,"Unauthenticated user can list hidden document from multiple velocity templates in XWiki","org.xwiki.platform:xwiki-platform-web",13.0.0,13.4.4,MODERATE,CWE-200;CWE-306;CWE-359 -CVE-2022-24820,2022-04-08T22:00:54Z,"Unauthenticated user can list hidden document from multiple velocity templates in XWiki","org.xwiki.platform:xwiki-platform-web",13.5.0,13.9,MODERATE,CWE-200;CWE-306;CWE-359 -CVE-2022-24821,2022-04-08T21:59:04Z,"Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx","org.xwiki.platform:xwiki-platform-skin-skinx",0,12.10.11,MODERATE,CWE-648 -CVE-2022-24821,2022-04-08T21:59:04Z,"Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx","org.xwiki.platform:xwiki-platform-skin-skinx",13.0.0,13.4.6,MODERATE,CWE-648 -CVE-2022-24821,2022-04-08T21:59:04Z,"Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx","org.xwiki.platform:xwiki-platform-skin-skinx",13.5.0,13.10,MODERATE,CWE-648 -CVE-2022-24823,2022-05-10T08:46:50Z,"Local Information Disclosure Vulnerability in io.netty:netty-codec-http","io.netty:netty-codec-http",0,4.1.77.Final,MODERATE,CWE-378;CWE-379;CWE-668 -CVE-2022-24827,2022-04-08T22:43:17Z,"SQL Injection in elide-datastore-aggregation","com.yahoo.elide:elide-datastore-aggregation",6.1.3,6.1.4,HIGH,CWE-89 -CVE-2022-24839,2023-06-22T19:58:54Z,"org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption",org.nokogiri:nekohtml,0,1.9.22.noko2,HIGH,CWE-400 -CVE-2022-24847,2022-04-22T20:39:10Z,"Improper Input Validation in GeoServer",org.geoserver:gs-main,0,2.19.6,HIGH,CWE-20;CWE-917 -CVE-2022-24847,2022-04-22T20:39:10Z,"Improper Input Validation in GeoServer",org.geoserver:gs-main,2.20.0,2.20.4,HIGH,CWE-20;CWE-917 -CVE-2022-24881,2022-04-27T21:05:15Z,"ballcat-codegen template engine remote code execution injection","com.hccake:ballcat-codegen",0,1.0.0.beta.2,HIGH,CWE-20;CWE-78 -CVE-2022-24891,2022-04-27T21:09:46Z,"Cross-site Scripting in org.owasp.esapi:esapi",org.owasp.esapi:esapi,0,2.3.0.0,MODERATE,CWE-79 -CVE-2022-24897,2022-04-28T21:16:40Z,"Arbitrary filesystem write access from velocity.","org.xwiki.commons:xwiki-commons-velocity",12.7.0,12.10.3,HIGH,CWE-22;CWE-668 -CVE-2022-24897,2022-04-28T21:16:40Z,"Arbitrary filesystem write access from velocity.","org.xwiki.commons:xwiki-commons-velocity",2.3.0,12.6.7,HIGH,CWE-22;CWE-668 -CVE-2022-24898,2022-04-28T19:31:55Z,"Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml","org.xwiki.commons:xwiki-commons-xml",13.0.0,13.4.4,MODERATE,CWE-611 -CVE-2022-24898,2022-04-28T19:31:55Z,"Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml","org.xwiki.commons:xwiki-commons-xml",13.5-rc-1,13.8-rc-1,MODERATE,CWE-611 -CVE-2022-24898,2022-04-28T19:31:55Z,"Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml","org.xwiki.commons:xwiki-commons-xml",2.7,12.10.10,MODERATE,CWE-611 -CVE-2022-24913,2023-01-12T06:30:24Z,"Java Merge-sort Insecure Temporary File vulnerability","com.fasterxml.util:java-merge-sort",0,1.1.0,MODERATE,CWE-377;CWE-668 -CVE-2022-24947,2022-02-26T00:00:44Z,"Cross Site Request Forgery in Apache JSPWiki","org.apache.jspwiki:jspwiki-main",0,2.11.2,HIGH,CWE-352 -CVE-2022-24948,2022-02-26T00:00:44Z,"Cross-site Scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-main",0,2.11.2,MODERATE,CWE-79 -CVE-2022-24969,2022-06-10T00:00:56Z,"Server-side request forgery in Apache Dubbo",com.alibaba:dubbo,2.5.0,2.6.12,MODERATE,CWE-601;CWE-918 -CVE-2022-24969,2022-06-10T00:00:56Z,"Server-side request forgery in Apache Dubbo",org.apache.dubbo:dubbo,2.5.0,2.7.15,MODERATE,CWE-601;CWE-918 -CVE-2022-25167,2022-06-15T00:00:24Z,"Remote Code Execution in Apache Flume","org.apache.flume.flume-ng-sources:flume-jms-source",1.4.0,1.10.0,HIGH, -CVE-2022-25168,2022-08-05T00:00:24Z,"Apache Hadoop argument injection vulnerability","org.apache.hadoop:hadoop-common",2.0.0,2.10.2,CRITICAL,CWE-78;CWE-88 -CVE-2022-25168,2022-08-05T00:00:24Z,"Apache Hadoop argument injection vulnerability","org.apache.hadoop:hadoop-common",3.0.0-alpha,3.2.4,CRITICAL,CWE-78;CWE-88 -CVE-2022-25168,2022-08-05T00:00:24Z,"Apache Hadoop argument injection vulnerability","org.apache.hadoop:hadoop-common",3.3.0,3.3.3,CRITICAL,CWE-78;CWE-88 -CVE-2022-25169,2022-05-17T00:00:36Z,"Apache Tika vulnerable to uncontrolled memory consumption",org.apache.tika:tika,0,1.28.2,MODERATE,CWE-400;CWE-770 -CVE-2022-25169,2022-05-17T00:00:36Z,"Apache Tika vulnerable to uncontrolled memory consumption",org.apache.tika:tika,2.0.0,2.4.0,MODERATE,CWE-400;CWE-770 -CVE-2022-25173,2022-02-16T00:01:37Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.92.1,HIGH,CWE-78 -CVE-2022-25173,2022-02-16T00:01:37Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",2.93,2.94.1,HIGH,CWE-78 -CVE-2022-25173,2022-02-16T00:01:37Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",2646.v6ed3b5b01ff1,2656.vf7a,HIGH,CWE-78 -CVE-2022-25174,2022-02-16T00:01:36Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,2.18.1,HIGH,CWE-78 -CVE-2022-25174,2022-02-16T00:01:36Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",2.19,2.21.1,HIGH,CWE-78 -CVE-2022-25174,2022-02-16T00:01:36Z,"Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",544.vff04fa68714d,561.va,HIGH,CWE-78 -CVE-2022-25175,2022-02-16T00:01:36Z,"Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection","org.jenkins-ci.plugins.workflow:workflow-multibranch",0,707.v71c3f0a_6ccdb,HIGH,CWE-78 -CVE-2022-25176,2022-02-16T00:01:34Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2.92.1,MODERATE,CWE-59 -CVE-2022-25176,2022-02-16T00:01:34Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",2.93,2.94.1,MODERATE,CWE-59 -CVE-2022-25176,2022-02-16T00:01:34Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",2.95,2648.2651.v230593e03e9f,MODERATE,CWE-59 -CVE-2022-25177,2022-02-16T00:01:35Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,2.18.1,MODERATE,CWE-59 -CVE-2022-25177,2022-02-16T00:01:35Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",2.19,2.21.1,MODERATE,CWE-59 -CVE-2022-25177,2022-02-16T00:01:35Z,"Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",2.22,561.va_ce0de3c2d69,MODERATE,CWE-59 -CVE-2022-25178,2022-02-16T00:01:33Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,2.18.1,MODERATE,CWE-22 -CVE-2022-25178,2022-02-16T00:01:33Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",2.19,2.21.1,MODERATE,CWE-22 -CVE-2022-25178,2022-02-16T00:01:33Z,"Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",2.22,561.va_ce0de3c2d69,MODERATE,CWE-22 -CVE-2022-25179,2022-02-16T00:01:33Z,"Link Following in Jenkins Pipeline Multibranch Plugin","org.jenkins-ci.plugins.workflow:workflow-multibranch",0,2.23.1,MODERATE,CWE-59 -CVE-2022-25179,2022-02-16T00:01:33Z,"Link Following in Jenkins Pipeline Multibranch Plugin","org.jenkins-ci.plugins.workflow:workflow-multibranch",2.24,2.26.1,MODERATE,CWE-59 -CVE-2022-25179,2022-02-16T00:01:33Z,"Link Following in Jenkins Pipeline Multibranch Plugin","org.jenkins-ci.plugins.workflow:workflow-multibranch",696.v52535c46f4c9,696.698.v9b4218eea50f,MODERATE,CWE-59 -CVE-2022-25179,2022-02-16T00:01:33Z,"Link Following in Jenkins Pipeline Multibranch Plugin","org.jenkins-ci.plugins.workflow:workflow-multibranch",706.vd43c65dec013,707.v71c3f0a,MODERATE,CWE-59 -CVE-2022-25180,2022-02-16T00:01:32Z,"Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins.workflow:workflow-cps",0,2656.vf7a_e7b_75a_457,MODERATE,CWE-319;CWE-522 -CVE-2022-25181,2022-02-16T00:01:32Z,"Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,561.va_ce0de3c2d69,HIGH,CWE-693 -CVE-2022-25182,2022-02-16T00:01:31Z,"Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,561.va_ce0de3c2d69,HIGH,CWE-693 -CVE-2022-25183,2022-02-16T00:01:31Z,"Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,561.va_ce0de3c2d69,HIGH,CWE-693 -CVE-2022-25184,2022-02-16T00:01:29Z,"Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin","org.jenkins-ci.plugins:pipeline-build-step",0,2.15.1,MODERATE,CWE-522 -CVE-2022-25185,2022-02-16T00:01:29Z,"Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin","org.jenkins-ci.plugins:generic-webhook-trigger",0,1.82,MODERATE,CWE-79 -CVE-2022-25186,2022-02-16T00:01:28Z,"Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin","com.datapipe.jenkins.plugins:hashicorp-vault-plugin",0,336.v182c0fbaaeb7,LOW,CWE-693 -CVE-2022-25187,2022-02-16T00:01:28Z,"Jenkins Support Core Plugin stores sensitive data in plain text","org.jenkins-ci.plugins:support-core",0,2.79.1,MODERATE,CWE-212;CWE-312;CWE-522 -CVE-2022-25188,2022-02-16T00:01:27Z,"Path traversal vulnerability in Jenkins Fortify Plugin","org.jenkins-ci.plugins:fortify",0,20.2.35,MODERATE,CWE-22 -CVE-2022-25189,2022-02-16T00:01:27Z,"Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin","io.jenkins.plugins:custom-checkbox-parameter",0,1.2,HIGH,CWE-79 -CVE-2022-25190,2022-02-16T00:01:26Z,"Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs","org.conjur.jenkins:conjur-credentials",0,1.0.12,MODERATE,CWE-862 -CVE-2022-25191,2022-02-16T00:01:26Z,"Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin","io.jenkins.plugins:agent-server-parameter",0,1.1,HIGH,CWE-79 -CVE-2022-25192,2022-02-16T00:01:25Z,"Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery","io.jenkins.plugins:embotics-vcommander",0,,MODERATE,CWE-352 -CVE-2022-25193,2022-02-16T00:01:24Z,"Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization","io.jenkins.plugins:embotics-vcommander",0,2.0,MODERATE,CWE-862 -CVE-2022-25194,2022-02-16T00:01:23Z,"CSRF vulnerability in Jenkins autonomiq plugin","io.jenkins.plugins:autonomiq",0,1.16,HIGH,CWE-352 -CVE-2022-25195,2022-02-16T00:01:23Z,"Missing permission check in Jenkins autonomiq Plugin","io.jenkins.plugins:autonomiq",0,1.16,MODERATE,CWE-862 -CVE-2022-25196,2022-02-16T00:01:22Z,"Open redirect vulnerability in Jenkins GitLab Authentication Plugin","org.jenkins-ci.plugins:gitlab-oauth",0,,MODERATE,CWE-601 -CVE-2022-25197,2022-02-16T00:01:21Z,"Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files","com.datapipe.jenkins.plugins:hashicorp-vault-plugin",0,351.vdb_f83a_1c6a_9d,MODERATE,CWE-693 -CVE-2022-25198,2022-02-16T00:01:22Z,"CSRF vulnerability in Jenkins SCP publisher Plugin","org.jenkins-ci.plugins:scp",0,,HIGH,CWE-352 -CVE-2022-25199,2022-02-16T00:01:20Z,"Missing permission check in Jenkins SCP publisher Plugin","org.jenkins-ci.plugins:scp",0,,HIGH,CWE-862 -CVE-2022-25200,2022-02-16T00:01:20Z,"CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials","com.checkmarx.jenkins:checkmarx",0,2022.1.3,MODERATE,CWE-352 -CVE-2022-25201,2022-02-16T00:01:19Z,"Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials","com.checkmarx.jenkins:checkmarx",0,2022.1.3,MODERATE,CWE-862 -CVE-2022-25202,2022-02-16T00:01:19Z,"Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) Plugin","org.jenkins-ci.plugins:promoted-builds-simple",0,,MODERATE,CWE-79 -CVE-2022-25203,2022-02-16T00:01:18Z,"Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin","com.sonymobile.jenkins.plugins.teamviews:team-views",0,,MODERATE,CWE-79 -CVE-2022-25204,2022-02-16T00:01:18Z,"Protection Mechanism Failure in Jenkins Doktor Plugin","by.dev.madhead.doktor:doktor",0,,MODERATE, -CVE-2022-25205,2022-02-16T00:01:17Z,"Cross-Site Request Forgery in Jenkins dbCharts Plugin","org.jenkins-ci.plugins:dbCharts",0,,HIGH,CWE-352 -CVE-2022-25206,2022-02-16T00:01:16Z,"Missing Authorization in Jenkins dbCharts Plugin","org.jenkins-ci.plugins:dbCharts",0,,HIGH,CWE-862 -CVE-2022-25207,2022-02-16T00:01:15Z,"CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE","org.jenkins-ci.plugins:sinatra-chef-builder",0,,HIGH,CWE-352 -CVE-2022-25208,2022-02-16T00:01:15Z,"Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE","org.jenkins-ci.plugins:sinatra-chef-builder",0,,HIGH,CWE-862 -CVE-2022-25209,2022-02-16T00:01:14Z,"Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra","org.jenkins-ci.plugins:sinatra-chef-builder",0,,HIGH,CWE-611 -CVE-2022-25210,2022-02-16T00:01:14Z,"Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin","com.convertigo.jenkins.plugins:convertigo-mobile-platform",0,,LOW,CWE-662;CWE-820 -CVE-2022-25211,2022-02-16T00:01:13Z,"Missing permission check in Jenkins SWAMP Plugin allows capturing credentials","org.continuousassurance.swamp.jenkins:swamp",0,,MODERATE,CWE-862 -CVE-2022-25212,2022-02-16T00:01:12Z,"CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials","org.continuousassurance.swamp.jenkins:swamp",0,,MODERATE,CWE-352 -CVE-2022-25312,2022-03-06T00:00:17Z,"Improper Restriction of XML External Entity Reference in Any23","org.apache.any23:apache-any23",0,2.7,CRITICAL,CWE-611 -CVE-2022-25598,2022-03-31T00:00:23Z,"Uncontrolled Resource Consumption in Apache DolphinScheduler","org.apache.dolphinscheduler:dolphinscheduler",0,2.0.5,HIGH,CWE-1333;CWE-400 -CVE-2022-25645,2022-05-03T00:00:45Z,"Prototype Pollution in dset",org.webjars.npm:dset,0,3.1.2,MODERATE,CWE-1321 -CVE-2022-25647,2022-05-03T00:00:44Z,"Deserialization of Untrusted Data in Gson","com.google.code.gson:gson",0,2.8.9,HIGH,CWE-502 -CVE-2022-2576,2022-07-30T00:00:35Z,"Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch","org.eclipse.californium:californium-core",2.0.0,2.7.3,HIGH,CWE-408 -CVE-2022-2576,2022-07-30T00:00:35Z,"Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch","org.eclipse.californium:californium-core",3.0.0,3.6.0,HIGH,CWE-408 -CVE-2022-25762,2022-05-14T00:01:50Z,"Improper socket reuse in Apache Tomcat",org.apache.tomcat:tomcat,8.5.0,8.5.75,HIGH,CWE-404 -CVE-2022-25762,2022-05-14T00:01:50Z,"Improper socket reuse in Apache Tomcat",org.apache.tomcat:tomcat,9.0.0M1,9.0.20,HIGH,CWE-404 -CVE-2022-25767,2022-05-03T00:00:44Z,"Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console","com.bstek.ureport:ureport2-console",0,,CRITICAL,CWE-502;CWE-94 -CVE-2022-25842,2022-05-03T00:00:44Z,"Path Traversal in com.alibaba.oneagent:one-java-agent-plugin","com.alibaba.oneagent:one-java-agent-plugin",0,0.0.2,MODERATE,CWE-22;CWE-29 -CVE-2022-25845,2022-06-11T00:00:17Z,"Unsafe deserialization in com.alibaba:fastjson",com.alibaba:fastjson,1.2.25,1.2.83,HIGH,CWE-502 -CVE-2022-25857,2022-08-31T00:00:24Z,"Uncontrolled Resource Consumption in snakeyaml",org.yaml:snakeyaml,0,1.31,HIGH,CWE-400;CWE-776 -CVE-2022-25867,2022-08-03T00:00:57Z,"Socket.IO-client Java before 2.0.1 vulnerable to NULL Pointer Dereference","io.socket:socket.io-client",0,2.0.1,HIGH,CWE-476 -CVE-2022-25873,2022-09-19T00:00:28Z,"Vuetify Cross-site Scripting vulnerability",org.webjars.npm:vuetify,2.0.0-beta.4,2.6.10,MODERATE,CWE-79 -CVE-2022-25881,2023-01-31T06:30:26Z,"http-cache-semantics vulnerable to Regular Expression Denial of Service","org.webjars.npm:http-cache-semantics",0,4.1.1,HIGH,CWE-1333 -CVE-2022-25894,2023-01-26T21:30:25Z,"Remote Code Execution in com.bstek.uflo:uflo-core",com.bstek.uflo:uflo-core,0,,CRITICAL,CWE-94 -CVE-2022-25897,2022-09-15T03:35:46Z,"Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)","org.eclipse.milo:sdk-server",0,0.6.8,HIGH,CWE-770 -CVE-2022-25901,2023-01-18T06:31:03Z,"cookiejar Regular Expression Denial of Service via Cookie.parse function","org.webjars.npm:cookiejar",0,,MODERATE,CWE-1333 -CVE-2022-25914,2022-09-09T00:00:57Z,"com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)","com.google.cloud.tools:jib-core",0,0.22.0,CRITICAL, -CVE-2022-25940,2022-12-20T06:30:36Z,"lite-server vulnerable to Denial of Service","org.webjars.npm:lite-server",0,,HIGH,CWE-400 -CVE-2022-26049,2022-09-12T00:00:33Z,"Goomph before 3.37.2 allows malicious zip file to write contents to arbitrary locations","com.diffplug.gradle:goomph",0,3.37.2,HIGH,CWE-22 -CVE-2022-26112,2022-09-25T00:00:26Z,"Apache Pinot has Groovy Function support enabled by default",org.apache.pinot:pinot,0,0.11.0,CRITICAL, -CVE-2022-26336,2022-03-05T00:00:44Z,"Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad","org.apache.poi:poi-scratchpad",3.8-beta1,5.2.1,MODERATE,CWE-20;CWE-770 -CVE-2022-26477,2022-06-28T00:00:48Z,"SystemDS CPU exhaustion vulnerability","org.apache.systemds:systemds",0,2.2.2,HIGH,CWE-400 -CVE-2022-26520,2022-03-11T00:02:02Z,"Path traversal in org.postgresql:postgresql","org.postgresql:postgresql",42.1.0,42.3.3,LOW, -CVE-2022-26585,2022-04-06T00:01:35Z,"SQL injection in net.mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,,HIGH, -CVE-2022-26612,2022-04-08T00:00:21Z,"Path traversal in Hadoop","org.apache.hadoop:hadoop-common",0,3.2.3,CRITICAL,CWE-22 -CVE-2022-26650,2022-05-18T00:00:47Z,"Regular expression denial of service in Apache ShenYu","org.apache.shenyu:shenyu-bootstrap",2.4.0,2.4.3,HIGH,CWE-1333;CWE-862 -CVE-2022-26650,2022-05-18T00:00:47Z,"Regular expression denial of service in Apache ShenYu",org.apache.shenyu:shenyu,2.4.0,2.4.3,HIGH,CWE-1333;CWE-862 -CVE-2022-2668,2022-09-23T16:32:32Z,"Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console","org.keycloak:keycloak-parent",0,19.0.2,HIGH, -CVE-2022-26850,2022-06-20T22:33:41Z,"Insufficiently Protected Credentials via Insecure Temporary File in org.apache.nifi:nifi-single-user-utils","org.apache.nifi:nifi-single-user-utils",0,1.16,MODERATE,CWE-522 -CVE-2022-26884,2022-10-28T12:00:33Z,"Apache DolphinScheduler vulnerable to Path Traversal","org.apache.dolphinscheduler:dolphinscheduler",0,2.0.6,MODERATE,CWE-22 -CVE-2022-26885,2022-11-24T18:30:28Z,"Apache Dolphin Scheduler has insufficiently protected credentials ","org.apache.dolphinscheduler:dolphinscheduler-common",0,2.0.6,HIGH,CWE-522 -CVE-2022-2712,2023-01-27T12:30:29Z,"Path Traversal In Eclipse GlassFish","org.glassfish.main.web:web",5.1.0,7.0.0,MODERATE,CWE-22 -CVE-2022-27166,2022-08-05T00:00:31Z,"Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp","org.apache.jspwiki:jspwiki-main",0,2.11.3,MODERATE,CWE-79 -CVE-2022-27195,2022-03-16T00:00:45Z,"Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin","org.jenkins-ci.plugins:parameterized-trigger",0,2.43.1,LOW,CWE-532 -CVE-2022-27196,2022-03-16T00:00:45Z,"Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin","org.jvnet.hudson.plugins:favorite",0,2.4.1,MODERATE,CWE-79 -CVE-2022-27197,2022-03-16T00:00:45Z,"Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin","org.jenkins-ci.plugins:dashboard-view",0,2.18.1,MODERATE,CWE-79 -CVE-2022-27198,2022-03-16T00:00:44Z,"CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin","org.jenkins-ci.plugins:aws-credentials",0,,HIGH,CWE-352 -CVE-2022-27199,2022-03-16T00:00:44Z,"Missing permission checks in AWS Credentials Plugin ","org.jenkins-ci.plugins:aws-credentials",0,191.vcb_f183ce58b_9,MODERATE,CWE-276;CWE-862 -CVE-2022-27200,2022-03-16T00:00:44Z,"Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin","io.jenkins.plugins:folder-auth",0,1.4,MODERATE,CWE-79 -CVE-2022-27201,2022-03-16T00:00:45Z,"Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin","org.jenkins-ci.plugins:semantic-versioning-plugin",0,1.14,HIGH,CWE-611;CWE-918 -CVE-2022-27202,2022-03-16T00:00:44Z,"Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin","org.jenkins-ci.plugins:extended-choice-parameter",0,,HIGH,CWE-79 -CVE-2022-27203,2022-03-16T00:00:44Z,"Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin","org.jenkins-ci.plugins:extended-choice-parameter",0,,MODERATE,CWE-22 -CVE-2022-27204,2022-03-16T00:00:44Z,"CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF","org.jenkins-ci.plugins:extended-choice-parameter",0,356.va_90a_94ca_62ec,MODERATE,CWE-352 -CVE-2022-27205,2022-03-16T00:00:43Z,"CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF","org.jenkins-ci.plugins:extended-choice-parameter",0,,MODERATE,CWE-276;CWE-862 -CVE-2022-27206,2022-03-16T00:00:43Z,"Client Secret stored in plain text by Jenkins GitLab Authentication Plugin","org.jenkins-ci.plugins:gitlab-oauth",0,1.14,LOW,CWE-311;CWE-522 -CVE-2022-27207,2022-03-16T00:00:43Z,"Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin","org.jenkins-ci.plugins:global-build-stats",0,,MODERATE,CWE-79 -CVE-2022-27208,2022-03-16T00:00:42Z,"Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin","org.jenkins-ci.plugins:kubernetes-cd",0,,MODERATE,CWE-22 -CVE-2022-27209,2022-03-16T00:00:43Z,"Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:kubernetes-cd",0,,MODERATE,CWE-862 -CVE-2022-27210,2022-03-16T00:00:43Z,"CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials","org.jenkins-ci.plugins:kubernetes-cd",0,,HIGH,CWE-352 -CVE-2022-27211,2022-03-16T00:00:42Z,"CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials","org.jenkins-ci.plugins:kubernetes-cd",0,,HIGH,CWE-862 -CVE-2022-27212,2022-03-16T00:00:43Z,"Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin","org.jenkins-ci.plugins:list-git-branches-parameter",0,,MODERATE,CWE-79 -CVE-2022-27213,2022-03-16T00:00:42Z,"Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin","io.jenkins.plugins:environment-dashboard",0,,HIGH,CWE-79 -CVE-2022-27214,2022-03-16T00:00:43Z,"CSRF vulnerability in Jenkins Release Helper Plugin","org.jenkins-ci.plugins:release-helper",0,,MODERATE,CWE-352 -CVE-2022-27215,2022-03-16T00:00:42Z,"Missing permission checks in Jenkins Release Helper Plugin","org.jenkins-ci.plugins:release-helper",0,,MODERATE,CWE-281;CWE-862 -CVE-2022-27216,2022-03-16T00:00:43Z,"Passwords stored in plain text by Jenkins dbCharts Plugin","org.jenkins-ci.plugins:dbCharts",0,,MODERATE,CWE-522 -CVE-2022-27217,2022-03-16T00:00:43Z,"Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin","com.vmware.vcac:vmware-vrealize-codestream",0,,MODERATE,CWE-522 -CVE-2022-27218,2022-03-16T00:00:42Z,"Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin","com.incapptic.plugins:incapptic-connect-uploader",0,,MODERATE,CWE-256;CWE-522 -CVE-2022-27340,2022-04-23T00:03:01Z,"Cross Site Request Forgery in Mingsoft MCMS",net.mingsoft:ms-mcms,0,,HIGH,CWE-352 -CVE-2022-27772,2022-07-11T20:59:02Z,"Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot","org.springframework.boot:spring-boot",0,2.2.11.RELEASE,HIGH,CWE-377;CWE-379;CWE-668 -CVE-2022-27820,2022-03-25T00:00:34Z,"Improper Certificate Validation in OWASP ZAP",org.zaproxy:zap,0,,MODERATE,CWE-295 -CVE-2022-28108,2022-04-20T00:00:34Z,"Selenium Server (Grid) CSRF","org.seleniumhq.selenium:selenium-grid",0,4.0.0,HIGH,CWE-352 -CVE-2022-28108,2022-04-20T00:00:34Z,"Selenium Server (Grid) CSRF","org.seleniumhq.selenium:selenium-server",0,4.0.0,HIGH,CWE-352 -CVE-2022-28111,2022-05-05T00:00:25Z,"MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter","com.github.pagehelper:pagehelper",3.5.0,5.3.1,CRITICAL,CWE-89 -CVE-2022-28133,2022-03-30T00:00:26Z,"Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin","io.jenkins.plugins:atlassian-bitbucket-server-integration",2.0.0,3.2.0,MODERATE,CWE-79 -CVE-2022-28134,2022-03-30T00:00:25Z,"Missing permission checks in Jekins Bitbucket Server Integration Plugin","io.jenkins.plugins:atlassian-bitbucket-server-integration",0,3.2.0,MODERATE,CWE-862 -CVE-2022-28135,2022-03-30T00:00:25Z,"Plaintext storage in Jenkins instant-messaging Plugin","org.jvnet.hudson.plugins:instant-messaging",0,1.42,MODERATE,CWE-256;CWE-522 -CVE-2022-28136,2022-03-30T00:00:25Z,"CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin","org.jenkins-ci.plugins:JiraTestResultReporter",0,166.v0cc6208295b5,HIGH,CWE-352 -CVE-2022-28137,2022-03-30T00:00:25Z,"Missing permission check in Jenkins JiraTestResultReporter Plugin","org.jenkins-ci.plugins:JiraTestResultReporter",0,166.v0cc6208295b5,MODERATE,CWE-732;CWE-862 -CVE-2022-28138,2022-03-30T00:00:25Z,"CSRF vulnerability in Jenkins RocketChat Notifier Plugin","org.jenkins-ci.plugins:rocketchatnotifier",0,1.5.0,MODERATE,CWE-352 -CVE-2022-28139,2022-03-30T00:00:25Z,"Missing permission check in Jenkins RocketChat Notifier Plugin","org.jenkins-ci.plugins:rocketchatnotifier",0,1.5.0,MODERATE,CWE-862 -CVE-2022-28140,2022-03-30T00:00:25Z,"XXE vulnerability in Jenkins Flaky Test Handler Plugin","org.jenkins-ci.plugins:flaky-test-handler",0,1.2.2,HIGH,CWE-611 -CVE-2022-28141,2022-03-30T00:00:25Z,"Password stored in plain text by Jenkins Proxmox Plugin","org.jenkins-ci.plugins:proxmox",0,0.6.0,MODERATE,CWE-522 -CVE-2022-28142,2022-03-30T00:00:27Z,"SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin","org.jenkins-ci.plugins:proxmox",0,0.7.0,MODERATE,CWE-295 -CVE-2022-28143,2022-03-30T00:00:24Z,"CSRF vulnerability in Proxmox Plugin ","org.jenkins-ci.plugins:proxmox",0,0.7.1,MODERATE,CWE-352 -CVE-2022-28144,2022-03-30T00:00:24Z,"Missing permission checks in Jenkins Proxmox Plugin ","org.jenkins-ci.plugins:proxmox",0,0.7.1,MODERATE,CWE-862 -CVE-2022-28145,2022-03-30T00:00:24Z,"Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin","org.jenkins-ci.plugins:ci-with-toad-edge",0,2.4,HIGH,CWE-79 -CVE-2022-28146,2022-03-30T00:00:26Z,"Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin","org.jenkins-ci.plugins:ci-with-toad-edge",0,2.4,MODERATE,CWE-22 -CVE-2022-28147,2022-03-30T00:00:23Z,"Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin","org.jenkins-ci.plugins:ci-with-toad-edge",0,2.4,MODERATE,CWE-281;CWE-862 -CVE-2022-28148,2022-03-30T00:00:23Z,"Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin","org.jenkins-ci.plugins:ci-with-toad-edge",0,2.4,MODERATE,CWE-22 -CVE-2022-28149,2022-03-30T00:00:23Z,"Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin","com.synopsys.jenkinsci:ownership",0,,HIGH,CWE-79 -CVE-2022-28150,2022-03-30T00:00:23Z,"Cross site request forgery in Jenkins Job and Node ownership Plugin","com.synopsys.jenkinsci:ownership",0,,HIGH,CWE-352 -CVE-2022-28151,2022-03-30T00:00:23Z,"Missing permission check in Jenkins Job and Node ownership Plugin","com.synopsys.jenkinsci:ownership",0,,MODERATE,CWE-862 -CVE-2022-28152,2022-03-30T00:00:23Z,"CSRF vulnerability in Jenkins Job and Node ownership Plugin","com.synopsys.jenkinsci:ownership",0,,MODERATE,CWE-352 -CVE-2022-28153,2022-03-30T00:00:23Z,"Cross-site Scripting in Jenkins SiteMonitor Plugin","org.jvnet.hudson.plugins:sitemonitor",0,,MODERATE,CWE-79 -CVE-2022-28154,2022-03-30T00:00:23Z,"enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability","org.jenkins-ci.plugins:covcomplplot",0,,HIGH,CWE-611 -CVE-2022-28155,2022-03-30T00:00:26Z,"XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin","com.surenpi.jenkins:phoenix-autotest",0,,HIGH,CWE-611 -CVE-2022-28156,2022-03-30T00:00:24Z,"Path traversal in Jenkins Phoenix AutoTest Plugin","com.surenpi.jenkins:phoenix-autotest",0,,MODERATE,CWE-22 -CVE-2022-28157,2022-03-30T00:00:22Z,"Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin","com.surenpi.jenkins:phoenix-autotest",0,,MODERATE,CWE-22 -CVE-2022-28158,2022-03-30T00:00:21Z,"Missing permission Jenkins Pipeline Phoenix AutoTest Plugin","com.surenpi.jenkins:phoenix-autotest",0,,MODERATE,CWE-862 -CVE-2022-28159,2022-03-30T00:00:21Z,"Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin","org.jenkins-ci.plugins:selected-tests-executor",0,,MODERATE,CWE-79 -CVE-2022-28160,2022-03-30T00:00:21Z,"Arbitrary file read vulnerability in Jenkins Tests Selector Plugin","org.jenkins-ci.plugins:selected-tests-executor",0,,MODERATE,CWE-668 -CVE-2022-28220,2022-09-09T00:00:57Z,"Apache James vulnerable to buffering attack","org.apache.james:james-server",0,3.6.3,HIGH,CWE-77 -CVE-2022-28220,2022-09-09T00:00:57Z,"Apache James vulnerable to buffering attack","org.apache.james:james-server",3.7.0,3.7.1,HIGH,CWE-77 -CVE-2022-28366,2022-04-23T00:03:04Z,"Denial of service in HtmlUnit-Neko","net.sourceforge.htmlunit:neko-htmlunit",0,2.27,HIGH, -CVE-2022-28367,2022-04-23T00:03:04Z,"Cross-site Scripting in OWASP AntiSamy","org.owasp.antisamy:antisamy",0,1.6.6,MODERATE,CWE-79 -CVE-2022-28730,2022-08-05T00:00:30Z,"Apache JSPWiki XSS due to incomplete patch for CVE-2021-40369","org.apache.jspwiki:jspwiki-main",0,2.11.3,MODERATE,CWE-79 -CVE-2022-28731,2022-08-05T00:00:30Z,"Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp","org.apache.jspwiki:jspwiki-main",0,2.11.3,MODERATE,CWE-352 -CVE-2022-28732,2022-08-05T00:00:30Z,"Apache JSPWiki XSS due to crafted request in WeblogPlugin","org.apache.jspwiki:jspwiki-main",0,2.11.3,MODERATE,CWE-79 -CVE-2022-28820,2022-04-26T12:59:00Z,"Page Compare Reflected Cross-site Scripting (XSS) vulnerability","com.adobe.acs:acs-aem-commons",0,5.2.0,MODERATE,CWE-79 -CVE-2022-28889,2022-07-08T00:00:43Z,"Apache Druid before 0.23.0 vulnerable to clickjacking",org.apache.druid:druid,0,0.23.0,MODERATE,CWE-1021 -CVE-2022-28890,2022-05-06T00:00:53Z,"XML External Entity Reference in apache jena",org.apache.jena:jena,4.4.0,4.5.0,CRITICAL,CWE-611 -CVE-2022-29002,2022-05-24T00:00:18Z,"Cross-Site Request Forgery in XXL-Job",com.xuxueli:xxl-job,0,,HIGH,CWE-352 -CVE-2022-29036,2022-04-13T00:00:18Z,"Cross-site Scripting in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",0,2.6.1.1,MODERATE,CWE-79 -CVE-2022-29036,2022-04-13T00:00:18Z,"Cross-site Scripting in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",1087.v16065d268466,"1087.1089.v2f1b_9a_b_040e4",MODERATE,CWE-79 -CVE-2022-29036,2022-04-13T00:00:18Z,"Cross-site Scripting in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",1105,,MODERATE,CWE-79 -CVE-2022-29036,2022-04-13T00:00:18Z,"Cross-site Scripting in Jenkins Credentials Plugin","org.jenkins-ci.plugins:credentials",2.6.2,1074.1076.v39c30cecb_0e2,MODERATE,CWE-79 -CVE-2022-29037,2022-04-13T00:00:18Z,"Stored XSS in Jenkins CVS Plugin","org.jenkins-ci.plugins:cvs",0,2.19.1,MODERATE,CWE-79 -CVE-2022-29038,2022-04-13T00:00:18Z,"Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin","org.jenkins-ci.plugins:extended-choice-parameter",0,,MODERATE,CWE-79 -CVE-2022-29039,2022-04-13T00:00:19Z,"Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.35.3,HIGH,CWE-79 -CVE-2022-29040,2022-04-13T00:00:17Z,"Stored XSS vulnerability in Jenkins Git Parameter Plugin","org.jenkins-ci.tools:git-parameter",0,0.9.16,MODERATE,CWE-79 -CVE-2022-29041,2022-04-13T00:00:17Z,"Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin","org.jenkins-ci.plugins:jira",0,3.6.1,MODERATE,CWE-79 -CVE-2022-29041,2022-04-13T00:00:17Z,"Stored Cross-site Scripting vulnerability in Jenkins Jira Plugin","org.jenkins-ci.plugins:jira",3.7.0,3.7.1,MODERATE,CWE-79 -CVE-2022-29042,2022-04-13T00:00:17Z,"Stored Cross-site Scripting vulnerability in Jenkins Job Generator Plugin","org.jenkins-ci.plugins:jobgenerator",0,,MODERATE,CWE-79 -CVE-2022-29043,2022-04-13T00:00:17Z,"Stored Cross-site Scripting in Jenkins Mask Passwords Plugin","org.jenkins-ci.plugins:mask-passwords",0,3.1,MODERATE,CWE-79 -CVE-2022-29044,2022-04-13T00:00:16Z,"Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin","org.jenkins-ci.plugins:nodelabelparameter",0,1.10.3.1,MODERATE,CWE-79 -CVE-2022-29045,2022-04-13T00:00:16Z,"Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin","org.jenkins-ci.plugins:promoted-builds",0,3.10.1,HIGH,CWE-79 -CVE-2022-29045,2022-04-13T00:00:16Z,"Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin","org.jenkins-ci.plugins:promoted-builds",3.11,876.v99d29788b,HIGH,CWE-79 -CVE-2022-29046,2022-04-13T00:00:17Z,"Stored Cross-site Scripting vulnerability in Jenkins Subversion Plugin","org.jenkins-ci.plugins:subversion",0,2.15.4,MODERATE,CWE-79 -CVE-2022-29047,2022-04-13T00:00:17Z,"Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,2.21.3,HIGH,CWE-863 -CVE-2022-29047,2022-04-13T00:00:17Z,"Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",544.vff04fa68714d,566.vd0a,HIGH,CWE-863 -CVE-2022-29048,2022-04-13T00:00:16Z,"CSRF vulnerability in Jenkins Subversion Plugin","org.jenkins-ci.plugins:subversion",0,2.15.4,MODERATE,CWE-352 -CVE-2022-29049,2022-04-13T00:00:16Z,"Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL","org.jenkins-ci.plugins:promoted-builds",0,3.10.1,HIGH,CWE-20;CWE-79 -CVE-2022-29049,2022-04-13T00:00:16Z,"Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL","org.jenkins-ci.plugins:promoted-builds",3.11,876.v99d29788b,HIGH,CWE-20;CWE-79 -CVE-2022-29050,2022-04-13T00:00:16Z,"CSRF vulnerability in Jenkins Publish Over FTP Plugin","org.jenkins-ci.plugins:publish-over-ftp",0,1.17,HIGH,CWE-352 -CVE-2022-29051,2022-04-13T00:00:16Z,"Missing permission checks in Jenkins Publish Over FTP Plugin","org.jenkins-ci.plugins:publish-over-ftp",0,1.17,MODERATE,CWE-862 -CVE-2022-29052,2022-04-13T00:00:15Z,"Private key stored in plain text by Jenkins Google Compute Engine Plugin","org.jenkins-ci.plugins:google-compute-engine",0,4.3.9,MODERATE,CWE-522 -CVE-2022-29161,2022-05-24T12:47:10Z,"Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API","org.xwiki.platform:xwiki-platform-crypto",0,13.10.6,MODERATE,CWE-326;CWE-327 -CVE-2022-29161,2022-05-24T12:47:10Z,"Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API","org.xwiki.platform:xwiki-platform-crypto",14.0.0,14.3.1,MODERATE,CWE-326;CWE-327 -CVE-2022-29237,2022-05-25T20:16:36Z,"Limited Authentication Bypass for Media Files","org.opencastproject:opencast-ingest-service-impl",0,10.14,MODERATE,CWE-287 -CVE-2022-29237,2022-05-25T20:16:36Z,"Limited Authentication Bypass for Media Files","org.opencastproject:opencast-ingest-service-impl",11.0,11.7,MODERATE,CWE-287 -CVE-2022-29249,2022-05-25T22:34:15Z,"Reversible One-Way Hash in io.github.javaezlib:JavaEZ","io.github.javaezlib:JavaEZ",1.6,1.7,HIGH,CWE-326;CWE-327;CWE-328 -CVE-2022-29251,2022-05-25T22:40:57Z,"Cross-site Scripting in the Flamingo theme manager","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",0,12.10.11,HIGH,CWE-116;CWE-79;CWE-80 -CVE-2022-29251,2022-05-25T22:40:57Z,"Cross-site Scripting in the Flamingo theme manager","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",13.0.0,13.4.7,HIGH,CWE-116;CWE-79;CWE-80 -CVE-2022-29251,2022-05-25T22:40:57Z,"Cross-site Scripting in the Flamingo theme manager","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",13.5.0,13.10.3,HIGH,CWE-116;CWE-79;CWE-80 -CVE-2022-29252,2022-05-25T22:41:10Z,"Cross-site Scripting in wiki manager join wiki page","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",0,12.10.11,HIGH,CWE-116;CWE-79 -CVE-2022-29252,2022-05-25T22:41:10Z,"Cross-site Scripting in wiki manager join wiki page","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",13.0.0,13.4.7,HIGH,CWE-116;CWE-79 -CVE-2022-29252,2022-05-25T22:41:10Z,"Cross-site Scripting in wiki manager join wiki page","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",13.5.0,13.10.3,HIGH,CWE-116;CWE-79 -CVE-2022-29253,2022-06-01T19:56:34Z,"Path Traversal in XWiki Platform","org.xwiki.platform:xwiki-platform-oldcore",8.3-rc-1,13.10.3,LOW,CWE-22;CWE-24 -CVE-2022-29258,2022-06-01T20:25:54Z,"Cross-site Scripting in Filter Stream Converter Application in XWiki Platform","org.xwiki.platform:xwiki-platform-filter-ui",13.0.0,13.4.7,HIGH,CWE-116;CWE-79 -CVE-2022-29258,2022-06-01T20:25:54Z,"Cross-site Scripting in Filter Stream Converter Application in XWiki Platform","org.xwiki.platform:xwiki-platform-filter-ui",13.5.0,13.10.3,HIGH,CWE-116;CWE-79 -CVE-2022-29258,2022-06-01T20:25:54Z,"Cross-site Scripting in Filter Stream Converter Application in XWiki Platform","org.xwiki.platform:xwiki-platform-filter-ui",5.4.4,12.10.11,HIGH,CWE-116;CWE-79 -CVE-2022-29265,2022-05-01T00:00:33Z,"Multiple components in Apache NiFi do not restrict XML External Entity references",org.apache.nifi:nifi,0.0.1,1.16.1,HIGH,CWE-611 -CVE-2022-29405,2022-05-26T00:01:31Z,"Missing Authorization in Apache Archiva","org.apache.archiva:archiva",0,2.2.8,MODERATE,CWE-732 -CVE-2022-29546,2022-04-26T21:14:57Z,"OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser","net.sourceforge.htmlunit:neko-htmlunit",0,2.61.0,HIGH,CWE-400 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider","com.vaadin:vaadin-grid-flow",14.8.5,14.8.10,MODERATE,CWE-200 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider","com.vaadin:vaadin-grid-flow",22.0.6,22.0.15,MODERATE,CWE-200 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider","com.vaadin:vaadin-grid-flow",23.0.0.beta2,23.0.9,MODERATE,CWE-200 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider",com.vaadin:vaadin,14.8.5,14.8.10,MODERATE,CWE-200 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider",com.vaadin:vaadin,22.0.6,22.0.15,MODERATE,CWE-200 -CVE-2022-29567,2022-05-25T22:40:03Z,"Possible information disclosure inside TreeGrid component with default data provider",com.vaadin:vaadin,23.0.0,23.0.9,MODERATE,CWE-200 -CVE-2022-29577,2022-04-23T00:03:04Z,"Cross-site Scripting in OWASP AntiSamy","org.owasp.antisamy:antisamy",0,1.6.7,MODERATE,CWE-79 -CVE-2022-29599,2022-05-24T00:01:49Z,"Command injection in Apache Maven maven-shared-utils","org.apache.maven.shared:maven-shared-utils",0,3.3.3,CRITICAL,CWE-116;CWE-77 -CVE-2022-29631,2022-06-07T00:00:31Z,"Server-Side Request Forgery in Jodd HTTP",org.jodd:jodd-http,5.0.0,6.2.1,HIGH,CWE-74;CWE-918 -CVE-2022-29647,2022-06-03T00:01:05Z,"Cross Site Request Forgery in Mingsoft MCMS",net.mingsoft:ms-mcms,0,,HIGH,CWE-352 -CVE-2022-29648,2022-06-03T00:01:05Z,"Cross site scripting in Jfinal","com.jflyfox:jflyfox_jfinal",0,,MODERATE,CWE-79 -CVE-2022-29770,2022-06-04T00:00:25Z,"Cross site scripting in XXL-job",com.xuxueli:xxl-job,0,,MODERATE,CWE-79 -CVE-2022-29885,2022-05-13T00:01:12Z,"Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption",org.apache.tomcat:tomcat,10.0.0-M1,10.0.21,HIGH,CWE-400 -CVE-2022-29885,2022-05-13T00:01:12Z,"Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption",org.apache.tomcat:tomcat,10.1.0-M1,10.1.0-M15,HIGH,CWE-400 -CVE-2022-29885,2022-05-13T00:01:12Z,"Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption",org.apache.tomcat:tomcat,8.5.38,8.5.79,HIGH,CWE-400 -CVE-2022-29885,2022-05-13T00:01:12Z,"Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption",org.apache.tomcat:tomcat,9.0.13,9.0.63,HIGH,CWE-400 -CVE-2022-30126,2022-05-17T00:00:37Z,"Regular expression denial of service in apache tika",org.apache.tika:tika,1.17,1.28.2,MODERATE,CWE-1333 -CVE-2022-30126,2022-05-17T00:00:37Z,"Regular expression denial of service in apache tika",org.apache.tika:tika,2.0.0,2.4.0,MODERATE,CWE-1333 -CVE-2022-30187,2022-07-13T00:00:39Z,"Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library","com.azure:azure-storage-blob",0,12.18.0,MODERATE,CWE-668 -CVE-2022-30500,2022-05-27T00:00:48Z,"SQL injection in jflyfox jfinal","com.jflyfox:jflyfox_jfinal",0,,HIGH,CWE-89 -CVE-2022-30506,2022-06-03T00:01:08Z,"Code injection in MCMS",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-434;CWE-74 -CVE-2022-30945,2022-05-18T00:00:39Z,"Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2692.v76b,HIGH,CWE-434;CWE-552 -CVE-2022-30946,2022-05-18T00:00:39Z,"CSRF vulnerability in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1172.v35f6a,MODERATE,CWE-352 -CVE-2022-30947,2022-05-18T00:00:39Z,"Path traversal in Jenkins Git Mercurial and Repo Plugins","org.jenkins-ci.plugins:git",0,4.11.2,HIGH,CWE-22 -CVE-2022-30947,2022-05-18T00:00:39Z,"Path traversal in Jenkins Git Mercurial and Repo Plugins","org.jenkins-ci.plugins:mercurial",0,2.16.1,HIGH,CWE-22 -CVE-2022-30947,2022-05-18T00:00:39Z,"Path traversal in Jenkins Git Mercurial and Repo Plugins","org.jenkins-ci.plugins:repo",0,1.15.0,HIGH,CWE-22 -CVE-2022-30948,2022-05-18T00:00:39Z,"Path traversal in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",0,2.16.1,LOW,CWE-22 -CVE-2022-30949,2022-05-18T00:00:40Z,"Path traversal in Jenkins REPO Plugin","org.jenkins-ci.plugins:git",0,4.11.2,LOW,CWE-22 -CVE-2022-30949,2022-05-18T00:00:40Z,"Path traversal in Jenkins REPO Plugin","org.jenkins-ci.plugins:mercurial",0,2.16.1,LOW,CWE-22 -CVE-2022-30949,2022-05-18T00:00:40Z,"Path traversal in Jenkins REPO Plugin","org.jenkins-ci.plugins:repo",0,1.14.1,LOW,CWE-22 -CVE-2022-30950,2022-05-18T00:00:39Z,"Buffer overflow in Jenkins WMI Windows Agents plugin","org.jenkins-ci.plugins:windows-slaves",0,1.8.1,MODERATE,CWE-120 -CVE-2022-30951,2022-05-18T00:00:40Z,"Missing Authorization in Jenkins WMI Windows Agents plugin","org.jenkins-ci.plugins:windows-slaves",0,1.8.1,MODERATE,CWE-862 -CVE-2022-30952,2022-05-18T00:00:40Z,"Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin","io.jenkins.blueocean:blueocean-pipeline-scm-api",0,1.25.4,MODERATE,CWE-522 -CVE-2022-30953,2022-05-18T00:00:40Z,"Cross Site Request Forgery in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean-parent",0,1.25.4,MODERATE,CWE-352 -CVE-2022-30954,2022-05-18T00:00:41Z,"Missing permission check in Jenkins Blue Ocean Plugin","io.jenkins.blueocean:blueocean-parent",0,1.25.4,MODERATE,CWE-862 -CVE-2022-30955,2022-05-18T00:00:40Z,"Missing permission check in Jenkins GitLab Plugin","org.jenkins-ci.plugins:gitlab-plugin",0,1.5.32,MODERATE,CWE-862 -CVE-2022-30956,2022-05-18T00:00:40Z,"Cross-site Scripting in Jenkins Rundeck Plugin","org.jenkins-ci.plugins:rundeck",0,3.6.11,HIGH,CWE-79 -CVE-2022-30957,2022-05-18T00:00:40Z,"Missing permission check in Jenkins SSH Plugin","org.jenkins-ci.plugins:ssh",0,,MODERATE,CWE-862 -CVE-2022-30958,2022-05-18T00:00:40Z,"Cross Site Request Forgery in Jenkins SSH Plugin","org.jenkins-ci.plugins:ssh",0,,HIGH,CWE-352 -CVE-2022-30959,2022-05-18T00:00:40Z,"Missing Authorization in Jenkins SSH plugin","org.jenkins-ci.plugins:ssh",0,,HIGH,CWE-862 -CVE-2022-30960,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins Application Detector Plugin","org.jenkins-ci.plugins:app-detector",0,1.0.9,HIGH,CWE-79 -CVE-2022-30961,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins Autocomplete Parameter Plugin","org.jenkins-ci.plugins:autocomplete-parameter",0,,HIGH,CWE-79 -CVE-2022-30962,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins Global Variable String Parameter Plugin","org.jenkins-ci.plugins:global-variable-string-parameter",0,,HIGH,CWE-79 -CVE-2022-30963,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins JDK Parameter Plugin","org.jenkins-ci.plugins:JDK_Parameter_Plugin",0,,HIGH,CWE-79 -CVE-2022-30964,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins Multiselect parameter Plugin","io.jenkins.plugins:multiselect-parameter",0,1.4,HIGH,CWE-79 -CVE-2022-30965,2022-05-18T00:00:41Z,"Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types","org.jenkins-ci.plugins:promoted-builds-simple",0,,HIGH,CWE-79 -CVE-2022-30966,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins Random String Parameter Plugin","org.jenkins-ci.plugins:random-string-parameter",0,,MODERATE,CWE-116;CWE-79 -CVE-2022-30967,2022-05-18T00:00:41Z,"Cross site scripting in Jenkins Selection tasks Plugin","org.jvnet.hudson.plugins:selection-tasks-plugin",0,,HIGH,CWE-79 -CVE-2022-30968,2022-05-18T00:00:41Z,"Cross-site Scripting in Jenkins vboxwrapper Plugin","org.jenkins-ci.plugins:vboxwrapper",0,,HIGH,CWE-79 -CVE-2022-30969,2022-05-18T00:00:42Z,"Cross-Site Request Forgery in Jenkins Autocomplete Parameter Plugin","org.jenkins-ci.plugins:autocomplete-parameter",0,,HIGH,CWE-352 -CVE-2022-30970,2022-05-18T00:00:42Z,"Cross-site Scripting in Jenkins Autocomplete Parameter Plugin","org.jenkins-ci.plugins:autocomplete-parameter",0,,HIGH,CWE-79 -CVE-2022-30971,2022-05-18T00:00:42Z,"XML External Entity Reference in Jenkins Storable Configs Plugin","org.jvnet.hudson.plugins:storable-configs-plugin",0,,HIGH,CWE-611 -CVE-2022-30972,2022-05-18T00:00:42Z,"Cross Site Request Forgery in Jenkins Storable Configs Plugin","org.jvnet.hudson.plugins:storable-configs-plugin",0,,HIGH,CWE-352 -CVE-2022-30973,2022-06-01T00:00:36Z,"Regular expression denial of service in apache tika","org.apache.tika:tika-core",1.17,1.28.3,MODERATE,CWE-1333 -CVE-2022-31018,2022-06-03T22:18:58Z,"Denial of service binding form from JSON in Play Framework","com.typesafe.play:play_2.12",2.8.3,2.8.16,HIGH,CWE-400 -CVE-2022-31018,2022-06-03T22:18:58Z,"Denial of service binding form from JSON in Play Framework","com.typesafe.play:play_2.13",2.8.3,2.8.16,HIGH,CWE-400 -CVE-2022-31023,2022-06-03T22:19:23Z,"Dev error stack trace leaking into prod in Play Framework","com.typesafe.play:play_2.12",0,2.8.16,MODERATE,CWE-209 -CVE-2022-31023,2022-06-03T22:19:23Z,"Dev error stack trace leaking into prod in Play Framework","com.typesafe.play:play_2.13",0,2.8.16,MODERATE,CWE-209 -CVE-2022-31044,2022-06-17T20:51:48Z,"Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0",org.rundeck:rundeck,4.2.0,4.2.2,HIGH,CWE-256 -CVE-2022-31044,2022-06-17T20:51:48Z,"Rundeck's Key Storage converter plugin mechanism's encryption layer not working in 4.2.0, 4.2.1, 4.3.0",org.rundeck:rundeck,4.3.0,4.3.1,HIGH,CWE-256 -CVE-2022-31053,2022-06-17T00:38:03Z,"Signature forgery in Biscuit","com.clever-cloud:biscuit-java",0,2.0.0,CRITICAL,CWE-347 -CVE-2022-31139,2022-07-12T22:15:53Z,"UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()","io.github.karlatemp:unsafe-accessor",1.4.0,1.7.0,MODERATE,CWE-200;CWE-863 -CVE-2022-31159,2022-07-15T20:44:55Z,"Partial Path Traversal in com.amazonaws:aws-java-sdk-s3 ","com.amazonaws:aws-java-sdk-s3",0,1.12.261,HIGH,CWE-22 -CVE-2022-31160,2022-07-18T17:07:36Z,"jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label","org.webjars.npm:jquery-ui",0,1.13.2,MODERATE,CWE-79 -CVE-2022-31166,2022-09-20T21:19:52Z,"XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups","org.xwiki.platform:xwiki-platform-oldcore",11.3.7,13.10.4,HIGH,CWE-269 -CVE-2022-31166,2022-09-20T21:19:52Z,"XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups","org.xwiki.platform:xwiki-platform-oldcore",14.0-rc-1,14.2-rc-1,HIGH,CWE-269 -CVE-2022-31167,2022-09-20T21:18:43Z,"XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference","org.xwiki.platform:xwiki-platform-security",13.0,13.4.6,HIGH,CWE-285;CWE-862 -CVE-2022-31167,2022-09-20T21:18:43Z,"XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference","org.xwiki.platform:xwiki-platform-security",13.10,13.10.1,HIGH,CWE-285;CWE-862 -CVE-2022-31167,2022-09-20T21:18:43Z,"XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference","org.xwiki.platform:xwiki-platform-security",5.0,12.10.11,HIGH,CWE-285;CWE-862 -CVE-2022-31183,2022-07-29T22:24:10Z,"fs2-io skips mTLS client verification",co.fs2:fs2-io,3.1.0,3.2.11,CRITICAL,CWE-295 -CVE-2022-31189,2022-08-06T05:39:46Z,"JSPUI's ""Internal System Error"" page prints exceptions and stack traces without sanitization",org.dspace:dspace-jspui,4.0,6.4,MODERATE,CWE-209 -CVE-2022-31190,2022-08-06T05:40:16Z,"XMLUI's metadata of withdrawn Items is exposed to anonymous users",org.dspace:dspace-xmlui,4.0,6.4,MODERATE,CWE-200;CWE-863 -CVE-2022-31191,2022-08-06T05:46:14Z,"JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting",org.dspace:dspace-jspui,4.0,5.11,HIGH,CWE-79 -CVE-2022-31191,2022-08-06T05:46:14Z,"JSPUI spellcheck and autocomplete tools vulnerable to Cross Site Scripting",org.dspace:dspace-jspui,6.0,6.4,HIGH,CWE-79 -CVE-2022-31192,2022-08-06T05:46:27Z,"JSPUI Possible Cross Site Scripting in ""Request a Copy"" Feature",org.dspace:dspace-jspui,5.0,5.11,HIGH,CWE-79 -CVE-2022-31192,2022-08-06T05:46:27Z,"JSPUI Possible Cross Site Scripting in ""Request a Copy"" Feature",org.dspace:dspace-jspui,6.0,6.4,HIGH,CWE-79 -CVE-2022-31193,2022-08-06T05:46:49Z,"JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11",org.dspace:dspace-jspui,4.0,5.11,HIGH,CWE-601 -CVE-2022-31193,2022-08-06T05:46:49Z,"JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11",org.dspace:dspace-jspui,6.0,6.4,HIGH,CWE-601 -CVE-2022-31194,2022-08-06T05:47:04Z,"JSPUI vulnerable to path traversal in submission (resumable) upload",org.dspace:dspace-jspui,4.0,5.11,HIGH,CWE-22 -CVE-2022-31194,2022-08-06T05:47:04Z,"JSPUI vulnerable to path traversal in submission (resumable) upload",org.dspace:dspace-jspui,6.0,6.4,HIGH,CWE-22 -CVE-2022-31195,2022-08-06T05:48:56Z,"DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import",org.dspace:dspace-api,4.0,5.11,HIGH,CWE-22 -CVE-2022-31195,2022-08-06T05:48:56Z,"DSpace ItemImportService API Vulnerable to Path Traversal in Simple Archive Format Package Import",org.dspace:dspace-api,6.0,6.4,HIGH,CWE-22 -CVE-2022-31197,2022-08-06T05:51:38Z,"PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names","org.postgresql:postgresql",0,42.2.26,HIGH,CWE-89 -CVE-2022-31197,2022-08-06T05:51:38Z,"PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names","org.postgresql:postgresql",42.3.0,42.3.7,HIGH,CWE-89 -CVE-2022-31197,2022-08-06T05:51:38Z,"PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names","org.postgresql:postgresql",42.4.0,42.4.1,HIGH,CWE-89 -CVE-2022-31267,2022-05-22T00:00:32Z,"Unescaped control characters in Gitblit",com.gitblit:gitblit,0,1.9.3,CRITICAL,CWE-269 -CVE-2022-31268,2022-05-22T00:00:32Z,"Path traversal in Gitblit",com.gitblit:gitblit,0,,HIGH,CWE-22 -CVE-2022-3143,2023-01-13T06:30:22Z,"Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator","org.wildfly.security:wildfly-elytron",0,1.15.15.Final,HIGH,CWE-203;CWE-208 -CVE-2022-3143,2023-01-13T06:30:22Z,"Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator","org.wildfly.security:wildfly-elytron",1.16.0.CR1,1.20.3.Final,HIGH,CWE-203;CWE-208 -CVE-2022-31679,2022-09-22T00:00:24Z,"Spring Data REST can expose hidden entity attributes","org.springframework.data:spring-data-rest-core",3.6.0,3.6.7,LOW, -CVE-2022-31679,2022-09-22T00:00:24Z,"Spring Data REST can expose hidden entity attributes","org.springframework.data:spring-data-rest-core",3.7.0,3.7.3,LOW, -CVE-2022-31684,2022-10-20T12:00:17Z,"Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens","io.projectreactor.netty:reactor-netty-http",1.0.11,1.0.24,MODERATE,CWE-200 -CVE-2022-31690,2022-11-01T12:00:37Z,"spring-security-oauth2-client vulnerable to Privilege Escalation","org.springframework.security:spring-security-oauth2-client",0,5.6.9,HIGH,CWE-269 -CVE-2022-31690,2022-11-01T12:00:37Z,"spring-security-oauth2-client vulnerable to Privilege Escalation","org.springframework.security:spring-security-oauth2-client",5.7.0,5.7.5,HIGH,CWE-269 -CVE-2022-31692,2022-11-01T12:00:37Z,"Spring Security authorization rules can be bypassed via forward or include dispatcher types","org.springframework.security:spring-security-core",5.6.0,5.6.9,CRITICAL,CWE-863 -CVE-2022-31692,2022-11-01T12:00:37Z,"Spring Security authorization rules can be bypassed via forward or include dispatcher types","org.springframework.security:spring-security-core",5.7.0,5.7.5,CRITICAL,CWE-863 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-java",0,3.16.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-java",3.17.0-rc-1,3.19.6,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-java",3.20.0-rc-1,3.20.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-java",3.21.0-rc-1,3.21.7,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-javalite",0,3.16.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-javalite",3.17.0-rc-1,3.19.6,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-javalite",3.20.0-rc-1,3.20.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-javalite",3.21.0-rc-1,3.21.7,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",0,3.16.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",3.17.0-rc-1,3.19.6,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",3.20.0-rc-1,3.20.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",3.21.0-rc-1,3.21.7,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",0,3.16.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",3.17.0-rc-1,3.19.6,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",3.20.0-rc-1,3.20.3,MODERATE,CWE-20 -CVE-2022-3171,2022-10-04T22:17:15Z,"protobuf-java has a potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",3.21.0-rc-1,3.21.7,MODERATE,CWE-20 -CVE-2022-31777,2022-11-01T19:00:29Z,"Apache Spark vulnerable to Log Injection","org.apache.spark:spark-core",0,3.2.2,MODERATE,CWE-74 -CVE-2022-31777,2022-11-01T19:00:29Z,"Apache Spark vulnerable to Log Injection","org.apache.spark:spark-core",3.3.0,3.3.1,MODERATE,CWE-74 -CVE-2022-31781,2022-07-14T00:00:23Z,"Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking","org.apache.tapestry:tapestry-core",0,5.8.2,HIGH,CWE-1333;CWE-400 -CVE-2022-32065,2022-07-14T00:00:16Z,"RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module",com.ruoyi:ruoyi,0,4.7.4,MODERATE,CWE-434;CWE-79 -CVE-2022-32287,2022-11-03T19:00:26Z,"Apache UIMA Path Traversal vulnerability","org.apache.uima:uimaj-core",0,3.3.1,HIGH,CWE-22 -CVE-2022-32430,2022-07-22T00:00:37Z,"Hardcoded JWT Token in Lin CMS Spring Boot","io.github.talelin:lin-cms-core",0,,HIGH,CWE-668 -CVE-2022-32531,2022-12-15T21:30:29Z,"Apache Bookkeeper vulnerable to Improper Certificate Validation","org.apache.bookkeeper:bookkeeper-common",0,4.14.6,MODERATE,CWE-295 -CVE-2022-32531,2022-12-15T21:30:29Z,"Apache Bookkeeper vulnerable to Improper Certificate Validation","org.apache.bookkeeper:bookkeeper-common",4.15.0,4.15.1,MODERATE,CWE-295 -CVE-2022-32532,2022-06-30T00:00:41Z,"Improper Authorization in Apache Shiro","org.apache.shiro:shiro-core",0,1.9.1,CRITICAL,CWE-285;CWE-863 -CVE-2022-32533,2022-07-07T00:00:28Z,"Insufficient user input in Apache Jetspeed-2","org.apache.portals.jetspeed-2:jetspeed-commons",0,,CRITICAL,"CWE-352;CWE-611;CWE-79;CWE-918" -CVE-2022-32549,2022-06-23T00:00:34Z,"Log Injection in Apache Sling Commons Log and Apache Sling API","org.apache.sling:org.apache.sling.api",0,,MODERATE,CWE-116;CWE-117 -CVE-2022-32549,2022-06-23T00:00:34Z,"Log Injection in Apache Sling Commons Log and Apache Sling API","org.apache.sling:org.apache.sling.commons.log",0,,MODERATE,CWE-116;CWE-117 -CVE-2022-33113,2022-06-24T00:00:31Z,"Cross-site Scripting in Jfinal CMS",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2022-33140,2022-06-16T00:00:26Z,"Code injection in Apache NiFi and NiFi Registry","org.apache.nifi.registry:nifi-registry-core",0.6.0,1.16.3,HIGH,CWE-74;CWE-78 -CVE-2022-33140,2022-06-16T00:00:26Z,"Code injection in Apache NiFi and NiFi Registry",org.apache.nifi:nifi,1.10.0,1.16.3,HIGH,CWE-74;CWE-78 -CVE-2022-33681,2022-09-25T00:00:27Z,"Apache Pulsar Java Client vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-client",0,2.7.5,MODERATE,CWE-295 -CVE-2022-33681,2022-09-25T00:00:27Z,"Apache Pulsar Java Client vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-client",2.10.0,2.10.1,MODERATE,CWE-295 -CVE-2022-33681,2022-09-25T00:00:27Z,"Apache Pulsar Java Client vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-client",2.8.0,2.8.4,MODERATE,CWE-295 -CVE-2022-33681,2022-09-25T00:00:27Z,"Apache Pulsar Java Client vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-client",2.9.0,2.9.3,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",0,2.7.5,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.10.0,2.10.1,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.8.0,2.8.4,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.9.0,2.9.3,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",0,2.7.5,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.10.0,2.10.1,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.8.0,2.8.4,MODERATE,CWE-295 -CVE-2022-33682,2022-09-25T00:00:27Z,"Apache Pulsar Broker, Proxy, and WebSocket Proxy vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.9.0,2.9.3,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",0,2.7.5,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.10.0,2.10.1,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.8.0,2.8.4,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-broker",2.9.0,2.9.3,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",0,2.7.5,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.10.0,2.10.1,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.8.0,2.8.4,MODERATE,CWE-295 -CVE-2022-33683,2022-09-25T00:00:27Z,"Apache Pulsar Brokers and Proxies vulnerable to Improper Certificate Validation","org.apache.pulsar:pulsar-proxy",2.9.0,2.9.3,MODERATE,CWE-295 -CVE-2022-33879,2022-06-28T00:00:41Z,"Apache Tika contains incomplete fix for regex DoS",org.apache.tika:tika,0,1.28.4,LOW, -CVE-2022-33879,2022-06-28T00:00:41Z,"Apache Tika contains incomplete fix for regex DoS",org.apache.tika:tika,2.0.0,2.4.1,LOW, -CVE-2022-33891,2022-07-19T00:00:29Z,"Apache Spark UI can allow impersonation if ACLs enabled","org.apache.spark:spark-parent_2.12",0,,HIGH,CWE-78 -CVE-2022-33891,2022-07-19T00:00:29Z,"Apache Spark UI can allow impersonation if ACLs enabled","org.apache.spark:spark-parent_2.12",3.1.1,3.2.2,HIGH,CWE-78 -CVE-2022-33980,2022-07-07T00:00:26Z,"Code injection in Apache Commons Configuration","org.apache.commons:commons-configuration2",2.4,2.8.0,CRITICAL,CWE-74 -CVE-2022-34112,2022-07-23T00:00:15Z,"Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin","io.dataease:dataease-plugin-common",0,1.11.2,MODERATE,CWE-732 -CVE-2022-34113,2022-07-23T00:00:15Z,"Dataease before 1.11.2 allows arbitrary code execution via crafter plugin","io.dataease:dataease-plugin-common",0,1.11.2,CRITICAL,CWE-94 -CVE-2022-34114,2022-07-23T00:00:15Z,"SQL Injection found in Dataease ","io.dataease:dataease-plugin-common",0,1.11.2,HIGH,CWE-89 -CVE-2022-34115,2022-07-23T00:00:15Z,"Dataease v1.11.1 SQL Injection via parameter dataSourceId","io.dataease:dataease-plugin-common",0,1.11.2,CRITICAL,CWE-434;CWE-89 -CVE-2022-34158,2022-08-05T00:00:31Z,"Apache JSPWiki CSRF due to crafted invocation on the Image plugin","org.apache.jspwiki:jspwiki-main",0,2.11.3,HIGH,CWE-352 -CVE-2022-34169,2022-07-20T00:00:18Z,"Apache Xalan Java XSLT library integer truncation issue when processing malicious XSLT stylesheets",xalan:xalan,0,2.7.3,HIGH,CWE-681 -CVE-2022-34170,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.320,2.332.4,HIGH,CWE-22;CWE-79 -CVE-2022-34170,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.346,2.346.1,HIGH,CWE-22;CWE-79 -CVE-2022-34170,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.350,2.356,HIGH,CWE-22;CWE-79 -CVE-2022-34171,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.332.4,HIGH,CWE-22;CWE-79 -CVE-2022-34171,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.346,2.346.1,HIGH,CWE-22;CWE-79 -CVE-2022-34171,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.350,2.356,HIGH,CWE-22;CWE-79 -CVE-2022-34172,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.332,2.332.4,HIGH,CWE-22;CWE-79 -CVE-2022-34172,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.340,2.356,HIGH,CWE-22;CWE-79 -CVE-2022-34173,2022-06-24T00:00:31Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.340,2.356,HIGH,CWE-22;CWE-79 -CVE-2022-34174,2022-06-24T00:00:31Z,"Observable timing discrepancy allows determining username validity in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.332.4,MODERATE,CWE-203;CWE-208 -CVE-2022-34174,2022-06-24T00:00:31Z,"Observable timing discrepancy allows determining username validity in Jenkins","org.jenkins-ci.main:jenkins-core",2.334,2.356,MODERATE,CWE-203;CWE-208 -CVE-2022-34175,2022-06-24T00:00:31Z,"Unauthorized view fragment access in Jenkins","org.jenkins-ci.main:jenkins-core",2.335,2.356,HIGH,CWE-693;CWE-863 -CVE-2022-34176,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins JUnit Plugin","org.jenkins-ci.plugins:junit",0,1119.1121.vc43d0fc45561,HIGH,CWE-79 -CVE-2022-34177,2022-06-24T00:00:31Z,"Arbitrary file write vulnerability in Jenkins Pipeline: Input Step Plugin","org.jenkins-ci.plugins:pipeline-input-step",0,449.v77f0e8b,HIGH,CWE-22 -CVE-2022-34178,2022-06-24T00:00:31Z,"Reflected Cross site scripting in Jenkins Embeddable Build Status Plugin","org.jenkins-ci.plugins:embeddable-build-status",0,2.0.4,HIGH,CWE-79 -CVE-2022-34179,2022-06-24T00:00:31Z,"Path Traversal vulnerability in Jenkins Embeddable Build Status Plugin","org.jenkins-ci.plugins:embeddable-build-status",0,2.0.4,MODERATE,CWE-22 -CVE-2022-34180,2022-06-24T00:00:31Z,"Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement","org.jenkins-ci.plugins:embeddable-build-status",0,2.0.4,MODERATE,CWE-862;CWE-863 -CVE-2022-34181,2022-06-24T00:00:31Z,"Agent-to-controller security bypass in Jenkins xUnit Plugin","org.jenkins-ci.plugins:xunit",0,3.1.0,MODERATE,CWE-693 -CVE-2022-34182,2022-06-24T00:00:31Z,"Reflected Cross-site Scripting in Jenkins Nested View Plugin","org.jenkins-ci.plugins:nested-view",1.20,1.26,HIGH,CWE-79 -CVE-2022-34183,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Agent Server Parameter Plugin","io.jenkins.plugins:agent-server-parameter",0,,HIGH,CWE-79 -CVE-2022-34184,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin","org.jenkins-ci.plugins:crx-content-package-deployer",0,,HIGH,CWE-79 -CVE-2022-34185,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Date Parameter Plugin","me.leejay.jenkins:date-parameter",0,,HIGH,CWE-79 -CVE-2022-34186,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin","com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter",0,,HIGH,CWE-79 -CVE-2022-34187,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Filesystem List Parameter Plugin","aendter.jenkins.plugins:filesystem-list-parameter-plugin",0,,HIGH,CWE-79 -CVE-2022-34188,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Hidden Parameter Plugin","org.jenkins-ci.plugins:hidden-parameter",0,0.0.5,HIGH,CWE-79 -CVE-2022-34189,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Image Tag Parameter Plugin","org.jenkins-ci.plugins:image-tag-parameter",0,,HIGH,CWE-79 -CVE-2022-34190,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Maven Metadata Plugin","eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin",0,,HIGH,CWE-79 -CVE-2022-34191,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins NS-ND Integration Performance Publisher Plugin","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.129,HIGH,CWE-79 -CVE-2022-34192,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins ontrack Jenkins Plugin","org.jenkins-ci.plugins:ontrack",0,,HIGH,CWE-79 -CVE-2022-34193,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Package Version Plugin","org.lilicurroad.jenkins:packageversion",0,,HIGH,CWE-79 -CVE-2022-34194,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Readonly Parameter Plugin","org.jenkins-ci.plugins:readonly-parameters",0,,HIGH,CWE-79 -CVE-2022-34195,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Repository Connector Plugin","org.jenkins-ci.plugins:repository-connector",0,,HIGH,CWE-79 -CVE-2022-34196,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins REST List Parameter Plugin","io.jenkins.plugins:rest-list-parameter",0,1.6.0,HIGH,CWE-79 -CVE-2022-34197,2022-06-24T00:00:31Z,"Cross-site Scripting in Jenkins Sauce OnDemand Plugin","org.jenkins-ci.plugins:sauce-ondemand",0,1.205,HIGH,CWE-79 -CVE-2022-34198,2022-06-24T00:00:32Z,"Cross-site Scripting in Jenkins Stash Branch Parameter Plugin","org.jenkins-ci.plugins:StashBranchParameter",0,,HIGH,CWE-79 -CVE-2022-34199,2022-06-24T00:00:31Z,"Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin ","com.convertigo.jenkins.plugins:convertigo-mobile-platform",0,,MODERATE,CWE-256;CWE-522 -CVE-2022-34200,2022-06-24T00:00:31Z,"Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin","com.convertigo.jenkins.plugins:convertigo-mobile-platform",0,,MODERATE,CWE-352 -CVE-2022-34201,2022-06-24T00:00:31Z,"Missing permission check in Jenkins Convertigo Mobile Platform Plugin","com.convertigo.jenkins.plugins:convertigo-mobile-platform",0,,MODERATE,CWE-862 -CVE-2022-34202,2022-06-24T00:00:31Z,"User passwords stored in plain text by Jenkins EasyQA Plugin",com.geteasyqa:easyqa,0,,LOW,CWE-256 -CVE-2022-34203,2022-06-24T00:00:31Z,"Cross-Site Request Forgery in Jenkins EasyQA Plugin",com.geteasyqa:easyqa,0,,MODERATE,CWE-352 -CVE-2022-34204,2022-06-24T00:00:31Z,"Jenkins EasyQA Plugin Missing Authorization vulnerability",com.geteasyqa:easyqa,0,,MODERATE,CWE-862 -CVE-2022-34205,2022-06-24T00:00:32Z,"Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin","org.jenkins-ci.plugins:jianliao",0,,MODERATE,CWE-352 -CVE-2022-34206,2022-06-24T00:00:31Z,"Jenkins Jianliao Notification Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:jianliao",0,,MODERATE,CWE-862 -CVE-2022-34207,2022-06-24T00:00:32Z,"Cross-Site Request Forgery in Jenkins Beaker builder Plugin","org.jenkins-ci.plugins:beaker-builder",0,,MODERATE,CWE-352 -CVE-2022-34208,2022-06-24T00:00:32Z,"Jenkins Beaker builder Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:beaker-builder",0,,MODERATE,CWE-862 -CVE-2022-34209,2022-06-24T00:00:32Z,"Cross-Site Request Forgery in Jenkins ThreadFix Plugin","org.jenkins-ci.plugins:threadfix",0,,MODERATE,CWE-352 -CVE-2022-34210,2022-06-24T00:00:32Z,"Missing permission check in Jenkins ThreadFix Plugin","org.jenkins-ci.plugins:threadfix",0,,MODERATE,CWE-862 -CVE-2022-34211,2022-06-24T00:00:32Z,"Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin","org.jenkins-ci.plugins:vmware-vrealize-orchestrator",0,,MODERATE,CWE-352 -CVE-2022-34212,2022-06-24T00:00:32Z,"Missing permission check in Jenkins vRealize Orchestrator Plugin","org.jenkins-ci.plugins:vmware-vrealize-orchestrator",0,,MODERATE,CWE-862 -CVE-2022-34213,2022-06-24T00:00:32Z,"Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text","org.jenkins-ci.plugins:squashtm-publisher",0,,LOW,CWE-522 -CVE-2022-34271,2022-12-14T09:30:24Z,"Apache Atlas: zip path traversal in import functionality","org.apache.atlas:apache-atlas",0.8.4,2.3.0,HIGH,CWE-22 -CVE-2022-34298,2022-06-24T00:00:32Z,"NT auth module vulnerability in OpenAM","org.openidentityplatform.openam:openam-core",0,14.6.6,MODERATE,CWE-863 -CVE-2022-34305,2022-06-24T00:00:32Z,"Cross-site Scripting in Apache Tomcat",org.apache.tomcat:tomcat,10.0.0-M1,10.0.22,MODERATE,CWE-79 -CVE-2022-34305,2022-06-24T00:00:32Z,"Cross-site Scripting in Apache Tomcat",org.apache.tomcat:tomcat,10.1.0-M1,10.1.0-M17,MODERATE,CWE-79 -CVE-2022-34305,2022-06-24T00:00:32Z,"Cross-site Scripting in Apache Tomcat",org.apache.tomcat:tomcat,8.5.50,8.5.82,MODERATE,CWE-79 -CVE-2022-34305,2022-06-24T00:00:32Z,"Cross-site Scripting in Apache Tomcat",org.apache.tomcat:tomcat,9.0.30,9.0.65,MODERATE,CWE-79 -CVE-2022-34321,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint","org.apache.pulsar:pulsar-proxy",2.11.0,2.11.3,HIGH,CWE-306 -CVE-2022-34321,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint","org.apache.pulsar:pulsar-proxy",2.6.0,2.10.6,HIGH,CWE-306 -CVE-2022-34321,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint","org.apache.pulsar:pulsar-proxy",3.0.0,3.0.2,HIGH,CWE-306 -CVE-2022-34321,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint","org.apache.pulsar:pulsar-proxy",3.1.0,3.1.1,HIGH,CWE-306 -CVE-2022-34662,2022-11-01T19:00:29Z,"Apache DolphinScheduler vulnerable to Path Traversal","org.apache.dolphinscheduler:dolphinscheduler",0,3.0.0,MODERATE,CWE-22 -CVE-2022-34777,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins GitLab Plugin","org.jenkins-ci.plugins:gitlab-plugin",0,1.5.35,HIGH,CWE-79 -CVE-2022-34778,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins TestNG Results Plugin","org.jenkins-ci.plugins:testng-plugin",0,555.va0d5f66521e3,HIGH,CWE-79 -CVE-2022-34779,2022-07-01T00:01:07Z,"Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs","com.xebialabs.ci:xlrelease-plugin",0,22.0.1,MODERATE,CWE-862 -CVE-2022-34780,2022-07-01T00:01:07Z,"CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials","com.xebialabs.ci:xlrelease-plugin",0,22.0.1,MODERATE,CWE-352 -CVE-2022-34781,2022-07-01T00:01:07Z,"Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials","com.xebialabs.ci:xlrelease-plugin",0,22.0.1,MODERATE,CWE-862 -CVE-2022-34782,2022-07-01T00:01:07Z,"Incorrect Authorization in Jenkins requests-plugin","org.jenkins-ci.plugins:requests",0,2.2.17,MODERATE,CWE-863 -CVE-2022-34783,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins Plot Plugin","org.jenkins-ci.plugins:plot",0,2.1.11,HIGH,CWE-79 -CVE-2022-34784,2022-07-01T00:01:07Z,"Cross site scripting in Jenkins build-metrics Plugin","org.jenkins-ci.plugins:build-metrics",0,,HIGH,CWE-79 -CVE-2022-34785,2022-07-01T00:01:07Z,"Jenkins build-metrics Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:build-metrics",0,,MODERATE,CWE-862 -CVE-2022-34786,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins Rich Text Publisher Plugin","org.jenkins-ci.plugins:rich-text-publisher-plugin",0,,HIGH,CWE-79 -CVE-2022-34787,2022-07-01T00:01:07Z,"Jenkins Project Inheritance Plugin vulnerable to cross site scripting","hudson.plugins:project-inheritance",0,,HIGH,CWE-79 -CVE-2022-34788,2022-07-01T00:01:07Z,"Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS","net.praqma:matrix-reloaded",0,,HIGH,CWE-79 -CVE-2022-34789,2022-07-01T00:01:07Z,"Jenkins Matrix Reloaded Plugin vulnerable to CSRF","net.praqma:matrix-reloaded",0,,MODERATE,CWE-352 -CVE-2022-34790,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin","org.jenkins-ci.plugins:xfpanel",0,,HIGH,CWE-79 -CVE-2022-34791,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins Validating Email Parameter Plugin","io.jenkins.plugins:validating-email-parameter",0,,HIGH,CWE-79 -CVE-2022-34792,2022-07-01T00:01:07Z,"Cross-Site Request Forgery in Jenkins Recipe Plugin","org.jenkins-ci.plugins:recipe",0,,HIGH,CWE-352 -CVE-2022-34793,2022-07-01T00:01:07Z,"XML External Entity Reference in Jenkins Recipe Plugin","org.jenkins-ci.plugins:recipe",0,,HIGH,CWE-611 -CVE-2022-34794,2022-07-01T00:01:07Z,"Missing Authorization in Jenkins Recipe Plugin","org.jenkins-ci.plugins:recipe",0,,HIGH,CWE-862 -CVE-2022-34795,2022-07-01T00:01:07Z,"Cross-site Scripting in Jenkins Deployment Dashboard Plugin","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,HIGH,CWE-79 -CVE-2022-34796,2022-07-01T00:01:07Z,"Jenkins Deployment Dashboard Plugin has Insufficiently Protected Credentials","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,MODERATE,CWE-522;CWE-862 -CVE-2022-34797,2022-07-01T00:01:07Z,"Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,MODERATE,CWE-352 -CVE-2022-34798,2022-07-01T00:01:07Z,"Missing Authorization in Jenkins Deployment Dashboard Plugin","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,MODERATE,CWE-862 -CVE-2022-34799,2022-07-01T00:01:07Z,"Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,LOW,CWE-256;CWE-522 -CVE-2022-34800,2022-07-01T00:01:07Z,"Plaintext Storage of a Password in Jenkins Build Notifications Plugin","tools.devnull:build-notifications",0,,LOW,CWE-256;CWE-522 -CVE-2022-34801,2022-07-01T00:01:07Z,"Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin","tools.devnull:build-notifications",0,,LOW,CWE-318;CWE-319 -CVE-2022-34802,2022-07-01T00:01:07Z,"Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin","org.jenkins-ci.plugins:rocketchatnotifier",0,,LOW,CWE-256;CWE-522 -CVE-2022-34803,2022-07-01T00:01:08Z,"Jenkins OpsGenie Plugin Plaintext Storage of a Password vulnerability","org.jenkins-ci.plugins:opsgenie",0,,MODERATE,CWE-256;CWE-522 -CVE-2022-34804,2022-07-01T00:01:08Z,"Jenkins OpsGenie Plugin vulnerable to Cleartext Transmission of Sensitive Information","org.jenkins-ci.plugins:opsgenie",0,,MODERATE,CWE-319 -CVE-2022-34805,2022-07-01T00:01:08Z,"Plaintext Storage of a Password in Jenkins Skype notifier Plugin","org.jenkins-ci.plugins:skype-notifier",0,,LOW,CWE-256;CWE-522 -CVE-2022-34806,2022-07-01T00:01:08Z,"Plaintext Storage of a Password in Jenkins Jigomerge Plugin","org.jenkins-ci.plugins:jigomerge",0,,LOW,CWE-256;CWE-522 -CVE-2022-34807,2022-07-01T00:01:08Z,"Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin","org.jenkins-ci.plugins:elasticsearch-query",0,,LOW,CWE-256;CWE-522 -CVE-2022-34808,2022-07-01T00:01:08Z,"Token stored in plain text by Jenkins Cisco Spark Plugin","org.jenkins-ci.plugins:cisco-spark",0,,LOW,CWE-522 -CVE-2022-34809,2022-07-01T00:01:08Z,"Password stored in plain text by Jenkins RQM Plugin",net.praqma:rqm-plugin,0,,LOW,CWE-256;CWE-522 -CVE-2022-34810,2022-07-01T00:01:08Z,"Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check",net.praqma:rqm-plugin,0,,MODERATE,CWE-862 -CVE-2022-34811,2022-07-01T00:01:08Z,"Missing Authorization in Jenkins XPath Configuration Viewer Plugin","org.jenkins-ci.plugins:xpath-config-viewer",0,,MODERATE,CWE-862 -CVE-2022-34812,2022-07-01T00:01:08Z,"Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin","org.jenkins-ci.plugins:xpath-config-viewer",0,,MODERATE,CWE-352 -CVE-2022-34813,2022-07-01T00:01:08Z,"Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:xpath-config-viewer",0,,MODERATE,CWE-862 -CVE-2022-34814,2022-07-01T00:01:08Z,"Incorrect Authorization in Jenkins Request Rename Or Delete Plugin","org.jenkins-ci.plugins:rrod",0,,MODERATE,CWE-863 -CVE-2022-34815,2022-07-01T00:01:08Z,"Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin","org.jenkins-ci.plugins:rrod",0,,MODERATE,CWE-352 -CVE-2022-34817,2022-07-01T00:01:08Z,"Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin","de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator",0,,MODERATE,CWE-352 -CVE-2022-34818,2022-07-01T00:01:08Z,"Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability","de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator",0,,MODERATE,CWE-862 -CVE-2022-34870,2022-10-25T19:00:27Z,"Apache Geode vulnerable to Cross-Site Scripting","org.apache.geode:geode-core",0,1.15.1,MODERATE,CWE-79 -CVE-2022-34916,2022-08-22T00:00:48Z,"Remote code execution in Apache Flume","org.apache.flume.flume-ng-sources:flume-jms-source",1.4.0,1.10.1,CRITICAL,CWE-20;CWE-74 -CVE-2022-34917,2022-09-21T00:00:52Z,"Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service",org.apache.kafka:kafka,2.8.0,2.8.2,HIGH,CWE-400;CWE-770;CWE-789 -CVE-2022-34917,2022-09-21T00:00:52Z,"Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service",org.apache.kafka:kafka,3.0.0,3.0.2,HIGH,CWE-400;CWE-770;CWE-789 -CVE-2022-34917,2022-09-21T00:00:52Z,"Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service",org.apache.kafka:kafka,3.1.0,3.1.2,HIGH,CWE-400;CWE-770;CWE-789 -CVE-2022-34917,2022-09-21T00:00:52Z,"Apache Kafka vulnerability can lead to brokers hitting OutOfMemoryException, causing Denial of Service",org.apache.kafka:kafka,3.2.0,3.2.3,HIGH,CWE-400;CWE-770;CWE-789 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",0,3.16.3,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.17.0,3.19.6,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.20.0,3.20.3,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.21.0,3.21.7,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",0,3.16.3,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.17.0,3.19.6,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.20.0,3.20.3,HIGH,CWE-400 -CVE-2022-3509,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.21.0,3.21.7,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",0,3.16.3,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.17.0,3.19.6,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.20.0,3.20.3,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-java",3.21.0,3.21.7,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",0,3.16.3,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.17.0,3.19.6,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.20.0,3.20.3,HIGH,CWE-400 -CVE-2022-3510,2022-12-12T15:30:33Z,"Protobuf Java vulnerable to Uncontrolled Resource Consumption","com.google.protobuf:protobuf-javalite",3.21.0,3.21.7,HIGH,CWE-400 -CVE-2022-35278,2022-08-24T00:00:29Z,"HTML Injection in ActiveMQ Artemis Web Console","org.apache.activemq:artemis-server",0,2.24.0,MODERATE,CWE-79;CWE-80 -CVE-2022-35697,2022-08-11T15:57:01Z,"AEM WCM Core Components CVG Image vulnerable to Reflected Cross-site Scripting","com.adobe.cq:core.wcm.components.core",0,2.20.8,MODERATE,CWE-79 -CVE-2022-35912,2022-07-21T21:38:28Z,"Grails framework Remote Code Execution via Data Binding","org.grails:grails-databinding",3.3.10,3.3.15,CRITICAL, -CVE-2022-35912,2022-07-21T21:38:28Z,"Grails framework Remote Code Execution via Data Binding","org.grails:grails-databinding",4.0.0,4.1.1,CRITICAL, -CVE-2022-35912,2022-07-21T21:38:28Z,"Grails framework Remote Code Execution via Data Binding","org.grails:grails-databinding",5.0.0,5.1.9,CRITICAL, -CVE-2022-35912,2022-07-21T21:38:28Z,"Grails framework Remote Code Execution via Data Binding","org.grails:grails-databinding",5.2.0,5.2.1,CRITICAL, -CVE-2022-35980,2022-08-12T17:31:58Z,"OpenSearch vulnerable to Improper Authorization of Index Containing Sensitive Information","org.opensearch.plugin:opensearch-security",2.0.0.0,2.2.0.0,HIGH,CWE-612 -CVE-2022-36007,2022-08-18T19:07:58Z,"Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`","com.github.jlangch:venice",0,1.10.17,MODERATE,CWE-22 -CVE-2022-36022,2022-11-10T21:27:55Z,"Use of unclaimed s3 bucket in tests and examples","org.deeplearning4j:dl4j-examples",0,,MODERATE,CWE-330;CWE-344 -CVE-2022-36022,2022-11-10T21:27:55Z,"Use of unclaimed s3 bucket in tests and examples","org.deeplearning4j:platform-tests",0,,MODERATE,CWE-330;CWE-344 -CVE-2022-36025,2022-09-23T20:24:21Z,"Besu VM vulnerable to gas allocation error in CALL operations",org.hyperledger.besu:evm,22.4.0-RC1,22.7.1,CRITICAL,CWE-196;CWE-681 -CVE-2022-36033,2022-09-01T22:14:57Z,"jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled",org.jsoup:jsoup,0,1.15.3,MODERATE,CWE-79 -CVE-2022-36090,2022-09-16T17:40:00Z,"XWiki Platform Improper Authorization check for inactive users","org.xwiki.platform:xwiki-platform-oldcore",1.1,13.10.5,HIGH,CWE-285 -CVE-2022-36090,2022-09-16T17:40:00Z,"XWiki Platform Improper Authorization check for inactive users","org.xwiki.platform:xwiki-platform-oldcore",14.0,14.3-rc-1,HIGH,CWE-285 -CVE-2022-36091,2022-09-16T17:39:46Z,"XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor","org.xwiki.platform:xwiki-platform-web",14.0,14.2,HIGH,CWE-359;CWE-862 -CVE-2022-36091,2022-09-16T17:39:46Z,"XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor","org.xwiki.platform:xwiki-platform-web-templates",1.3,13.10.4,HIGH,CWE-359;CWE-862 -CVE-2022-36092,2022-09-16T17:06:38Z,"XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action","org.xwiki.platform:xwiki-platform-oldcore",0,13.10.4,HIGH,CWE-287 -CVE-2022-36092,2022-09-16T17:06:38Z,"XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action","org.xwiki.platform:xwiki-platform-oldcore",14.0,14.2,HIGH,CWE-287 -CVE-2022-36093,2022-09-16T17:05:55Z,"XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard","org.xwiki.platform:xwiki-platform-web",14.0,14.3-rc-1,HIGH,CWE-287;CWE-288 -CVE-2022-36093,2022-09-16T17:05:55Z,"XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard","org.xwiki.platform:xwiki-platform-web",8.0-rc-1,13.10.5,HIGH,CWE-287;CWE-288 -CVE-2022-36093,2022-09-16T17:05:55Z,"XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard","org.xwiki.platform:xwiki-platform-web-templates",0,13.10.5,HIGH,CWE-287;CWE-288 -CVE-2022-36093,2022-09-16T17:05:55Z,"XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard","org.xwiki.platform:xwiki-platform-web-templates",14.0,14.3-rc-1,HIGH,CWE-287;CWE-288 -CVE-2022-36094,2022-09-16T17:05:12Z,"XWiki Platform Web Parent POM vulnerable to XSS in the attachment history","org.xwiki.platform:xwiki-platform-web",1.0,13.10.6,HIGH,CWE-79;CWE-80 -CVE-2022-36094,2022-09-16T17:05:12Z,"XWiki Platform Web Parent POM vulnerable to XSS in the attachment history","org.xwiki.platform:xwiki-platform-web",14.0,14.3-rc-1,HIGH,CWE-79;CWE-80 -CVE-2022-36095,2022-09-16T21:04:25Z,"XWiki Cross-Site Request Forgery (CSRF) for actions on tags","org.xwiki.platform:xwiki-platform-web-templates",14.0,14.3,MODERATE,CWE-352 -CVE-2022-36095,2022-09-16T21:04:25Z,"XWiki Cross-Site Request Forgery (CSRF) for actions on tags","org.xwiki.platform:xwiki-platform-web-templates",2.0-milestone-1,13.10.5,MODERATE,CWE-352 -CVE-2022-36096,2022-09-16T17:39:32Z,"XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list","org.xwiki.platform:xwiki-platform-index-ui",14.0,14.3,HIGH,CWE-79;CWE-80 -CVE-2022-36096,2022-09-16T17:39:32Z,"XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list","org.xwiki.platform:xwiki-platform-index-ui",2.2-milestone-1,13.10.6,HIGH,CWE-79;CWE-80 -CVE-2022-36097,2022-09-16T17:39:08Z,"XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form","org.xwiki.platform:xwiki-platform-attachment-ui",14.0-rc-1,14.4-rc-1,HIGH,CWE-79;CWE-80 -CVE-2022-36098,2022-09-16T17:36:44Z,"XWiki Platform Mentions UI vulnerable to Cross-site Scripting","org.xwiki.platform:xwiki-platform-mentions-ui",12.5-rc-1,13.10.6,CRITICAL,CWE-79 -CVE-2022-36098,2022-09-16T17:36:44Z,"XWiki Platform Mentions UI vulnerable to Cross-site Scripting","org.xwiki.platform:xwiki-platform-mentions-ui",14.0,14.4,CRITICAL,CWE-79 -CVE-2022-36099,2022-09-16T17:22:28Z,"XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",14.0,14.4,CRITICAL,CWE-116;CWE-94;CWE-95 -CVE-2022-36099,2022-09-16T17:22:28Z,"XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",5.3-milestone-2,13.10.6,CRITICAL,CWE-116;CWE-94;CWE-95 -CVE-2022-36100,2022-09-16T17:21:25Z,"XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection","org.xwiki.platform.applications:xwiki-application-tag",1.7,,CRITICAL,CWE-116;CWE-94;CWE-95 -CVE-2022-36100,2022-09-16T17:21:25Z,"XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-tag-ui",0,13.10.6,CRITICAL,CWE-116;CWE-94;CWE-95 -CVE-2022-36100,2022-09-16T17:21:25Z,"XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-tag-ui",14.0,14.4,CRITICAL,CWE-116;CWE-94;CWE-95 -CVE-2022-36157,2022-08-20T00:00:30Z,"Improper Privilege Management in com.xuxueli:xxl-job",com.xuxueli:xxl-job,0,2.4.0,HIGH,CWE-269 -CVE-2022-36272,2022-08-17T00:00:30Z,"Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-89 -CVE-2022-36364,2022-07-29T00:00:44Z,"Apache Calcite Avatica JDBC driver arbitrary code execution","org.apache.calcite.avatica:avatica-core",0,1.22.0,HIGH,CWE-665 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast.jet:hazelcast-jet",0,4.5.4,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast.jet:hazelcast-jet-enterprise",0,4.5.4,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",0,3.12.13,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",4.0,,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",4.1,4.1.10,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",4.2,4.2.6,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",5.0,5.0.4,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching","com.hazelcast:hazelcast-enterprise",5.1,5.1.3,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,0,3.12.13,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,4.0,,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,4.1,4.1.10,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,4.2,4.2.6,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,5.0,5.0.4,CRITICAL,CWE-384 -CVE-2022-36437,2022-12-27T14:40:39Z,"Hazelcast connection caching",com.hazelcast:hazelcast,5.1,5.1.3,CRITICAL,CWE-384 -CVE-2022-36527,2022-08-26T00:03:30Z,"Jfinal Cross-site Scripting vulnerability","com.jflyfox:jflyfox_jfinal",0,,MODERATE,CWE-79 -CVE-2022-36537,2022-08-27T00:00:43Z,"ZK Framework vulnerable to malicious POST",org.zkoss.zk:zk,0,8.6.4.2,HIGH,CWE-200 -CVE-2022-36537,2022-08-27T00:00:43Z,"ZK Framework vulnerable to malicious POST",org.zkoss.zk:zk,9.0.0.0,9.0.1.3,HIGH,CWE-200 -CVE-2022-36537,2022-08-27T00:00:43Z,"ZK Framework vulnerable to malicious POST",org.zkoss.zk:zk,9.5.0.0,9.5.1.4,HIGH,CWE-200 -CVE-2022-36537,2022-08-27T00:00:43Z,"ZK Framework vulnerable to malicious POST",org.zkoss.zk:zk,9.6.0.0,9.6.0.2,HIGH,CWE-200 -CVE-2022-36537,2022-08-27T00:00:43Z,"ZK Framework vulnerable to malicious POST",org.zkoss.zk:zk,9.6.1,9.6.2,HIGH,CWE-200 -CVE-2022-36599,2022-08-17T00:00:30Z,"Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List",net.mingsoft:ms-mcms,0,,CRITICAL,CWE-89 -CVE-2022-36663,2022-09-07T00:01:50Z,"Gluu Oxauth before v4.4.1 vulnerable to Server-Side Request Forgery attacks via a crafted request_uri parameter",org.gluu:oxauth-common,0,4.4.1,CRITICAL,CWE-918 -CVE-2022-36881,2022-07-28T00:00:43Z,"Jenkins Git client plugin 3.11.0 does not perform SSH host key verification","org.jenkins-ci.plugins:git-client",0,3.11.1,MODERATE,CWE-295;CWE-322 -CVE-2022-36882,2022-07-28T00:00:43Z,"Lack of authentication mechanism in Jenkins Git Plugin webhook","org.jenkins-ci.plugins:git",0,4.11.4,MODERATE,CWE-352 -CVE-2022-36883,2022-07-28T00:00:43Z,"Lack of authentication mechanism in Jenkins Git Plugin webhook","org.jenkins-ci.plugins:git",0,4.11.4,MODERATE,CWE-862 -CVE-2022-36884,2022-07-28T00:00:43Z,"Lack of authentication mechanism in Jenkins Git Plugin webhook","org.jenkins-ci.plugins:git",0,4.11.4,MODERATE,CWE-200;CWE-306 -CVE-2022-36885,2022-07-28T00:00:43Z,"Jenkins GitHub plugin uses weak webhook signature function","com.coravy.hudson.plugins.github:github",0,1.34.5,LOW,CWE-203;CWE-208 -CVE-2022-36886,2022-07-28T00:00:43Z,"External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint","org.jenkins-ci.plugins:external-monitor-job",0,192.ve979ca_8b_3ccd,MODERATE,CWE-352 -CVE-2022-36887,2022-07-28T00:00:43Z,"Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints","org.jenkins-ci.plugins:jobConfigHistory",0,1156.v536a_97b_8d649,MODERATE,CWE-352 -CVE-2022-36888,2022-07-28T00:00:43Z,"Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests","com.datapipe.jenkins.plugins:hashicorp-vault-plugin",0,355.v3b_38d767a_b_a_8,MODERATE,CWE-862 -CVE-2022-36889,2022-07-28T00:00:42Z,"Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment","org.jenkins-ci.plugins:deployer-framework",0,86.v7b_a_4a_55b_f3ec,MODERATE,CWE-22 -CVE-2022-36890,2022-07-28T00:00:42Z,"Jenkins Deployer Framework Plugin vulnerable to Path Traversal","org.jenkins-ci.plugins:deployer-framework",0,86.v7b_a_4a_55b_f3ec,MODERATE,CWE-22 -CVE-2022-36891,2022-07-28T00:00:42Z,"Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs","org.jenkins-ci.plugins:deployer-framework",0,86.v7b_a_4a_55b_f3ec,MODERATE,CWE-862 -CVE-2022-36892,2022-07-28T00:00:42Z,"Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation","org.jenkins-ci.plugins:rhnpush-plugin",0,0.5.2,MODERATE,CWE-862 -CVE-2022-36893,2022-07-28T00:00:42Z,"Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation","org.jenkins-ci.plugins:rpmsign-plugin",0,0.5.1,MODERATE,CWE-862 -CVE-2022-36894,2022-07-28T00:00:42Z,"Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin","org.jenkins-ci.plugins:clif-performance-testing",0,71.v0741865e206f,HIGH,CWE-22 -CVE-2022-36895,2022-07-28T00:00:42Z,"Jenkins Compuware Topaz Utilities Plugin is missing authorization","com.compuware.jenkins:compuware-topaz-utilities",0,1.0.9,MODERATE,CWE-862 -CVE-2022-36896,2022-07-28T00:00:42Z,"Jenkins Compuware Source Code Download is missing authorization","com.compuware.jenkins:compuware-scm-downloader",0,2.0.13,MODERATE,CWE-862 -CVE-2022-36897,2022-07-28T00:00:42Z,"Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization","com.compuware.jenkins:compuware-xpediter-code-coverage",0,1.0.8,MODERATE,CWE-862 -CVE-2022-36898,2022-07-28T00:00:42Z,"Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints","com.compuware.jenkins:compuware-ispw-operations",0,1.0.9,MODERATE,CWE-862 -CVE-2022-36899,2022-07-28T00:00:42Z,"Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin","com.compuware.jenkins:compuware-ispw-operations",0,1.0.9,MODERATE,CWE-693 -CVE-2022-36900,2022-07-28T00:00:42Z,"Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure","com.compuware.jenkins:compuware-zadviser-api",0,1.0.4,MODERATE,CWE-693 -CVE-2022-36901,2022-07-28T00:00:42Z,"Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted","org.jenkins-ci.plugins:http_request",0,1.16,LOW,CWE-256;CWE-668 -CVE-2022-36902,2022-07-28T00:00:42Z,"Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin","com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter",0,,HIGH,CWE-79 -CVE-2022-36903,2022-07-28T00:00:42Z,"Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs","org.jenkins-ci.plugins:repository-connector",0,,MODERATE,CWE-862 -CVE-2022-36904,2022-07-28T00:00:42Z,"Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation","org.jenkins-ci.plugins:repository-connector",0,,MODERATE,CWE-862 -CVE-2022-36905,2022-07-28T00:00:42Z,"Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin","eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin",0,,HIGH,CWE-79 -CVE-2022-36906,2022-07-28T00:00:42Z,"CSRF vulnerability in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-352 -CVE-2022-36907,2022-07-28T00:00:42Z,"Missing permission check in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-862 -CVE-2022-36908,2022-07-28T00:00:42Z,"CSRF vulnerability in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-352 -CVE-2022-36909,2022-07-28T00:00:42Z,"Missing permission check in Jenkins OpenShift Deployer Plugin","org.jenkins-ci.plugins:openshift-deployer",0,,MODERATE,CWE-862 -CVE-2022-36910,2022-07-28T00:00:42Z,"Lucene-Search Plugin does not perform permission checks in several HTTP endpoints","org.jenkins-ci.plugins:lucene-search",0,387.v938a,MODERATE,CWE-862 -CVE-2022-36911,2022-07-28T00:00:42Z,"CSRF vulnerability in Jenkins openstack-heat Plugin","org.jenkins-ci.plugins:openstack-heat",0,,MODERATE,CWE-352 -CVE-2022-36912,2022-07-28T00:00:42Z,"Missing permission checks in Jenkins openstack-heat Plugin","org.jenkins-ci.plugins:openstack-heat",0,,MODERATE,CWE-862 -CVE-2022-36913,2022-07-28T00:00:42Z,"Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation","org.jenkins-ci.plugins:openstack-heat",0,,MODERATE,CWE-862 -CVE-2022-36914,2022-07-28T00:00:42Z,"Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system","org.jenkins-ci.plugins:files-found-trigger",0,,MODERATE,CWE-862 -CVE-2022-36915,2022-07-28T00:00:42Z,"Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents","org.jenkins-ci.plugins:android-signing",0,,MODERATE,CWE-862 -CVE-2022-36916,2022-07-28T00:00:42Z,"CSRF vulnerability in Jenkins Google Cloud Backup Plugin","org.jenkins-ci.plugins:google-cloud-backup",0,,MODERATE,CWE-352 -CVE-2022-36917,2022-07-28T00:00:42Z,"Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup.","org.jenkins-ci.plugins:google-cloud-backup",0,,MODERATE,CWE-862 -CVE-2022-36918,2022-07-28T00:00:42Z,"Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation","org.jenkins-ci.plugins:buckminster",0,,MODERATE,CWE-862 -CVE-2022-36919,2022-07-28T00:00:42Z,"Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs","org.jenkins-ci.plugins:coverity",0,,MODERATE,CWE-862 -CVE-2022-36920,2022-07-28T00:00:42Z,"Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)","org.jenkins-ci.plugins:coverity",0,,HIGH,CWE-352 -CVE-2022-36921,2022-07-28T00:00:42Z,"Missing permission check in Coverity Plugin allows capturing credentials","org.jenkins-ci.plugins:coverity",0,,HIGH,CWE-862 -CVE-2022-36922,2022-07-28T00:00:42Z,"Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting","org.jenkins-ci.plugins:lucene-search",0,387.v938a,HIGH,CWE-79 -CVE-2022-36944,2022-09-25T00:00:20Z,"Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization","org.scala-lang:scala-library",2.13.0,2.13.9,CRITICAL,CWE-502 -CVE-2022-37021,2022-09-01T00:00:26Z,"Apache Geode vulnerable to Deserialization of Untrusted Data","org.apache.geode:geode-core",0,1.12.16,CRITICAL,CWE-502 -CVE-2022-37021,2022-09-01T00:00:26Z,"Apache Geode vulnerable to Deserialization of Untrusted Data","org.apache.geode:geode-core",1.13.0,1.13.5,CRITICAL,CWE-502 -CVE-2022-37021,2022-09-01T00:00:26Z,"Apache Geode vulnerable to Deserialization of Untrusted Data","org.apache.geode:geode-core",1.14.0,1.14.1,CRITICAL,CWE-502 -CVE-2022-37022,2022-09-01T00:00:26Z,"Apache Geode versions deserialization of untrusted datawhen using JMX over RMI on Java 11","org.apache.geode:geode-core",0,1.15.0,HIGH,CWE-502 -CVE-2022-37023,2022-09-01T00:00:26Z,"Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data","org.apache.geode:geode-core",0,1.15.0,MODERATE,CWE-502 -CVE-2022-37199,2022-08-24T00:00:29Z,"SQL injection in jflyfox jfinal","com.jflyfox:jflyfox_jfinal",0,,CRITICAL,CWE-89 -CVE-2022-37223,2022-08-24T00:00:29Z,"SQL injection in jflyfox jfinal","com.jflyfox:jflyfox_jfinal",0,,CRITICAL,CWE-89 -CVE-2022-37422,2022-08-19T00:00:20Z,"Path Traversal in Payara","fish.payara.api:payara-bom",0,5.2022.3,HIGH,CWE-22 -CVE-2022-37423,2022-08-12T15:38:33Z,"Neo4j Graph apoc plugins Partial Path Traversal Vulnerability",org.neo4j.procedure:apoc,0,4.3.0.7,MODERATE,CWE-22 -CVE-2022-37423,2022-08-12T15:38:33Z,"Neo4j Graph apoc plugins Partial Path Traversal Vulnerability",org.neo4j.procedure:apoc,4.4.0.0,4.4.0.8,MODERATE,CWE-22 -CVE-2022-37435,2022-09-02T00:01:09Z,"Apache ShenYu Admin has insecure permissions","org.apache.shenyu:shenyu-common",2.4.2,2.5.0,HIGH,CWE-732 -CVE-2022-37724,2022-09-15T00:00:17Z,"Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting",wonder:wonder,1.0,,MODERATE,CWE-79 -CVE-2022-37734,2022-09-13T00:00:39Z,"graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources","com.graphql-java:graphql-java",0,17.4,HIGH,CWE-400 -CVE-2022-37734,2022-09-13T00:00:39Z,"graphql-java vulnerable to Denial of Service via GraphQL query that consumes CPU resources","com.graphql-java:graphql-java",18.0,18.3,HIGH,CWE-400 -CVE-2022-37767,2022-09-13T00:00:39Z,"Pebble Templates protection mechanism bypass can lead to arbitrary code execution","io.pebbletemplates:pebble",0,,CRITICAL,CWE-863 -CVE-2022-3782,2022-12-13T19:44:56Z,"Keycloak vulnerable to path traversal via double URL encoding ","org.keycloak:keycloak-parent",0,20.0.2,CRITICAL,CWE-177;CWE-22 -CVE-2022-37865,2022-11-07T12:00:33Z,"Apache Ivy does not verify target path when extracting the archive",org.apache.ivy:ivy,2.4.0,2.5.1,CRITICAL,CWE-22 -CVE-2022-37866,2022-11-07T19:00:20Z,"Apache Ivy vulnerable to path traversal",org.apache.ivy:ivy,2.0.0,2.5.1,HIGH,CWE-22 -CVE-2022-38179,2022-08-13T00:00:43Z,"JetBrains Ktor before 2.1.0 was vulnerable to a Reflect File Download attack",io.ktor:ktor,0,2.1.0,MODERATE,CWE-697 -CVE-2022-38180,2022-08-13T00:00:43Z,"JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider",io.ktor:ktor,0,2.1.0,MODERATE,CWE-287 -CVE-2022-38216,2022-08-17T00:00:33Z,"Mapbox is vulnerable to Integer Overflow","com.mapbox.mapboxsdk:mapbox-android-core",0,10.6.1,HIGH,CWE-190 -CVE-2022-38369,2022-09-06T00:00:27Z,"Apache IoTDB Session Fixation vulnerability","org.apache.iotdb:iotdb-server",0,0.13.1,MODERATE,CWE-384 -CVE-2022-38370,2022-09-06T00:00:27Z,"Apache IoTDB grafana-connector contains an interface without authorization","org.apache.iotdb:iotdb-grafana-connector",0,0.13.1,HIGH,CWE-862 -CVE-2022-38398,2022-09-23T00:00:39Z,"Apache Batik Server-Side Request Forgery ","org.apache.xmlgraphics:batik",1.0,1.15,MODERATE,CWE-918 -CVE-2022-38648,2022-09-23T00:00:40Z,"Apache Batik vulnerable to Server-Side Request Forgery","org.apache.xmlgraphics:batik",1.0,1.15,MODERATE,CWE-918 -CVE-2022-38663,2022-08-24T00:00:28Z,"Improper masking of credentials Jenkins in Git Plugin","org.jenkins-ci.plugins:git",0,4.11.5,MODERATE,CWE-522 -CVE-2022-38664,2022-08-24T00:00:28Z,"Cross-site Scripting in Jenkins Job Configuration History Plugin","org.jenkins-ci.plugins:jobConfigHistory",0,1166.vc9f255f45b,MODERATE,CWE-79 -CVE-2022-38665,2022-08-24T00:00:28Z,"RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin","org.jenkins-ci.plugins:collabnet",0,2.0.9,LOW,CWE-256;CWE-522 -CVE-2022-38666,2022-11-16T12:00:22Z,"SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin","org.jenkins-ci.main:cavisson-ns-nd-integration",0,,MODERATE,CWE-295 -CVE-2022-38723,2023-01-04T00:30:26Z,"Gravitee API Management contains Path Traversal","io.gravitee.apim:gravitee-api-management",0,3.15.13,HIGH,CWE-22;CWE-79 -CVE-2022-38749,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write","io.prometheus.jmx:jmx_prometheus_httpserver_java6",0,,MODERATE,CWE-121;CWE-787 -CVE-2022-38749,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write","org.testifyproject.external:external-snakeyaml",0,,MODERATE,CWE-121;CWE-787 -CVE-2022-38749,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write","pl.droidsonroids.yaml:snakeyaml",0,,MODERATE,CWE-121;CWE-787 -CVE-2022-38749,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write",org.yaml:snakeyaml,0,1.31,MODERATE,CWE-121;CWE-787 -CVE-2022-38750,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write",org.yaml:snakeyaml,0,1.31,MODERATE,CWE-121;CWE-787 -CVE-2022-38751,2022-09-06T00:00:27Z,"snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write",org.yaml:snakeyaml,0,1.31,MODERATE,CWE-121;CWE-787 -CVE-2022-38752,2022-09-06T00:00:27Z,"snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write",org.yaml:snakeyaml,0,1.32,MODERATE,CWE-121;CWE-787 -CVE-2022-39135,2022-09-12T00:00:34Z,"Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack","org.apache.calcite:calcite-core",0,1.32.0,CRITICAL,CWE-611 -CVE-2022-3916,2022-12-13T19:44:33Z,"Keycloak vulnerable to session takeover with OIDC offline refreshtokens","org.keycloak:keycloak-parent",0,20.0.2,MODERATE,"CWE-287;CWE-304;CWE-488;CWE-613" -CVE-2022-39198,2022-10-19T12:00:22Z,"Hessian Lite for Apache Dubbo deserialization vulnerability",com.alibaba:hessian-lite,0,3.2.13,CRITICAL,CWE-502 -CVE-2022-39198,2022-10-19T12:00:22Z,"Hessian Lite for Apache Dubbo deserialization vulnerability",org.apache.dubbo:dubbo,2.7.0,2.7.18,CRITICAL,CWE-502 -CVE-2022-39198,2022-10-19T12:00:22Z,"Hessian Lite for Apache Dubbo deserialization vulnerability",org.apache.dubbo:dubbo,3.0.0,3.0.12,CRITICAL,CWE-502 -CVE-2022-39198,2022-10-19T12:00:22Z,"Hessian Lite for Apache Dubbo deserialization vulnerability",org.apache.dubbo:dubbo,3.1.0,3.1.1,CRITICAL,CWE-502 -CVE-2022-39243,2022-09-30T04:29:11Z,"NuProcess vulnerable to command-line injection through insertion of NUL character(s)",com.zaxxer:nuprocess,1.2.0,2.0.5,HIGH,CWE-77 -CVE-2022-39246,2022-09-30T04:33:00Z,"matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions","org.matrix.android:matrix-android-sdk2",0,1.5.1,HIGH,CWE-287;CWE-322 -CVE-2022-39248,2022-09-30T04:37:39Z,"matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion","org.matrix.android:matrix-android-sdk2",0,1.5.1,HIGH,CWE-287;CWE-322 -CVE-2022-39259,2022-10-20T18:20:28Z,"Jadx-gui vulnerable to swing HTML Denial of Service (DoS) attack","io.github.skylot:jadx-plugins-api",0,1.4.5,MODERATE, -CVE-2022-39312,2022-10-18T18:05:36Z,"MySQL JDBC deserialization vulnerability","io.dataease:dataease-plugin-common",0,1.15.2,CRITICAL,CWE-20;CWE-502 -CVE-2022-39368,2022-11-09T17:20:03Z,"Failing DTLS handshakes may cause throttling to block processing of records","org.eclipse.californium:scandium",2.7.0,2.7.4,HIGH,CWE-404 -CVE-2022-39368,2022-11-09T17:20:03Z,"Failing DTLS handshakes may cause throttling to block processing of records","org.eclipse.californium:scandium",3.0.0,3.7.0,HIGH,CWE-404 -CVE-2022-39387,2022-11-04T18:58:46Z,"XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider","org.xwiki.contrib.oidc:oidc-authenticator",0,1.29.1,CRITICAL,CWE-287 -CVE-2022-3952,2022-11-11T19:00:31Z,"ManyDesigns Portofino subject to creation of insecure temporary file","com.manydesigns:portofino",0,5.3.3,HIGH,CWE-377;CWE-668 -CVE-2022-39944,2022-10-26T19:00:38Z,"Apache Linkis subject to Remote Code Execution via deserialization",org.apache.linkis:linkis,0,1.3.0,HIGH,CWE-502 -CVE-2022-39975,2022-09-23T00:00:46Z,"Liferay Portal Missing Authorization vulnerability","com.liferay.portal:release.portal.bom",7.3.3,7.4.3.35,MODERATE,CWE-862 -CVE-2022-40084,2022-10-20T19:00:30Z,"OpenCRX vulnerable to password enumeration via error messages in password reset","org.opencrx:opencrx-client",0,5.2.2,MODERATE,CWE-203 -CVE-2022-40145,2022-12-21T18:30:22Z,"Apache Karaf vulnerable to potential code injection","org.apache.karaf:apache-karaf",0,4.3.8,CRITICAL,CWE-20;CWE-74 -CVE-2022-40145,2022-12-21T18:30:22Z,"Apache Karaf vulnerable to potential code injection","org.apache.karaf:apache-karaf",4.4.0,4.4.2,CRITICAL,CWE-20;CWE-74 -CVE-2022-40146,2022-09-23T00:00:40Z,"Apache Batik vulnerable to Server-Side Request Forgery","org.apache.xmlgraphics:batik",1.0,1.15,HIGH,CWE-918 -CVE-2022-40149,2022-09-17T00:00:41Z,"Jettison parser crash by stackoverflow","org.codehaus.jettison:jettison",0,1.5.1,MODERATE,CWE-121;CWE-787 -CVE-2022-40150,2022-09-17T00:00:41Z,"Jettison memory exhaustion","org.codehaus.jettison:jettison",0,1.5.2,HIGH,CWE-400;CWE-674 -CVE-2022-40151,2022-12-30T16:58:39Z,"XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow","com.thoughtworks.xstream:xstream",0,1.4.20,HIGH,CWE-121;CWE-502;CWE-787 -CVE-2022-40152,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",0,5.4.0,MODERATE, -CVE-2022-40152,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",6.0.0,6.4.0,MODERATE, -CVE-2022-40153,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",0,5.4.0,HIGH,CWE-787 -CVE-2022-40153,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",6.0.0,6.4.0,HIGH,CWE-787 -CVE-2022-40154,2022-09-17T00:00:41Z,"Denial of Service via stack overflow","com.fasterxml.woodstox:woodstox-core",0,5.4.0,LOW,CWE-787 -CVE-2022-40154,2022-09-17T00:00:41Z,"Denial of Service via stack overflow","com.fasterxml.woodstox:woodstox-core",6.0.0,6.4.0,LOW,CWE-787 -CVE-2022-40155,2022-09-17T00:00:41Z,"Denial of Service via stack overflow","com.fasterxml.woodstox:woodstox-core",0,5.4.0,LOW,CWE-787 -CVE-2022-40155,2022-09-17T00:00:41Z,"Denial of Service via stack overflow","com.fasterxml.woodstox:woodstox-core",6.0.0,6.4.0,LOW,CWE-787 -CVE-2022-40156,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",0,5.4.0,LOW, -CVE-2022-40156,2022-09-17T00:00:41Z,"Denial of Service due to parser crash","com.fasterxml.woodstox:woodstox-core",6.0.0,6.4.0,LOW, -CVE-2022-40157,2022-10-06T18:52:04Z,"JXPath Out-of-bounds Write vulnerability","commons-jxpath:commons-jxpath",0,,MODERATE,CWE-787 -CVE-2022-40158,2022-10-06T18:52:04Z,"JXPath Out-of-bounds Write vulnerability","commons-jxpath:commons-jxpath",0,,MODERATE,CWE-787 -CVE-2022-40159,2022-10-06T18:52:04Z,"JXPath Out-of-bounds Write vulnerability","commons-jxpath:commons-jxpath",0,,MODERATE,CWE-787 -CVE-2022-40160,2022-10-06T18:52:04Z,"JXPath Out-of-bounds Write vulnerability","commons-jxpath:commons-jxpath",0,,MODERATE,CWE-787 -CVE-2022-40161,2022-10-06T18:52:04Z,"JXPath Out-of-bounds Write vulnerability","commons-jxpath:commons-jxpath",0,,MODERATE,CWE-787 -CVE-2022-40308,2022-11-15T19:00:52Z,"Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user","org.apache.archiva:archiva-common",0,2.2.9,HIGH,CWE-200;CWE-862 -CVE-2022-40309,2022-11-15T19:00:52Z,"Apache Archiva subject to arbitrary directory deletion by users.","org.apache.archiva:archiva-common",0,2.2.9,MODERATE,CWE-862 -CVE-2022-40634,2022-09-14T00:00:45Z,"CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources","org.craftercms:crafter-studio",3.1.0,3.1.23,HIGH,CWE-78;CWE-913 -CVE-2022-40635,2022-09-14T00:00:45Z,"CrafterCMS OS Command Injection vulnerability","org.craftercms:craftercms",3.1.0,3.1.23,HIGH,CWE-78;CWE-913 -CVE-2022-4065,2022-11-19T21:30:25Z,"TestNG is vulnerable to Path Traversal",org.testng:testng,6.13,7.5.1,HIGH,CWE-22 -CVE-2022-4065,2022-11-19T21:30:25Z,"TestNG is vulnerable to Path Traversal",org.testng:testng,7.6.0,7.7.0,HIGH,CWE-22 -CVE-2022-40664,2022-10-12T12:00:16Z,"Apache Shiro Authentication Bypass vulnerability","org.apache.shiro:shiro-core",0,1.10.0,CRITICAL,CWE-287 -CVE-2022-40705,2022-09-23T00:00:46Z,"Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP",soap:soap,2.2,,HIGH,CWE-611 -CVE-2022-40929,2022-09-29T00:00:22Z,"XXL-JOB contains a Command execution vulnerability in background tasks ",com.xuxueli:xxl-job-core,0,,CRITICAL,CWE-78 -CVE-2022-40955,2022-09-21T00:00:46Z,"Apache InLong vulnerable to Deserialization of Untrusted Data","org.apache.inlong:inlong-common",0,1.3.0,HIGH,CWE-502 -CVE-2022-41137,2024-12-05T12:31:28Z,"Apache Hive: Deserialization of untrusted data when fetching partitions from the Metastore","org.apache.hive:hive-exec",4.0.0-alpha-1,4.0.0-alpha-2,HIGH,CWE-502 -CVE-2022-4116,2022-11-22T21:30:17Z,"Code injection in quarkus dev ui config editor","io.quarkus:quarkus-vertx-http-deployment",0,2.13.5.Final,CRITICAL,CWE-74;CWE-94 -CVE-2022-4116,2022-11-22T21:30:17Z,"Code injection in quarkus dev ui config editor","io.quarkus:quarkus-vertx-http-deployment",2.14.0,2.14.2.Final,CRITICAL,CWE-74;CWE-94 -CVE-2022-41224,2022-09-22T00:00:28Z,"Jenkins vulnerable to stored cross site scripting in the I:helpIcon component","org.jenkins-ci.main:jenkins-core",2.367,2.370,HIGH,CWE-79 -CVE-2022-41225,2022-09-22T00:00:28Z,"Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting","org.jenkins-ci.plugins:anchore-container-scanner",0,1.0.25,HIGH,CWE-79 -CVE-2022-41226,2022-09-22T00:00:28Z,"Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference","com.compuware.jenkins:compuware-common-configuration",0,1.0.15,HIGH,CWE-611 -CVE-2022-41227,2022-09-22T00:00:28Z,"Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.130,MODERATE,CWE-352 -CVE-2022-41228,2022-09-22T00:00:28Z,"Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.130,MODERATE,CWE-862 -CVE-2022-41229,2022-09-22T00:00:28Z,"Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.147,HIGH,CWE-79 -CVE-2022-41230,2022-09-22T00:00:28Z,"Missing permission check in Jenkins build-publisher Plugin","org.jenkins-ci.plugins:build-publisher",0,,MODERATE,CWE-862;CWE-863 -CVE-2022-41231,2022-09-22T00:00:28Z,"Path traversal in Jenkins build-publisher Plugin","org.jenkins-ci.plugins:build-publisher",0,,MODERATE,CWE-22 -CVE-2022-41232,2022-09-22T00:00:28Z,"Jenkins build-publisher plugin vulnerable to cross-site request forgery","org.jenkins-ci.plugins:build-publisher",0,,HIGH,CWE-352 -CVE-2022-41233,2022-09-22T00:00:28Z,"Jenkins Rundeck Plugin Missing Authorization vulnerability","org.jenkins-ci.plugins:rundeck",0,3.6.12,MODERATE,CWE-862 -CVE-2022-41234,2022-09-22T00:00:28Z,"Missing webhook endpoint authorization in Jenkins Rundeck Plugin","org.jenkins-ci.plugins:rundeck",0,3.6.12,MODERATE,CWE-862 -CVE-2022-41235,2022-09-22T00:00:28Z,"Jenkins WildFly Deployer Plugin vulnerable to path traversal","org.jenkins-ci.plugins:wildfly-deployer",0,,MODERATE,CWE-22;CWE-693 -CVE-2022-41236,2022-09-22T00:00:28Z,"CSRF vulnerability in Jenkins Security Inspector plugin","org.jenkins-ci.plugins:security-inspector",0,,MODERATE,CWE-352 -CVE-2022-41237,2022-09-22T00:00:28Z,"RCE vulnerability in Jenkins DotCi Plugin","com.groupon.jenkins-ci.plugins:DotCi",0,,HIGH,CWE-502 -CVE-2022-41238,2022-09-22T00:00:28Z,"Lack of authentication mechanism in Jenkins DotCi Plugin webhook","com.groupon.jenkins-ci.plugins:DotCi",0,,MODERATE,CWE-862 -CVE-2022-41239,2022-09-22T00:00:28Z,"Stored XSS vulnerability in Jenkins DotCi Plugin","com.groupon.jenkins-ci.plugins:DotCi",0,,HIGH,CWE-79 -CVE-2022-41240,2022-09-22T00:00:28Z,"Stored XSS vulnerability in Jenkins Walti plugin","org.jenkins-ci.plugins:walti",0,,HIGH,CWE-79 -CVE-2022-41241,2022-09-22T00:00:28Z,"Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference",net.praqma:rqm-plugin,0,,MODERATE,CWE-611 -CVE-2022-41242,2022-09-22T00:00:28Z,"Jenkins extreme-feedback Plugin vulnerable to Missing Authorization","org.jenkins-ci.plugins:extreme-feedback",0,,MODERATE,CWE-862 -CVE-2022-41243,2022-09-22T00:00:28Z,"Jenkins SmallTest Plugin missing hostname validation",com.smalltest:smalltest,0,,MODERATE,CWE-297 -CVE-2022-41244,2022-09-22T00:00:29Z,"Missing hostname validation in Jenkins View26 Test-Reporting Plugin","org.jenkins-ci.plugins:view26",0,,MODERATE,CWE-297 -CVE-2022-41245,2022-09-22T00:00:28Z,"CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials","org.jenkins-ci.plugins:ws-execution-manager",0,,MODERATE,CWE-352 -CVE-2022-41246,2022-09-22T00:00:28Z,"CSRF vulnerability and mM","org.jenkins-ci.plugins:ws-execution-manager",0,,MODERATE,CWE-862 -CVE-2022-41247,2022-09-22T00:00:29Z,"Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted","org.jenkins-ci.plugins:bigpanda-jenkins",0,,LOW,CWE-256;CWE-522 -CVE-2022-41248,2022-09-22T00:00:26Z,"Jenkins BigPanda Notifier Plugin Missing Password Field Masking","org.jenkins-ci.plugins:bigpanda-jenkins",0,,LOW,CWE-549 -CVE-2022-41249,2022-09-22T00:00:26Z,"Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery","com.meowlomo.jenkins:scm-httpclient",0,,MODERATE,CWE-352 -CVE-2022-41250,2022-09-22T00:00:26Z,"Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials","com.meowlomo.jenkins:scm-httpclient",0,,MODERATE,CWE-862 -CVE-2022-41251,2022-09-22T00:00:26Z,"Jenkins Apprenda Plugin has Missing Authorization vulnerability","org.jenkins-ci.plugins:apprenda",0,,MODERATE,CWE-862 -CVE-2022-41252,2022-09-22T00:00:26Z,"Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs","org.jenkins-ci.plugins:cons3rt",0,,MODERATE,CWE-862 -CVE-2022-41253,2022-09-22T00:00:26Z,"CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials","org.jenkins-ci.plugins:cons3rt",0,,MODERATE,CWE-352 -CVE-2022-41254,2022-09-22T00:00:26Z,"Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials","org.jenkins-ci.plugins:cons3rt",0,,MODERATE,CWE-862 -CVE-2022-41255,2022-09-22T00:00:26Z,"API token stored in plain text by Jenkins CONS3RT Plugin","org.jenkins-ci.plugins:cons3rt",0,,LOW,CWE-256;CWE-522 -CVE-2022-4137,2023-03-01T17:38:56Z,"Keycloak Cross-site Scripting on OpenID connect login service","org.keycloak:keycloak-parent",0,20.0.5,HIGH,CWE-116;CWE-79 -CVE-2022-41401,2023-08-04T18:30:39Z,"OpenRefine Server-Side Request Forgery vulnerability",org.openrefine:main,0,3.6.0,MODERATE,CWE-918 -CVE-2022-41404,2022-10-12T12:00:20Z,"org.ini4j allows attackers to cause a Denial of Service (DoS) ",org.ini4j:ini4j,0,0.5.4,HIGH, -CVE-2022-4147,2022-12-06T21:30:46Z,"Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed","io.quarkus:quarkus-vertx-http",0,2.13.5.Final,HIGH,CWE-285 -CVE-2022-4147,2022-12-06T21:30:46Z,"Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed","io.quarkus:quarkus-vertx-http",2.14.0.CR1,2.14.2.Final,HIGH,CWE-285 -CVE-2022-41678,2023-11-28T18:30:23Z,"Apache ActiveMQ Deserialization of Untrusted Data vulnerability","org.apache.activemq:apache-activemq",0,5.16.6,HIGH,CWE-287;CWE-502 -CVE-2022-41678,2023-11-28T18:30:23Z,"Apache ActiveMQ Deserialization of Untrusted Data vulnerability","org.apache.activemq:apache-activemq",5.17.0,5.17.4,HIGH,CWE-287;CWE-502 -CVE-2022-41704,2022-10-25T19:00:29Z,"Apache XML Graphics Batik vulnerable to code execution via SVG.","org.apache.xmlgraphics:batik",0,1.16,HIGH,CWE-918 -CVE-2022-41828,2022-10-12T18:23:36Z,"com.amazon.redshift:redshift-jdbc42 vulnerable to remote command execution","com.amazon.redshift:redshift-jdbc42",0,2.1.0.8,HIGH,CWE-704 -CVE-2022-41852,2022-10-06T18:52:05Z,"Withdrawn: CVE Rejected: JXPath vulnerable to remote code execution when interpreting untrusted XPath expressions","commons-jxpath:commons-jxpath",0,,CRITICAL,CWE-470 -CVE-2022-41853,2022-10-06T18:52:05Z,"HyperSQL DataBase vulnerable to remote code execution when processing untrusted input",org.hsqldb:hsqldb,0,2.7.1,CRITICAL,CWE-470 -CVE-2022-41854,2022-11-11T19:00:31Z,"Snakeyaml vulnerable to Stack overflow leading to denial of service",org.yaml:snakeyaml,0,1.32,MODERATE,CWE-121;CWE-787 -CVE-2022-41881,2022-12-12T21:24:29Z,"HAProxyMessageDecoder Stack Exhaustion DoS","io.netty:netty-codec-haproxy",0,4.1.86.Final,MODERATE,CWE-674 -CVE-2022-41915,2022-12-12T21:25:44Z,"Netty vulnerable to HTTP Response splitting from assigning header value iterator","io.netty:netty-codec-http",4.1.83.Final,4.1.86.Final,MODERATE,CWE-113;CWE-436 -CVE-2022-41918,2023-03-07T20:04:42Z,"OpenSearch has issue with fine-grained access control of indices backing data streams","org.opensearch.plugin:opensearch-security",0,1.3.7,MODERATE,CWE-612;CWE-863 -CVE-2022-41918,2023-03-07T20:04:42Z,"OpenSearch has issue with fine-grained access control of indices backing data streams","org.opensearch.plugin:opensearch-security",2.0.0,2.4.0,MODERATE,CWE-612;CWE-863 -CVE-2022-41927,2022-11-21T22:34:35Z,"Cross-Site Request Forgery (CSRF) allowing to delete or rename tags","org.xwiki.platform:xwiki-platform-tag-ui",14.0.0,14.4.1,HIGH,CWE-352 -CVE-2022-41927,2022-11-21T22:34:35Z,"Cross-Site Request Forgery (CSRF) allowing to delete or rename tags","org.xwiki.platform:xwiki-platform-tag-ui",3.2-milestone-2,13.10.7,HIGH,CWE-352 -CVE-2022-41928,2022-11-21T22:34:57Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml","org.xwiki.platform:xwiki-platform-attachment-ui",14.0.0,14.4.2,CRITICAL,CWE-95 -CVE-2022-41928,2022-11-21T22:34:57Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml","org.xwiki.platform:xwiki-platform-attachment-ui",5.0-milestone-1,13.10.7,CRITICAL,CWE-95 -CVE-2022-41929,2022-11-21T22:35:22Z,"Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore","org.xwiki.platform:xwiki-platform-oldcore",11.7RC1,13.10.7,MODERATE,CWE-862 -CVE-2022-41929,2022-11-21T22:35:22Z,"Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore","org.xwiki.platform:xwiki-platform-oldcore",14.0.0,14.4.2,MODERATE,CWE-862 -CVE-2022-41930,2022-11-21T22:35:39Z,"Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui","org.xwiki.platform:xwiki-platform-user-profile-ui",12.4,13.10.7,HIGH,CWE-862 -CVE-2022-41930,2022-11-21T22:35:39Z,"Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui","org.xwiki.platform:xwiki-platform-user-profile-ui",14.0.0,14.4.2,HIGH,CWE-862 -CVE-2022-41931,2022-11-21T22:36:33Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui","org.xwiki.platform:xwiki-platform-icon-ui",14.0.0,14.4.2,CRITICAL,CWE-95 -CVE-2022-41931,2022-11-21T22:36:33Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui","org.xwiki.platform:xwiki-platform-icon-ui",6.4-milestone-2,13.10.7,CRITICAL,CWE-95 -CVE-2022-41932,2022-11-21T22:36:49Z,"Creation of new database tables through login form on PostgreSQL","org.xwiki.platform:xwiki-platform-oldcore",0,13.10.8,HIGH,CWE-400;CWE-770 -CVE-2022-41932,2022-11-21T22:36:49Z,"Creation of new database tables through login form on PostgreSQL","org.xwiki.platform:xwiki-platform-oldcore",14.0.0,14.4.2,HIGH,CWE-400;CWE-770 -CVE-2022-41932,2022-11-21T22:36:49Z,"Creation of new database tables through login form on PostgreSQL","org.xwiki.platform:xwiki-platform-oldcore",14.5.0,14.6-rc-1,HIGH,CWE-400;CWE-770 -CVE-2022-41933,2022-11-21T22:37:11Z,"Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default","org.xwiki.platform:xwiki-platform-security-authentication-default",13.1RC1,13.10.8,MODERATE,CWE-312;CWE-522 -CVE-2022-41933,2022-11-21T22:37:11Z,"Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default","org.xwiki.platform:xwiki-platform-security-authentication-default",14.0.0,14.4.3,MODERATE,CWE-312;CWE-522 -CVE-2022-41934,2022-11-21T22:37:27Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui","org.xwiki.platform:xwiki-platform-menu-ui",0,13.10.8,CRITICAL,CWE-116;CWE-74 -CVE-2022-41934,2022-11-21T22:37:27Z,"Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui","org.xwiki.platform:xwiki-platform-menu-ui",14.0.0,14.4.3,CRITICAL,CWE-116;CWE-74 -CVE-2022-41935,2022-11-21T22:37:47Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui","org.xwiki.platform:xwiki-platform-livetable-ui",12.10.11,13.10.8,MODERATE,CWE-200 -CVE-2022-41935,2022-11-21T22:37:47Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui","org.xwiki.platform:xwiki-platform-livetable-ui",14.0.0,14.4.3,MODERATE,CWE-200 -CVE-2022-41935,2022-11-21T22:37:47Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui","org.xwiki.platform:xwiki-platform-livetable-ui",14.5.0,14.6-rc-1,MODERATE,CWE-200 -CVE-2022-41936,2022-11-21T23:25:00Z,"Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server","org.xwiki.platform:xwiki-platform-rest-server",14.0.0,14.4.3,MODERATE,CWE-359 -CVE-2022-41936,2022-11-21T23:25:00Z,"Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server","org.xwiki.platform:xwiki-platform-rest-server",14.5.0,14.6,MODERATE,CWE-359 -CVE-2022-41936,2022-11-21T23:25:00Z,"Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server","org.xwiki.platform:xwiki-platform-rest-server",8.1,13.10.8,MODERATE,CWE-359 -CVE-2022-41937,2022-11-21T23:46:47Z,"Missing Authorization in Filter Stream Converter Application of XWiki-platform","org.xwiki.platform:xwiki-platform-filter-ui",0,13.10.8,CRITICAL,CWE-862 -CVE-2022-41937,2022-11-21T23:46:47Z,"Missing Authorization in Filter Stream Converter Application of XWiki-platform","org.xwiki.platform:xwiki-platform-filter-ui",14.0.0,14.4.3,CRITICAL,CWE-862 -CVE-2022-41937,2022-11-21T23:46:47Z,"Missing Authorization in Filter Stream Converter Application of XWiki-platform","org.xwiki.platform:xwiki-platform-filter-ui",14.5.0,14.6-rc-1,CRITICAL,CWE-862 -CVE-2022-41946,2022-11-23T22:17:25Z,"TemporaryFolder on unix-like systems does not limit access to created files","org.postgresql:postgresql",42.2.0,42.2.27,MODERATE,CWE-200;CWE-668 -CVE-2022-41946,2022-11-23T22:17:25Z,"TemporaryFolder on unix-like systems does not limit access to created files","org.postgresql:postgresql",42.3.0,42.3.8,MODERATE,CWE-200;CWE-668 -CVE-2022-41946,2022-11-23T22:17:25Z,"TemporaryFolder on unix-like systems does not limit access to created files","org.postgresql:postgresql",42.4.0,42.4.3,MODERATE,CWE-200;CWE-668 -CVE-2022-41946,2022-11-23T22:17:25Z,"TemporaryFolder on unix-like systems does not limit access to created files","org.postgresql:postgresql",42.5.0,42.5.1,MODERATE,CWE-200;CWE-668 -CVE-2022-41954,2022-11-28T22:09:09Z,"Temporary File Information Disclosure vulnerability in MPXJ",net.sf.mpxj:mpxj,0,10.14.1,LOW,CWE-200;CWE-668 -CVE-2022-41965,2022-11-30T21:22:23Z,"Authenticated OpenRedirect Vulnerability","org.opencastproject:opencast-common",0,12.5,MODERATE,CWE-601 -CVE-2022-41966,2022-12-29T01:48:08Z,"XStream can cause Denial of Service via stack overflow","com.thoughtworks.xstream:xstream",0,1.4.20,HIGH,"CWE-120;CWE-121;CWE-502;CWE-674" -CVE-2022-42003,2022-10-03T00:00:31Z,"Uncontrolled Resource Consumption in Jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.13.0,2.13.4.2,HIGH,CWE-400;CWE-502 -CVE-2022-42003,2022-10-03T00:00:31Z,"Uncontrolled Resource Consumption in Jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.4.0-rc1,2.12.7.1,HIGH,CWE-400;CWE-502 -CVE-2022-42004,2022-10-03T00:00:31Z,"Uncontrolled Resource Consumption in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",0,2.12.7.1,HIGH,CWE-400;CWE-502 -CVE-2022-42004,2022-10-03T00:00:31Z,"Uncontrolled Resource Consumption in FasterXML jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.13.0,2.13.4,HIGH,CWE-400;CWE-502 -CVE-2022-42009,2023-07-12T12:31:35Z,"Apache Ambari Expression Language Injection vulnerability",org.apache.ambari:ambari,2.7.0,2.7.7,HIGH,CWE-917 -CVE-2022-42123,2022-11-15T12:00:16Z,"Path Traversal in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.3,7.4.3.19,HIGH,CWE-22 -CVE-2022-42124,2022-11-15T12:00:16Z,"Inefficient Regular Expression Complexity in Liferay Portal ","com.liferay.portal:release.portal.bom",7.3.2,7.4.3.5,HIGH,CWE-1333 -CVE-2022-42125,2022-11-15T12:00:16Z,"Path Traversal in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.3.5,7.4.3.48,HIGH,CWE-22 -CVE-2022-42126,2022-11-15T12:00:16Z,"Missing permissions check in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.5,7.4.3.48,MODERATE,CWE-280 -CVE-2022-42127,2022-11-15T12:00:16Z,"Incorrect Default Permissions in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.3.5,7.4.3.48,MODERATE,CWE-276 -CVE-2022-42128,2022-11-15T12:00:16Z,"Incorrect Default Permissions in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.1,7.4.3.5,MODERATE,CWE-276 -CVE-2022-42129,2022-11-15T12:00:16Z,"Authorization Bypass in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.2,7.4.3.5,MODERATE,CWE-639 -CVE-2022-42130,2022-11-15T12:00:16Z,"Incorrect Default Permissions in Liferay Portal","com.liferay.portal:release.portal.bom",7.1.0,7.4.3.5,MODERATE,CWE-276 -CVE-2022-42131,2022-11-15T12:00:16Z,"Improper Certificate Validation in Liferay Portal","com.liferay.portal:release.portal.bom",7.1.0,7.4.3.4,MODERATE,CWE-295 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat.embed:tomcat-embed-core",10.0.0-M1,10.0.27,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.1,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.83,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.68,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat:tomcat-coyote",10.0.0-M1,10.0.27,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat:tomcat-coyote",10.1.0-M1,10.1.1,HIGH,CWE-20;CWE-444 -CVE-2022-42252,2022-11-01T12:00:30Z,"Apache Tomcat may reject request containing invalid Content-Length header","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.68,HIGH,CWE-20;CWE-444 -CVE-2022-4244,2023-09-25T21:30:26Z,"plexus-codehaus vulnerable to directory traversal","org.codehaus.plexus:plexus-utils",0,3.0.24,HIGH,CWE-22 -CVE-2022-4245,2023-09-25T21:30:26Z,"codehaus-plexus vulnerable to XML injection","org.codehaus.plexus:plexus-utils",0,3.0.24,MODERATE,CWE-611;CWE-91 -CVE-2022-42466,2022-10-19T12:00:18Z,"Apache Isis Cross-site Scripting vulnerability","org.apache.isis.core:isis-core",0,2.0.0-M9,MODERATE,CWE-79 -CVE-2022-42467,2022-10-19T12:00:18Z,"Apache Isis webconsole module may directly query the database in prototype mode","org.apache.isis.core:isis-core",0,2.0.0-M8,MODERATE,CWE-1188 -CVE-2022-42468,2022-10-26T19:00:38Z,"Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL","org.apache.flume.flume-ng-sources:flume-jms-source",0,1.11.0,CRITICAL,CWE-20;CWE-502 -CVE-2022-42735,2023-02-15T12:30:26Z,"Privilege escalation in Apache ShenYu","org.apache.shenyu:shenyu-admin",0,2.5.1,HIGH,CWE-269 -CVE-2022-42889,2022-10-13T19:00:17Z,"Arbitrary code execution in Apache Commons Text","com.guicedee.services:commons-text",0,,CRITICAL,CWE-94 -CVE-2022-42889,2022-10-13T19:00:17Z,"Arbitrary code execution in Apache Commons Text","org.apache.commons:commons-text",1.5,1.10.0,CRITICAL,CWE-94 -CVE-2022-42890,2022-10-25T19:00:29Z,"Untrusted code execution in Apache XML Graphics Batik","org.apache.xmlgraphics:batik",0,1.16,HIGH,CWE-918 -CVE-2022-42920,2022-11-07T19:00:22Z,"Apache Commons BCEL vulnerable to out-of-bounds write",org.apache.bcel:bcel,0,6.6.0,CRITICAL,CWE-787 -CVE-2022-43183,2022-11-17T21:30:49Z,"XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)",com.xuxueli:xxl-job-core,0,2.3.1,HIGH,CWE-918 -CVE-2022-43396,2022-12-30T12:30:25Z,"Apache Kylin vulnerable to Command injection by Useless configuration",org.apache.kylin:kylin,2.0.0,4.0.3,HIGH,CWE-77 -CVE-2022-43401,2022-10-19T19:00:21Z,"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2803.v1a_f77ffcc773,HIGH,CWE-693 -CVE-2022-43401,2022-10-19T19:00:21Z,"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","org.jenkins-ci.plugins:script-security",0,1184.v85d16b_d851b_3,HIGH,CWE-693 -CVE-2022-43402,2022-10-19T19:00:21Z,"Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution","org.jenkins-ci.plugins.workflow:workflow-cps",0,2803.v1a_f77ffcc773,CRITICAL,CWE-693 -CVE-2022-43403,2022-10-19T19:00:21Z,"Jenkins Script Security Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:script-security",0,1184.v85d16b_d851b_3,CRITICAL,CWE-693 -CVE-2022-43404,2022-10-19T19:00:21Z,"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","org.jenkins-ci.plugins.workflow:workflow-cps",0,2803.v1a_f77ffcc773,HIGH,CWE-693 -CVE-2022-43404,2022-10-19T19:00:21Z,"Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin","org.jenkins-ci.plugins:script-security",0,1184.v85d16b_d851b_3,HIGH,CWE-693 -CVE-2022-43405,2022-10-19T19:00:21Z,"Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin","io.jenkins.plugins:pipeline-groovy-lib",0,613.v9c41a_160233f,HIGH,CWE-693 -CVE-2022-43405,2022-10-19T19:00:21Z,"Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,588.v576c103a_ff86,HIGH,CWE-693 -CVE-2022-43406,2022-10-19T19:00:21Z,"Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin","io.jenkins.plugins:pipeline-groovy-lib",0,613.v9c41a_160233f,HIGH,CWE-693 -CVE-2022-43406,2022-10-19T19:00:21Z,"Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin","org.jenkins-ci.plugins.workflow:workflow-cps-global-lib",0,588.v576c103a_ff86,HIGH,CWE-693 -CVE-2022-43407,2022-10-19T19:00:22Z,"CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin","org.jenkins-ci.plugins:pipeline-input-step",0,456.vd8a_957db_5b_e9,HIGH,CWE-838 -CVE-2022-43408,2022-10-19T19:00:18Z,"Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins","org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view",0,2.24.2,HIGH,CWE-352;CWE-838 -CVE-2022-43408,2022-10-19T19:00:18Z,"Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins","org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view",2.25,2.27,HIGH,CWE-352;CWE-838 -CVE-2022-43409,2022-10-19T19:00:22Z,"Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin","org.jenkins-ci.plugins.workflow:workflow-support",0,839.v35e2736cfd5c,HIGH,CWE-79 -CVE-2022-43410,2022-10-19T19:00:18Z,"Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin","org.jenkins-ci.plugins:mercurial",0,1260.vdfb_723cdcc81,MODERATE,CWE-200 -CVE-2022-43411,2022-10-19T19:00:22Z,"Non-constant time webhook token comparison in Jenkins GitLab Plugin","org.jenkins-ci.plugins:gitlab-plugin",0,1.5.36,LOW,CWE-203;CWE-208 -CVE-2022-43412,2022-10-19T19:00:22Z,"Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin","org.jenkins-ci.plugins:generic-webhook-trigger",0,1.84.2,LOW,CWE-203;CWE-208 -CVE-2022-43413,2022-10-19T19:00:22Z,"Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins","org.jenkins-ci.plugins:job-import-plugin",0,3.6,MODERATE,CWE-862 -CVE-2022-43414,2022-10-19T19:00:22Z,"Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure","org.jenkins-ci.plugins:nunit",0,0.28,MODERATE,CWE-693 -CVE-2022-43415,2022-10-19T19:00:18Z,"XXE vulnerability in Jenkins REPO Plugin","org.jenkins-ci.plugins:repo",0,1.16.0,HIGH,CWE-611 -CVE-2022-43416,2022-10-19T19:00:18Z,"Jenkins Katalon Plugin vulnerable to Protection Mechanism Failure","org.jenkins-ci.plugins:katalon",0,1.0.33,HIGH,CWE-693 -CVE-2022-43417,2022-10-19T19:00:18Z,"Missing permission checks in Jenkins Katalon Plugin allow capturing credentials","org.jenkins-ci.plugins:katalon",0,1.0.33,MODERATE,CWE-862 -CVE-2022-43418,2022-10-19T19:00:18Z,"CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials","org.jenkins-ci.plugins:katalon",0,1.0.34,MODERATE,CWE-352 -CVE-2022-43419,2022-10-19T19:00:18Z,"API keys stored in plain text by Jenkins Katalon Plugin","org.jenkins-ci.plugins:katalon",0,1.0.33,MODERATE,CWE-256;CWE-522 -CVE-2022-43420,2022-10-19T19:00:18Z,"Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin","org.jenkins-ci.plugins:contrast-continuous-application-security",0,3.10,HIGH,CWE-79 -CVE-2022-43421,2022-10-19T19:00:22Z,"Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value","org.jenkins-ci.plugins:tuleap-git-branch-source",0,3.2.5,MODERATE,CWE-862 -CVE-2022-43422,2022-10-19T19:00:18Z,"Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin","com.compuware.jenkins:compuware-topaz-utilities",0,1.0.9,MODERATE,CWE-693 -CVE-2022-43423,2022-10-19T19:00:22Z,"Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin","com.compuware.jenkins:compuware-scm-downloader",0,2.0.13,MODERATE,CWE-693 -CVE-2022-43424,2022-10-19T19:00:22Z,"Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin","com.compuware.jenkins:compuware-xpediter-code-coverage",0,1.0.8,MODERATE,CWE-693 -CVE-2022-43425,2022-10-19T19:00:22Z,"Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin","io.jenkins.plugins:custom-checkbox-parameter",0,,HIGH,CWE-79 -CVE-2022-43426,2022-10-19T19:00:18Z,"AWS secrets displayed without masking by Jenkins S3 Explorer Plugin","io.jenkins.plugins:s3explorer",0,,LOW,CWE-549 -CVE-2022-43427,2022-10-19T19:00:18Z,"Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins","com.compuware.jenkins:compuware-topaz-for-total-test",0,2.4.9,MODERATE,CWE-862 -CVE-2022-43428,2022-10-19T19:00:22Z,"Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin","com.compuware.jenkins:compuware-topaz-for-total-test",0,2.4.9,HIGH,CWE-693 -CVE-2022-43429,2022-10-19T19:00:22Z,"Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure","com.compuware.jenkins:compuware-topaz-for-total-test",0,,HIGH,CWE-693 -CVE-2022-43430,2022-10-19T19:00:18Z,"XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin","com.compuware.jenkins:compuware-topaz-for-total-test",0,2.4.9,HIGH,CWE-611 -CVE-2022-43431,2022-10-19T19:00:22Z,"Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability","com.compuware.jenkins:compuware-strobe-measurement",0,1.0.2,MODERATE,CWE-862 -CVE-2022-43432,2022-10-19T19:00:22Z,"Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin","org.jenkins-ci.plugins:xframium",0,,HIGH,CWE-693 -CVE-2022-43433,2022-10-19T19:00:22Z,"Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin","io.jenkins.plugins:screenrecorder",0,,HIGH,CWE-693 -CVE-2022-43434,2022-10-19T19:00:18Z,"Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin","io.jenkins.plugins:neuvector-vulnerability-scanner",0,1.22,HIGH,CWE-693 -CVE-2022-43435,2022-10-19T19:00:18Z,"Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin","org.jenkins-ci.plugins.plugin:fireline",0,,HIGH,CWE-693 -CVE-2022-4348,2022-12-08T09:30:30Z,"RuoYi-Cloud Cross-site Scripting vulnerability",com.ruoyi:ruoyi-common,0,,MODERATE,CWE-79 -CVE-2022-43484,2022-12-05T06:30:21Z,"TERASOLUNA Server Framework vulnerable to ClassLoader manipulation","org.terasoluna.gfw:terasoluna-gfw-common",0,1.0.1.RELEASE,HIGH,CWE-20 -CVE-2022-4350,2022-12-08T12:30:26Z,"Mingsoft MCMS vulnerable to Cross-site Scripting",net.mingsoft:ms-mcms,0,,MODERATE,CWE-79 -CVE-2022-4361,2023-06-30T20:30:50Z,"Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC","org.keycloak:keycloak-services",0,21.1.2,CRITICAL,CWE-79;CWE-81 -CVE-2022-43670,2022-11-02T19:00:31Z,"Apache Sling App CMS vulnerable to Cross-site Scripting","org.apache.sling:org.apache.sling.cms",0,1.1.2,MODERATE,CWE-79 -CVE-2022-4375,2022-12-09T09:30:30Z,"Mingsoft MCMS vulnerable to SQL Injection",net.mingsoft:ms-mcms,0,5.2.10,CRITICAL,CWE-89 -CVE-2022-43766,2022-10-26T19:00:39Z,"Apache IoTDB subject to ReDOS with Java 8","org.apache.iotdb:flink-tsfile-connector",0.12.2,0.13.3,HIGH,CWE-400 -CVE-2022-43766,2022-10-26T19:00:39Z,"Apache IoTDB subject to ReDOS with Java 8","org.apache.iotdb:iotdb-server",0.12.2,0.13.3,HIGH,CWE-400 -CVE-2022-43766,2022-10-26T19:00:39Z,"Apache IoTDB subject to ReDOS with Java 8",org.apache.iotdb:tsfile,0.12.2,0.13.3,HIGH,CWE-400 -CVE-2022-44244,2022-11-10T12:01:09Z,"Lin CMS vulnerable to Improper Authentication","io.github.talelin:lin-cms-core",0,,MODERATE,CWE-287 -CVE-2022-44262,2022-12-01T06:30:26Z,"ff4j is vulnerable to Remote Code Execution (RCE)",org.ff4j:ff4j-core,1.8.1,1.9,CRITICAL,CWE-94 -CVE-2022-44621,2022-12-30T12:30:25Z,"Apache Kylin vulnerable to Command injection by Diagnosis Controller","org.apache.kylin:kylin-server-base",2.0.0,4.0.3,CRITICAL,CWE-77 -CVE-2022-44644,2023-01-31T12:30:24Z,"Apache Linkis vulnerable to Exposure of Sensitive Information",org.apache.linkis:linkis,0,1.3.1,MODERATE,CWE-20;CWE-200;CWE-312 -CVE-2022-44645,2023-01-31T12:30:24Z,"Apache Linkis contains Deserialization of Untrusted Data",org.apache.linkis:linkis,0,1.3.1,HIGH,CWE-502 -CVE-2022-44729,2023-08-22T21:30:26Z,"Apache XML Graphics Batik Server-Side Request Forgery vulnerability","org.apache.xmlgraphics:batik-bridge",1.0,1.17,HIGH,CWE-918 -CVE-2022-44729,2023-08-22T21:30:26Z,"Apache XML Graphics Batik Server-Side Request Forgery vulnerability","org.apache.xmlgraphics:batik-svgrasterizer",1.0,1.17,HIGH,CWE-918 -CVE-2022-44729,2023-08-22T21:30:26Z,"Apache XML Graphics Batik Server-Side Request Forgery vulnerability","org.apache.xmlgraphics:batik-transcoder",1.0,1.17,HIGH,CWE-918 -CVE-2022-44730,2023-08-22T21:30:26Z,"Apache Batik information disclosure vulnerability","org.apache.xmlgraphics:batik-script",1.0,1.17,MODERATE,CWE-918 -CVE-2022-4492,2023-02-23T21:30:16Z,"Undertow client not checking server identity presented by server certificate in https connections","io.undertow:undertow-core",0,2.2.24.Final,CRITICAL, -CVE-2022-4492,2023-02-23T21:30:16Z,"Undertow client not checking server identity presented by server certificate in https connections","io.undertow:undertow-core",2.3.0,2.3.5.Final,CRITICAL, -CVE-2022-4493,2022-12-14T12:30:42Z,"SCIFIO vulnerable to Path Traversal",io.scif:scifio,0,0.43.3,CRITICAL,CWE-22 -CVE-2022-45046,2022-12-05T15:30:28Z,"camel-ldap component allows LDAP Injection when using the filter option","org.apache.camel:camel-ldap",0,3.14.6,CRITICAL,CWE-90 -CVE-2022-45046,2022-12-05T15:30:28Z,"camel-ldap component allows LDAP Injection when using the filter option","org.apache.camel:camel-ldap",3.15.0,3.18.4,CRITICAL,CWE-90 -CVE-2022-45047,2022-11-16T12:00:18Z,"Unsafe deserialization in Apache MINA SSHD","org.apache.sshd:sshd-common",0,2.9.2,CRITICAL,CWE-502 -CVE-2022-45047,2022-11-16T12:00:18Z,"Unsafe deserialization in Apache MINA SSHD","org.apache.sshd:sshd-core",0,2.9.2,CRITICAL,CWE-502 -CVE-2022-45048,2023-07-06T21:14:54Z,"Apache Ranger code execution vulnerability in policy expressions",org.apache.ranger:ranger,2.3.0,2.4.0,HIGH,CWE-74 -CVE-2022-45064,2023-04-13T12:30:35Z,"Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation","org.apache.sling:org.apache.sling.engine",0,2.14.0,HIGH,CWE-79 -CVE-2022-45135,2023-11-30T09:30:32Z,"Apache Cocoon SQL Injection vulnerability",org.apache.cocoon:cocoon,2.2.0,2.3.0,CRITICAL,CWE-89 -CVE-2022-45136,2022-11-14T19:00:19Z,"Apache Jena vulnerable to Deserialization of Untrusted Data",org.apache.jena:jena-sdb,0,,CRITICAL,CWE-502 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat.embed:tomcat-embed-core",10.1.0,10.1.2,HIGH,CWE-116;CWE-74 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat.embed:tomcat-embed-core",8.5.83,8.5.84,HIGH,CWE-116;CWE-74 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat.embed:tomcat-embed-core",9.0.40,9.0.69,HIGH,CWE-116;CWE-74 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat:tomcat-catalina",10.1.0,10.1.2,HIGH,CWE-116;CWE-74 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat:tomcat-util",8.5.83,8.5.84,HIGH,CWE-116;CWE-74 -CVE-2022-45143,2023-01-03T21:30:21Z,"Apache Tomcat improperly escapes input from JsonErrorReportValve","org.apache.tomcat:tomcat-util",9.0.40,9.0.69,HIGH,CWE-116;CWE-74 -CVE-2022-45146,2022-11-21T12:30:17Z,"Garbage collection issue in BC-FJA in Java 13 and later",org.bouncycastle:bc-fips,0,1.0.2.4,MODERATE,CWE-416 -CVE-2022-4520,2022-12-15T21:30:26Z,"WSO2 carbon-registry Cross-site Scripting vulnerability","org.wso2.carbon.registry:carbon-registry",0,4.8.12,MODERATE,CWE-79 -CVE-2022-45206,2022-11-25T18:30:25Z,"Jeecg-boot vulnerable to SQL Injection","org.jeecgframework.boot:jeecg-boot-common",0,3.4.4,CRITICAL,CWE-89 -CVE-2022-45207,2022-11-25T18:30:25Z,"Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString","org.jeecgframework.boot:jeecg-boot-common",0,3.4.4,CRITICAL,CWE-89 -CVE-2022-45208,2022-11-25T18:30:25Z,"Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin","org.jeecgframework.boot:jeecg-boot-common",0,3.4.4,MODERATE,CWE-89 -CVE-2022-4521,2022-12-15T21:30:26Z,"WSO2 carbon-registry vulnerable to Cross-site Scripting","org.wso2.carbon.registry:carbon-registry",0,4.8.7,MODERATE,CWE-79 -CVE-2022-45210,2022-11-25T18:30:25Z,"Jeecg-boot vulnerable to SQL Injection","org.jeecgframework.boot:jeecg-boot-common",0,3.4.4,MODERATE,CWE-89 -CVE-2022-45347,2022-12-22T12:30:16Z,"Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability","org.apache.shardingsphere:shardingsphere-proxy",0,5.3.0,CRITICAL,CWE-459 -CVE-2022-45378,2022-11-14T19:00:19Z,"Apache SOAP contains unauthenticated RPCRouterServlet",soap:soap,0.0.0,,CRITICAL,CWE-287;CWE-306;CWE-502 -CVE-2022-45379,2022-11-16T12:00:22Z,"Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions","org.jenkins-ci.plugins:script-security",0,1190.v65867a_a_47126,HIGH,CWE-326;CWE-328 -CVE-2022-45380,2022-11-16T12:00:22Z,"Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion","org.jenkins-ci.plugins:junit",0,1160.vf1f01a_a_ea_b_7f,HIGH,CWE-79 -CVE-2022-45381,2022-11-16T12:00:22Z,"Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin","org.jenkins-ci.plugins:pipeline-utility-steps",0,2.13.2,HIGH,CWE-22 -CVE-2022-45382,2022-11-16T12:00:22Z,"Cross-site Scripting in Jenkins Naginator Plugin","org.jenkins-ci.plugins:naginator",0,1.18.2,MODERATE,CWE-79 -CVE-2022-45383,2022-11-16T12:00:22Z,"Incorrect permission checks in Jenkins Support Core Plugin","org.jenkins-ci.plugins:support-core",0,"1206.1208.v9b_7a_1d48db_0f",MODERATE,CWE-276;CWE-863 -CVE-2022-45384,2022-11-16T12:00:23Z,"Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords","org.jenkins-ci.main:reverse-proxy-auth-plugin",1.7.3,1.7.4,MODERATE,CWE-256;CWE-522 -CVE-2022-45385,2022-11-16T12:00:23Z,"Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin","org.jenkins-ci.plugins:dockerhub-notification",0,2.6.2.1,MODERATE,CWE-862 -CVE-2022-45386,2022-11-16T12:00:23Z,"XML External Entity Reference in Jenkins Violations Plugin","org.jenkins-ci.plugins:violations",0,,MODERATE,CWE-611 -CVE-2022-45387,2022-11-16T12:00:23Z,"Jenkins BART Plugin vulnerable to cross-site scripting (XSS)","org.jenkins-ci.plugins:bart",0,,HIGH,CWE-79 -CVE-2022-45388,2022-11-16T12:00:23Z,"Jenkins Config Rotator Plugin vulnerable to path traversal","org.jenkins-ci.main:config-rotator",0,,HIGH,CWE-22 -CVE-2022-45389,2022-11-16T12:00:23Z,"Missing Authorization in Jenkins XP-Dev Plugin","com.cloudbees.jenkins.plugins:xpdev",0,,MODERATE,CWE-862 -CVE-2022-45390,2022-11-16T12:00:23Z,"Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs","io.loader:loaderio-jenkins-plugin",0,,MODERATE,CWE-862 -CVE-2022-45391,2022-11-16T12:00:23Z,"Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.146,MODERATE,CWE-295 -CVE-2022-45392,2022-11-16T12:00:23Z,"Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.8.0.146,MODERATE,CWE-256;CWE-522 -CVE-2022-45393,2022-11-16T12:00:23Z,"Cross-Site Request Forgery in Jenkins Delete log Plugin","org.jenkins-ci.plugins:delete-log-plugin",0,,MODERATE,CWE-352 -CVE-2022-45394,2022-11-16T12:00:23Z,"Missing permission check in Jenkins Delete log Plugin","org.jenkins-ci.plugins:delete-log-plugin",0,,MODERATE,CWE-862 -CVE-2022-45395,2022-11-16T12:00:23Z,"XML External Entity Reference in Jenkins CCCC Plugin","com.thalesgroup.jenkins-ci.plugins:cccc",0,,CRITICAL,CWE-611 -CVE-2022-45396,2022-11-16T12:00:23Z,"XXE vulnerability on agents in Jenkins SourceMonitor Plugin","com.thalesgroup.hudson.plugins:sourcemonitor",0,,MODERATE,CWE-611 -CVE-2022-45397,2022-11-16T12:00:23Z,"XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin","org.jenkins-ci:update-center2",0,,MODERATE,CWE-611 -CVE-2022-45398,2022-11-16T12:00:23Z,"Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin","org.zeroturnaround:cluster-stats",0,,MODERATE,CWE-352 -CVE-2022-45399,2022-11-16T12:00:23Z,"Jenkins Cluster Statistics Plugin Missing Authorization vulnerability","org.zeroturnaround:cluster-stats",0,,MODERATE,CWE-862 -CVE-2022-45400,2022-11-16T12:00:23Z,"XXE vulnerability in Jenkins JAPEX Plugin","org.jvnet.hudson.plugins:japex",0,,HIGH,CWE-611 -CVE-2022-45401,2022-11-16T12:00:23Z,"Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)","org.jenkins-ci.main:associated-files-plugin",0,,HIGH,CWE-79 -CVE-2022-45462,2022-11-23T09:30:24Z,"Command injection in Apache DolphinScheduler Alert Plugins","org.apache.dolphinscheduler:dolphinscheduler-alert-plugins",0,2.0.6,CRITICAL,CWE-77 -CVE-2022-45470,2022-11-21T18:30:38Z,"Cross-site Scripting in Apache Hama","org.apache.hama:hama-core",0,,HIGH,CWE-20;CWE-79 -CVE-2022-4565,2022-12-16T21:30:44Z,"HuTool vulnerable to Uncontrolled Resource Consumption",cn.hutool:hutool-core,0,5.8.11,HIGH,CWE-400;CWE-404 -CVE-2022-45685,2022-12-13T15:30:26Z,"Jettison Out-of-bounds Write vulnerability","org.codehaus.jettison:jettison",0,1.5.2,HIGH,CWE-787 -CVE-2022-45688,2022-12-13T15:30:26Z,"json stack overflow vulnerability",cn.hutool:hutool-json,0,5.8.25,HIGH,CWE-787 -CVE-2022-45688,2022-12-13T15:30:26Z,"json stack overflow vulnerability",org.json:json,0,20230227,HIGH,CWE-787 -CVE-2022-45689,2022-12-13T15:30:26Z,"hutool-json vulnerable to memory exhaustion",cn.hutool:hutool-json,0,,LOW,CWE-400 -CVE-2022-45690,2022-12-13T15:30:26Z,"hutool-json stack overflow vulnerability",cn.hutool:hutool-json,0,5.8.11,MODERATE, -CVE-2022-45693,2022-12-13T15:30:27Z,"Jettison Out-of-bounds Write vulnerability","org.codehaus.jettison:jettison",0,1.5.2,HIGH,CWE-787 -CVE-2022-45787,2023-01-06T12:31:34Z,"Apache James MIME4J vulnerable to information disclosure to local users","org.apache.james:apache-mime4j-storage",0,0.8.9,MODERATE,CWE-200;CWE-312 -CVE-2022-45801,2023-05-01T15:30:26Z,"Apache StreamPark LDAP Injection vulnerability","org.apache.streampark:streampark",1.0.0,2.0.0,MODERATE,CWE-74 -CVE-2022-45802,2023-07-06T19:24:19Z,"Apache StreamPark Path Traversal vulnerability","org.apache.streampark:streampark-common_2.11",0,2.0.0,CRITICAL,CWE-22;CWE-434 -CVE-2022-45802,2023-07-06T19:24:19Z,"Apache StreamPark Path Traversal vulnerability","org.apache.streampark:streampark-common_2.12",0,2.0.0,CRITICAL,CWE-22;CWE-434 -CVE-2022-45855,2023-07-12T12:31:35Z,"Apache Ambari Expression Language Injection vulnerability",org.apache.ambari:ambari,2.7.0,2.7.7,HIGH,CWE-917 -CVE-2022-45868,2022-11-23T21:30:31Z,"Password exposure in H2 Database ",com.h2database:h2,1.4.198,2.2.220,HIGH,CWE-200;CWE-312 -CVE-2022-45875,2023-01-04T15:30:19Z,"Apache DolphinScheduler vulnerable to Improper Input Validation","org.apache.dolphinscheduler:dolphinscheduler",0,3.0.2,CRITICAL,CWE-20 -CVE-2022-45875,2023-01-04T15:30:19Z,"Apache DolphinScheduler vulnerable to Improper Input Validation","org.apache.dolphinscheduler:dolphinscheduler",3.1.0,3.1.1,CRITICAL,CWE-20 -CVE-2022-45921,2022-11-28T21:30:21Z,"FusionAuth vulnerable to directory traversal attack","io.fusionauth:fusionauth-java-client",1.37.0,1.41.3,HIGH,CWE-22 -CVE-2022-45935,2023-01-06T12:31:34Z,"Apache James server allows an attacker with local access to access private user data in transit","org.apache.james:james-server",0,,MODERATE,CWE-200;CWE-319;CWE-668 -CVE-2022-46166,2022-12-09T20:19:32Z,"Spring Boot Admins integrated notifier support allows arbitrary code execution","de.codecentric:spring-boot-admin",0,2.6.10,HIGH,CWE-94 -CVE-2022-46166,2022-12-09T20:19:32Z,"Spring Boot Admins integrated notifier support allows arbitrary code execution","de.codecentric:spring-boot-admin",2.7.0,2.7.8,HIGH,CWE-94 -CVE-2022-46166,2022-12-09T20:19:32Z,"Spring Boot Admins integrated notifier support allows arbitrary code execution","de.codecentric:spring-boot-admin",3.0.0-M1,3.0.0-M6,HIGH,CWE-94 -CVE-2022-46178,2022-12-30T18:03:47Z,"Path Traversal In MeterSpere leads to upload file to any path","io.metersphere:metersphere",0,2.5.1,HIGH,CWE-22 -CVE-2022-46337,2023-11-20T09:30:31Z,"Apache Derby: LDAP injection vulnerability in authenticator",org.apache.derby:derby,10.1.1.0,10.14.3,CRITICAL,CWE-74;CWE-94 -CVE-2022-46337,2023-11-20T09:30:31Z,"Apache Derby: LDAP injection vulnerability in authenticator",org.apache.derby:derby,10.15.0.0,10.15.2.1,CRITICAL,CWE-74;CWE-94 -CVE-2022-46337,2023-11-20T09:30:31Z,"Apache Derby: LDAP injection vulnerability in authenticator",org.apache.derby:derby,10.16.0.0,10.16.1.2,CRITICAL,CWE-74;CWE-94 -CVE-2022-46337,2023-11-20T09:30:31Z,"Apache Derby: LDAP injection vulnerability in authenticator",org.apache.derby:derby,10.17.0.0,10.17.1.0,CRITICAL,CWE-74;CWE-94 -CVE-2022-46363,2022-12-13T15:30:27Z,"Apache CXF vulnerable to Exposure of Sensitive Information",org.apache.cxf:cxf-core,0,3.4.10,HIGH,CWE-20;CWE-200 -CVE-2022-46363,2022-12-13T15:30:27Z,"Apache CXF vulnerable to Exposure of Sensitive Information",org.apache.cxf:cxf-core,3.5.0,3.5.5,HIGH,CWE-20;CWE-200 -CVE-2022-46364,2022-12-13T18:30:26Z,"Apache CXF Server-Side Request Forgery vulnerability",org.apache.cxf:cxf-core,0,3.4.10,CRITICAL,CWE-918 -CVE-2022-46364,2022-12-13T18:30:26Z,"Apache CXF Server-Side Request Forgery vulnerability",org.apache.cxf:cxf-core,3.5.0,3.5.5,CRITICAL,CWE-918 -CVE-2022-46365,2023-07-06T19:24:19Z,"Apache StreamPark Improper Input Validation vulnerability","org.apache.streampark:streampark",1.0.0,2.0.0,CRITICAL,CWE-20 -CVE-2022-46366,2022-12-02T15:30:26Z,"Apache Tapestry allows deserialization of untrusted data","org.apache.tapestry:tapestry-core",3.0,5.0.1,CRITICAL,CWE-502 -CVE-2022-4640,2022-12-22T00:30:36Z,"Mingsoft MCMS Cross-site Scripting vulnerability",net.mingsoft:ms-mcms,0,,MODERATE,CWE-79 -CVE-2022-46682,2022-12-12T09:30:35Z,"Jenkins Plot Plugin XML External Entity Reference vulnerability","org.jenkins-ci.plugins:plot",0,2.1.12,HIGH,CWE-611 -CVE-2022-46683,2022-12-12T09:30:35Z,"Jenkins Google Login Plugin Open Redirect vulnerability","org.jenkins-ci.plugins:google-login",1.4,1.7,MODERATE,CWE-601 -CVE-2022-46684,2022-12-12T09:30:35Z,"Stored XSS vulnerability in Jenkins Checkmarx Plugin","com.checkmarx.jenkins:checkmarx",0,2022.4.3,HIGH,CWE-79 -CVE-2022-46685,2022-12-12T09:30:35Z,"Jenkins Gitea Plugin vulnerable to Cleartext Transmission of Sensitive Information","org.jenkins-ci.plugins:gitea",0,1.4.5,MODERATE,CWE-319 -CVE-2022-46686,2022-12-12T09:30:35Z,"Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting","io.jenkins.plugins:custom-build-properties",0,2.82.v16d5b,HIGH,CWE-79 -CVE-2022-46687,2022-12-12T09:30:35Z,"Cross-site Scripting in Jenkins Spring Config Plugin","io.jenkins.plugins:spring-config",0,2.0.1,HIGH,CWE-79 -CVE-2022-46688,2022-12-12T09:30:35Z,"Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:sonar-gerrit",0,378.vf4646d4df087,MODERATE,CWE-352 -CVE-2022-46751,2023-08-21T09:30:21Z,"Apache Ivy External Entity Reference vulnerability",org.apache.ivy:ivy,0,2.5.2,HIGH,CWE-611 -CVE-2022-46769,2023-01-09T12:30:18Z,"Apache Sling App CMS vulnerable to reflected Cross-site Scripting","org.apache.sling:org.apache.sling.cms",0,1.1.4,MODERATE,CWE-79 -CVE-2022-46870,2022-12-20T21:30:19Z,"Apache Zeppelin Cross-site Scripting vulnerability","org.apache.zeppelin:zeppelin",0,0.8.2,MODERATE,CWE-79 -CVE-2022-46907,2023-05-25T09:30:25Z,"Apache JSPWiki vulnerable to cross-site scripting on several plugins","org.apache.jspwiki:jspwiki-main",0,2.12.0,MODERATE,CWE-79 -CVE-2022-46907,2023-05-25T09:30:25Z,"Apache JSPWiki vulnerable to cross-site scripting on several plugins","org.apache.jspwiki:jspwiki-war",0,2.12.0,MODERATE,CWE-79 -CVE-2022-47042,2023-01-26T21:30:20Z,"Arbitrary file write in net.mingsoft:ms-mcms",net.mingsoft:ms-mcms,0,5.2.11,HIGH,CWE-434 -CVE-2022-47105,2023-01-19T18:30:21Z,"Jeecg-boot is vulnerable to SQL injection ","org.jeecgframework.boot:jeecg-boot-base-core",0,,CRITICAL,CWE-89 -CVE-2022-47105,2023-01-19T18:30:21Z,"Jeecg-boot is vulnerable to SQL injection ","org.jeecgframework.boot:jeecg-module-system",0,,CRITICAL,CWE-89 -CVE-2022-4725,2022-12-27T15:30:19Z,"AWS SDK is vulnerable to server-side request forgery (SSRF) ","com.amazonaws:aws-android-sdk-mobile-client",0,2.59.1,CRITICAL,CWE-918 -CVE-2022-47500,2022-12-19T12:30:23Z,"Apache Helix UI vulnerable to Open Redirect",org.apache.helix:helix,0.8.0,1.1.0,MODERATE,CWE-601 -CVE-2022-47551,2023-01-03T12:28:06Z,"Apiman has potential permissions bypass","io.apiman:apiman-manager-api-rest-impl",1.5.7,3.0.0.Final,HIGH, -CVE-2022-4772,2022-12-28T00:30:22Z,"Widoco Path Traversal vulnerability","com.github.dgarijo:Widoco",0,,HIGH,CWE-22 -CVE-2022-47894,2024-04-09T12:30:47Z,"Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE",org.apache.zeppelin:sap,0.8.0,0.11.0,MODERATE,CWE-20;CWE-611 -CVE-2022-47937,2023-05-15T12:30:16Z,"Apache Sling Commons JSON bundle vulnerable to Improper Input Validation","org.apache.sling:org.apache.sling.commons.json",0,,CRITICAL,CWE-20 -CVE-2022-4903,2023-02-10T15:30:28Z,"CodenameOne Pending Intent vulnerability","com.codenameone:codenameone-core",0,7.0.71,CRITICAL,CWE-668;CWE-927 -CVE-2022-4963,2024-03-21T03:36:44Z,"SQL injection in Folio Spring Module Core","org.folio:spring-module-core",0,2.0.0,MODERATE,CWE-89 -CVE-2023-0044,2023-02-23T21:30:16Z,"Cross-site Scripting in Quarkus","io.quarkus:quarkus-vertx-http",0,2.13.7.Final,MODERATE,CWE-79 -CVE-2023-0091,2023-01-12T23:39:39Z,"Keycloak has lack of validation of access token on client registrations endpoint","org.keycloak:keycloak-core",0,20.0.3,MODERATE,CWE-284;CWE-863 -CVE-2023-0100,2023-03-15T15:30:22Z,"Improper Input Validation In Eclipse BIRT","org.eclipse.birt:org.eclipse.birt.report.viewer",2.6.2,4.13,HIGH,CWE-20 -CVE-2023-0105,2023-07-18T19:12:28Z,"Keycloak: Impersonation and lockout possible through incorrect handling of email trust","org.keycloak:keycloak-core",0,22.0.1,MODERATE,CWE-287;CWE-841 -CVE-2023-0264,2023-03-02T23:25:43Z,"Keycloak vulnerable to user impersonation via stolen UUID code","org.keycloak:keycloak-services",0,21.0.1,HIGH,CWE-287;CWE-345 -CVE-2023-0481,2023-02-24T18:30:25Z,"RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions","io.quarkus.resteasy.reactive:resteasy-reactive-common",0,3.0.0.Alpha4,LOW,CWE-378;CWE-668 -CVE-2023-0482,2023-02-18T00:31:59Z,"Insecure Temporary File in RESTEasy","org.jboss.resteasy:resteasy-undertow",0,,MODERATE,CWE-378 -CVE-2023-0657,2024-04-17T18:25:59Z,"Keycloak vulnerable to impersonation via logout token exchange","org.keycloak:keycloak-services",0,22.0.10,LOW,"CWE-273;CWE-284;CWE-287;CWE-290;CWE-347" -CVE-2023-0657,2024-04-17T18:25:59Z,"Keycloak vulnerable to impersonation via logout token exchange","org.keycloak:keycloak-services",23.0.0,24.0.3,LOW,"CWE-273;CWE-284;CWE-287;CWE-290;CWE-347" -CVE-2023-0674,2023-02-04T09:30:20Z,"Cross-Site Request Forgery in XXL Job",com.xuxueli:xxl-job,0,,MODERATE,CWE-352 -CVE-2023-0815,2023-02-23T15:33:05Z,"OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability",org.opennms:opennms,0,31.0.4,MODERATE,CWE-532 -CVE-2023-0846,2023-02-22T21:30:39Z,"OpenNMS Horizon and Meridian vulnerable to Cross-site Scripting",org.opennms:opennms,0,31.0.3,MODERATE,CWE-79 -CVE-2023-0867,2023-02-23T15:33:05Z,"OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting",org.opennms:opennms,0,31.0.4,MODERATE,CWE-79 -CVE-2023-0868,2023-02-23T15:33:05Z,"OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting","org.opennms:opennms-webapp",0,31.0.4,MODERATE,CWE-79 -CVE-2023-0869,2023-02-23T15:33:05Z,"Cross Site Scripting in OpenNMS","org.opennms:opennms-web-api",0,,MODERATE,CWE-79 -CVE-2023-0870,2023-03-22T21:30:17Z,"OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery","org.opennms:opennms-webapp",0,31.0.6,MODERATE,CWE-352 -CVE-2023-0871,2023-08-11T18:31:49Z,"OpenNMS Horizon XXE Injection Vulnerability","org.opennms.core:org.opennms.core.xml",31.0.8,32.0.2,HIGH,CWE-611 -CVE-2023-0872,2023-08-14T18:32:59Z,"OpenNMS privilege elevation vulnerability","org.opennms:opennms-webapp-rest",31.0.8,32.0.2,HIGH,CWE-269 -CVE-2023-1108,2023-09-14T15:31:23Z,"Undertow denial of service vulnerability","io.undertow:undertow-core",0,2.2.24.Final,HIGH,CWE-835 -CVE-2023-1108,2023-09-14T15:31:23Z,"Undertow denial of service vulnerability","io.undertow:undertow-core",2.3.0,2.3.5.Final,HIGH,CWE-835 -CVE-2023-1370,2023-03-23T20:32:03Z,"json-smart Uncontrolled Recursion vulnerabilty",net.minidev:json-smart,0,2.4.9,HIGH,CWE-674 -CVE-2023-1419,2024-11-17T12:30:29Z,"Debezium database connector has a script injection vulnerability","io.debezium:debezium-connector-mysql",0,2.3.0.Alpha1,MODERATE,CWE-233 -CVE-2023-1419,2024-11-17T12:30:29Z,"Debezium database connector has a script injection vulnerability","io.debezium:debezium-connector-sqlserver",0,2.3.0.Alpha1,MODERATE,CWE-233 -CVE-2023-1419,2024-11-17T12:30:29Z,"Debezium database connector has a script injection vulnerability","io.debezium:debezium-core",0,2.3.0.Alpha1,MODERATE,CWE-233 -CVE-2023-1428,2023-07-06T21:15:08Z,"gRPC Reachable Assertion issue",io.grpc:grpc-protobuf,0,1.53.0,HIGH,CWE-617 -CVE-2023-1436,2023-03-22T06:30:21Z,"Jettison vulnerable to infinite recursion","org.codehaus.jettison:jettison",0,1.5.4,HIGH,CWE-674 -CVE-2023-1454,2023-03-17T09:30:19Z,"jeecg-boot SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-common",0,,CRITICAL,CWE-89 -CVE-2023-1584,2023-10-04T12:30:14Z,"Quarkus OIDC can leak both ID and access tokens",io.quarkus:quarkus-oidc,0,2.13.0.Final,HIGH,CWE-200 -CVE-2023-1584,2023-10-04T12:30:14Z,"Quarkus OIDC can leak both ID and access tokens",io.quarkus:quarkus-oidc,3.0.0,3.1.0.Final,HIGH,CWE-200 -CVE-2023-1664,2023-06-30T20:30:30Z,"Keycloak Untrusted Certificate Validation vulnerability","org.keycloak:keycloak-core",0,21.1.2,MODERATE,CWE-295 -CVE-2023-1741,2023-03-31T00:30:18Z,"jeecg-boot vulnerable to SQL injection","org.jeecgframework.boot:jeecg-boot-parent",0,,CRITICAL,CWE-89 -CVE-2023-1784,2023-03-31T21:30:37Z,"jeecg-boot vulnerable to improper authentication ","org.jeecgframework.boot:jeecg-boot-parent",0,,CRITICAL,CWE-287 -CVE-2023-1932,2024-11-07T12:30:34Z,"hibernate-validator Cross-site Scripting vulnerability","org.hibernate.validator:hibernate-validator",0,6.2.0.Final,MODERATE,CWE-79 -CVE-2023-1973,2024-11-07T12:30:34Z,"Undertow Denial of Service vulnerability","io.undertow:undertow-core",0,2.2.32.Final,MODERATE,CWE-20;CWE-400 -CVE-2023-1973,2024-11-07T12:30:34Z,"Undertow Denial of Service vulnerability","io.undertow:undertow-core",2.3.0.Alpha1,2.3.13.Final,MODERATE,CWE-20;CWE-400 -CVE-2023-20859,2023-03-23T21:30:19Z,"Spring Vault vulnerable to insertion of sensitive information into a log file","org.springframework.vault:spring-vault-core",0,2.3.3,MODERATE,CWE-532 -CVE-2023-20859,2023-03-23T21:30:19Z,"Spring Vault vulnerable to insertion of sensitive information into a log file","org.springframework.vault:spring-vault-core",3.0.0,3.0.2,MODERATE,CWE-532 -CVE-2023-20860,2023-03-28T00:34:28Z,"Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch","org.springframework:spring",5.3.0,5.3.26,CRITICAL, -CVE-2023-20860,2023-03-28T00:34:28Z,"Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch","org.springframework:spring",6.0.0,6.0.7,CRITICAL, -CVE-2023-20861,2023-03-23T21:30:19Z,"Spring Framework vulnerable to denial of service via specially crafted SpEL expression","org.springframework:spring-expression",0,5.2.23.RELEASE,MODERATE,CWE-917 -CVE-2023-20861,2023-03-23T21:30:19Z,"Spring Framework vulnerable to denial of service via specially crafted SpEL expression","org.springframework:spring-expression",5.3.0,5.3.26,MODERATE,CWE-917 -CVE-2023-20861,2023-03-23T21:30:19Z,"Spring Framework vulnerable to denial of service via specially crafted SpEL expression","org.springframework:spring-expression",6.0.0,6.0.7,MODERATE,CWE-917 -CVE-2023-20862,2023-04-19T21:30:26Z,"Spring Security logout not clearing security context","org.springframework.security:spring-security-core",5.7.0,5.7.8,MODERATE,CWE-459 -CVE-2023-20862,2023-04-19T21:30:26Z,"Spring Security logout not clearing security context","org.springframework.security:spring-security-core",5.8.0,5.8.3,MODERATE,CWE-459 -CVE-2023-20862,2023-04-19T21:30:26Z,"Spring Security logout not clearing security context","org.springframework.security:spring-security-core",6.0.0,6.0.3,MODERATE,CWE-459 -CVE-2023-20863,2023-04-13T21:30:27Z,"Spring Framework vulnerable to denial of service","org.springframework:spring-expression",0,5.2.24.RELEASE,HIGH,CWE-400;CWE-770;CWE-917 -CVE-2023-20863,2023-04-13T21:30:27Z,"Spring Framework vulnerable to denial of service","org.springframework:spring-expression",5.3.0,5.3.27,HIGH,CWE-400;CWE-770;CWE-917 -CVE-2023-20863,2023-04-13T21:30:27Z,"Spring Framework vulnerable to denial of service","org.springframework:spring-expression",6.0.0,6.0.8,HIGH,CWE-400;CWE-770;CWE-917 -CVE-2023-20866,2023-04-13T21:30:27Z,"Spring Session session ID can be logged to the standard output stream","org.springframework.session:spring-session-core",3.0.0,3.0.1,MODERATE,CWE-200 -CVE-2023-20873,2023-04-20T21:33:27Z,"Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry","org.springframework.boot:spring-boot-actuator-autoconfigure",0,2.5.15,CRITICAL, -CVE-2023-20873,2023-04-20T21:33:27Z,"Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry","org.springframework.boot:spring-boot-actuator-autoconfigure",2.6.0,2.6.15,CRITICAL, -CVE-2023-20873,2023-04-20T21:33:27Z,"Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry","org.springframework.boot:spring-boot-actuator-autoconfigure",2.7.0,2.7.11,CRITICAL, -CVE-2023-20873,2023-04-20T21:33:27Z,"Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry","org.springframework.boot:spring-boot-actuator-autoconfigure",3.0.0,3.0.6,CRITICAL, -CVE-2023-20883,2023-05-26T18:30:21Z,"Spring Boot Welcome Page Denial of Service","org.springframework.boot:spring-boot-autoconfigure",0,2.5.15,HIGH,CWE-400 -CVE-2023-20883,2023-05-26T18:30:21Z,"Spring Boot Welcome Page Denial of Service","org.springframework.boot:spring-boot-autoconfigure",2.6.0,2.6.15,HIGH,CWE-400 -CVE-2023-20883,2023-05-26T18:30:21Z,"Spring Boot Welcome Page Denial of Service","org.springframework.boot:spring-boot-autoconfigure",2.7.0,2.7.12,HIGH,CWE-400 -CVE-2023-20883,2023-05-26T18:30:21Z,"Spring Boot Welcome Page Denial of Service","org.springframework.boot:spring-boot-autoconfigure",3.0.0,3.0.7,HIGH,CWE-400 -CVE-2023-2195,2023-05-16T21:30:22Z,"Jenkins Code Dx Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:codedx",0,4.0.0,MODERATE,CWE-352 -CVE-2023-2196,2023-05-16T18:30:16Z,"Jenkins Code Dx Plugin missing permission checks","org.jenkins-ci.plugins:codedx",0,4.0.0,MODERATE,CWE-22 -CVE-2023-22102,2023-10-18T00:31:42Z,"MySQL Connectors takeover vulnerability","com.mysql:mysql-connector-j",0,8.2.0,HIGH, -CVE-2023-22102,2023-10-18T00:31:42Z,"MySQL Connectors takeover vulnerability","mysql:mysql-connector-java",0,,HIGH, -CVE-2023-22457,2023-01-06T17:15:47Z,"XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery","org.xwiki.contrib:application-ckeditor-ui",0,1.64.3,CRITICAL,CWE-352 -CVE-2023-22465,2023-01-06T20:24:36Z,"Http4s improperly parses User-Agent and Server headers",org.http4s:http4s-core,0.1.0,0.21.34,HIGH,CWE-20 -CVE-2023-22465,2023-01-06T20:24:36Z,"Http4s improperly parses User-Agent and Server headers",org.http4s:http4s-core,0.22.0,0.22.15,HIGH,CWE-20 -CVE-2023-22465,2023-01-06T20:24:36Z,"Http4s improperly parses User-Agent and Server headers",org.http4s:http4s-core,0.23.0,0.23.17,HIGH,CWE-20 -CVE-2023-22465,2023-01-06T20:24:36Z,"Http4s improperly parses User-Agent and Server headers",org.http4s:http4s-core,1.0.0-M1,1.0.0-M38,HIGH,CWE-20 -CVE-2023-22602,2023-01-14T12:30:23Z,"Apache Shiro Interpretation Conflict vulnerability","org.apache.shiro:shiro-root",0,1.11.0,HIGH,CWE-436 -CVE-2023-22665,2023-04-25T09:30:29Z,"Arbitrary javascript injection in Apache Jena",org.apache.jena:jena,0,4.8.0,MODERATE,CWE-917 -CVE-2023-22832,2023-02-10T09:30:23Z,"XML External Entity Reference in Apache NiFi","org.apache.nifi:nifi-ccda-processors",1.2.0,1.20.0,HIGH,CWE-611 -CVE-2023-22849,2023-02-04T21:30:22Z,"Sling App CMS Cross-site Scripting vulnerability","org.apache.sling:org.apache.sling.cms",0,1.1.6,MODERATE,CWE-79 -CVE-2023-22899,2023-01-10T03:30:29Z,"Zip4j Origin Validation Error",net.lingala.zip4j:zip4j,0,2.11.3,MODERATE,CWE-346 -CVE-2023-22946,2023-04-17T09:30:23Z,"Apache Spark vulnerable to Improper Privilege Management","org.apache.spark:spark-core_2.12",0,3.3.3,CRITICAL,CWE-269 -CVE-2023-22946,2023-04-17T09:30:23Z,"Apache Spark vulnerable to Improper Privilege Management","org.apache.spark:spark-core_2.13",0,3.3.3,CRITICAL,CWE-269 -CVE-2023-23612,2023-01-24T20:47:19Z,"Issue with whitespace in JWT roles in OpenSearch","org.opensearch:opensearch-security",0,1.3.8,MODERATE,CWE-269;CWE-287 -CVE-2023-23612,2023-01-24T20:47:19Z,"Issue with whitespace in JWT roles in OpenSearch","org.opensearch:opensearch-security",2.0.0,2.5.0,MODERATE,CWE-269;CWE-287 -CVE-2023-23613,2023-01-24T20:54:28Z,"Field-level security issue with .keyword fields in OpenSearch","org.opensearch:opensearch-security",0,1.3.8,MODERATE,CWE-200 -CVE-2023-23613,2023-01-24T20:54:28Z,"Field-level security issue with .keyword fields in OpenSearch","org.opensearch:opensearch-security",2.0.0,2.5.0,MODERATE,CWE-200 -CVE-2023-23638,2023-03-08T12:30:16Z,"Apache Dubbo vulnerable to Deserialization of Untrusted Data",org.apache.dubbo:dubbo,0,2.7.22,CRITICAL,CWE-502 -CVE-2023-23638,2023-03-08T12:30:16Z,"Apache Dubbo vulnerable to Deserialization of Untrusted Data",org.apache.dubbo:dubbo,3.0.0,3.0.13,CRITICAL,CWE-502 -CVE-2023-23638,2023-03-08T12:30:16Z,"Apache Dubbo vulnerable to Deserialization of Untrusted Data",org.apache.dubbo:dubbo,3.1.0,3.1.5,CRITICAL,CWE-502 -CVE-2023-23847,2023-02-15T21:30:30Z,"CSRF vulnerability in Synopsys Jenkins Coverity Plugin","org.jenkins-ci.plugins:synopsys-coverity",0,3.0.3,LOW,CWE-352 -CVE-2023-23848,2023-02-15T21:30:30Z,"CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials","org.jenkins-ci.plugins:synopsys-coverity",0,3.0.3,MODERATE,CWE-276 -CVE-2023-23850,2023-02-15T21:30:30Z,"Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions","org.jenkins-ci.plugins:synopsys-coverity",0,3.0.3,MODERATE,CWE-276 -CVE-2023-23926,2023-02-16T20:46:49Z,"XML External Entity (XXE) vulnerability in apoc.import.graphml","org.neo4j.procedure:apoc-core",0,4.4.0.14,MODERATE,CWE-611 -CVE-2023-23926,2023-02-16T20:46:49Z,"XML External Entity (XXE) vulnerability in apoc.import.graphml","org.neo4j.procedure:apoc-core",5.0.0,5.5.0,MODERATE,CWE-611 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.convertors",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.core",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r4b",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r5",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.utilities",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24057,2023-01-23T22:05:28Z," MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.validation",0,5.6.92,CRITICAL,CWE-22 -CVE-2023-24162,2023-01-31T18:30:23Z,"Dromara Hutool Deserialization of Untrusted Data vulnerability",cn.hutool:hutool-all,0,,CRITICAL,CWE-502 -CVE-2023-24163,2023-01-31T18:30:23Z,"Dromara hutool vulnerable to SQL Injection",cn.hutool:hutool-all,0,5.8.21,CRITICAL,CWE-89 -CVE-2023-24187,2023-02-14T03:30:20Z,"XML External Entity Reference in ureport","com.bstek.ureport:ureport2-core",0,,HIGH,CWE-611 -CVE-2023-24188,2023-02-13T21:31:04Z,"Arbitrary file deletion in ureport","com.bstek.ureport:ureport2-core",0,,CRITICAL,CWE-22 -CVE-2023-2422,2023-06-30T20:31:37Z,"Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients","org.keycloak:keycloak-services",0,21.1.2,HIGH,CWE-295 -CVE-2023-24279,2023-03-14T03:30:18Z,"ONOS vulnerable to reflected cross-site scripting","org.onosproject:onos-archetypes",1.9.0,,MODERATE,CWE-79 -CVE-2023-24422,2023-01-26T21:30:19Z,"Sandbox bypass in Jenkins Script Security Plugin","org.jenkins-ci.plugins:script-security",0,1229.v4880b,HIGH,CWE-78 -CVE-2023-24423,2023-01-26T21:30:18Z,"Cross-site request forgery in Jenkins Gerrit Trigger Plugin","com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger",0,2.38.1,MODERATE,CWE-352 -CVE-2023-24424,2023-01-26T21:30:18Z,"Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin ","org.jenkins-ci.plugins:oic-auth",0,2.5,HIGH,CWE-384 -CVE-2023-24425,2023-01-26T21:30:18Z,"Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin","com.cloudbees.jenkins.plugins:kubernetes-credentials-provider",0,1.209.v862c6e5fb,MODERATE, -CVE-2023-24426,2023-01-26T21:30:18Z,"Insufficient Session Expiration in Jenkins Azure AD Plugin","org.jenkins-ci.plugins:azure-ad",0,,HIGH,CWE-613 -CVE-2023-24427,2023-01-26T21:30:18Z,"Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin ","org.jenkins-ci.plugins:bitbucket-oauth",0,0.13,CRITICAL,CWE-384 -CVE-2023-24428,2023-01-26T21:30:18Z,"Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin ","org.jenkins-ci.plugins:bitbucket-oauth",0,0.13,MODERATE,CWE-352 -CVE-2023-24429,2023-01-26T21:30:18Z,"Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin ","org.jenkins-ci.plugins:semantic-versioning-plugin",0,1.15,CRITICAL,CWE-611 -CVE-2023-24430,2023-01-26T21:30:18Z,"XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin ","org.jenkins-ci.plugins:semantic-versioning-plugin",0,1.15,CRITICAL,CWE-611 -CVE-2023-24431,2023-01-26T21:30:18Z,"Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs ","io.jenkins.plugins:macstadium-orka",0,1.32,MODERATE,CWE-862 -CVE-2023-24432,2023-01-26T21:30:18Z,"CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials","io.jenkins.plugins:macstadium-orka",0,1.32,HIGH,CWE-352 -CVE-2023-24433,2023-01-26T21:30:18Z,"Missing permission checks in Jenkins Orka Plugin allow capturing credentials","io.jenkins.plugins:macstadium-orka",0,1.32,MODERATE,CWE-862 -CVE-2023-24434,2023-01-26T21:30:18Z,"CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin","org.jenkins-ci.plugins:ghprb",0,,HIGH,CWE-352 -CVE-2023-24435,2023-01-26T21:30:18Z,"Missing permission checks in Jenkins GitHub Pull Request Builder Plugin","org.jenkins-ci.plugins:ghprb",0,,MODERATE,CWE-862 -CVE-2023-24436,2023-01-26T21:30:18Z,"Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs","org.jenkins-ci.plugins:ghprb",0,,MODERATE,CWE-862 -CVE-2023-24437,2023-01-26T21:30:18Z,"Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin","org.jenkins-ci.plugins:jira-steps",0,,MODERATE,CWE-352 -CVE-2023-24438,2023-01-26T21:30:18Z,"Missing permissions check in Jenkins JIRA Pipeline Steps Plugin","org.jenkins-ci.plugins:jira-steps",0,,MODERATE,CWE-862 -CVE-2023-24439,2023-01-26T21:30:18Z,"Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin","org.jenkins-ci.plugins:jira-steps",0,,MODERATE,CWE-256;CWE-312 -CVE-2023-24440,2023-01-26T21:30:18Z,"Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin","org.jenkins-ci.plugins:jira-steps",0,,MODERATE,CWE-319 -CVE-2023-24441,2023-01-26T21:30:18Z,"XML external entity vulnerability on agents in Jenkins MSTest Plugin ","org.jvnet.hudson.plugins:mstest",0,1.0.1,CRITICAL,CWE-776 -CVE-2023-24442,2023-01-26T21:30:18Z,"Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin","org.jenkins-ci.plugins:github-pr-coverage-status",0,,MODERATE,CWE-256;CWE-312 -CVE-2023-24443,2023-01-26T21:30:18Z,"XML Entity Expansion in Jenkins TestComplete support Plugin","org.jenkins-ci.plugins:TestComplete",0,2.9,CRITICAL,CWE-611;CWE-776 -CVE-2023-24444,2023-01-26T21:30:18Z,"Session fixation vulnerability in Jenkins OpenID Plugin ","org.jenkins-ci.plugins:openid",0,,HIGH,CWE-384 -CVE-2023-24445,2023-01-26T21:30:18Z,"Open redirect vulnerability in Jenkins OpenID Plugin ","org.jenkins-ci.plugins:openid",0,,MODERATE,CWE-601 -CVE-2023-24446,2023-01-26T21:30:18Z,"Cross-site request forgery vulnerability in Jenkins OpenID Plugin","org.jenkins-ci.plugins:openid",0,,HIGH,CWE-352 -CVE-2023-24447,2023-01-26T21:30:18Z,"Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin","org.jenkins-ci.plugins:rabbitmq-consumer",0,,HIGH,CWE-352 -CVE-2023-24448,2023-01-26T21:30:18Z,"Missing permission check in Jenkins RabbitMQ Consumer Plugin","org.jenkins-ci.plugins:rabbitmq-consumer",0,,MODERATE,CWE-862 -CVE-2023-24449,2023-01-26T21:30:18Z,"Path traversal vulnerability in Jenkins PWauth Security Realm Plugin","org.jvnet.hudson.plugins:pwauth",0,,MODERATE,CWE-22 -CVE-2023-24450,2023-01-26T21:30:18Z,"Passwords stored in plain text by Jenkins view-cloner Plugin ","org.jenkins-ci.plugins:view-cloner",0,,MODERATE,CWE-256;CWE-312 -CVE-2023-24451,2023-01-26T21:30:18Z,"Cisco Spark Notifier Jenkins Plugin contains Missing Authorization","org.jenkins-ci.plugins:cisco-spark-notifier-plugin",0,,MODERATE,CWE-862 -CVE-2023-24452,2023-01-26T21:30:18Z,"CSRF vulnerability in Jenkins TestQuality Updater Plugin ","org.jenkins-ci.plugins:testquality-updater",0,,HIGH,CWE-352 -CVE-2023-24453,2023-01-26T21:30:18Z,"Missing permission check in Jenkins TestQuality Updater Plugin ","org.jenkins-ci.plugins:testquality-updater",0,,MODERATE,CWE-862 -CVE-2023-24454,2023-01-26T21:30:18Z,"Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin","org.jenkins-ci.plugins:testquality-updater",0,,MODERATE,CWE-256;CWE-312 -CVE-2023-24455,2023-01-26T21:30:18Z,"Path Traversal in Jenkins visualexpert Plugin","io.jenkins.plugins:visualexpert",0,,MODERATE,CWE-22 -CVE-2023-24456,2023-01-26T21:30:18Z,"Session fixation vulnerability in Jenkins Keycloak Authentication Plugin","org.jenkins-ci.plugins:keycloak",0,2.3.1,CRITICAL,CWE-384 -CVE-2023-24457,2023-01-26T21:30:17Z,"CSRF vulnerability in Jenkins Keycloak Authentication Plugin ","org.jenkins-ci.plugins:keycloak",0,2.3.1,MODERATE,CWE-352 -CVE-2023-24458,2023-01-26T21:30:17Z,"Cross-site request forgery vulnerability in Jenkins BearyChat Plugin","org.jenkins-ci.plugins:bearychat",0,,HIGH,CWE-352 -CVE-2023-24459,2023-01-26T21:30:17Z,"Missing permission check in Jenkins BearyChat Plugin","org.jenkins-ci.plugins:bearychat",0,,MODERATE,CWE-862 -CVE-2023-24620,2023-08-25T21:30:48Z,"Esoteric YamlBeans XML Entity Expansion vulnerability","com.esotericsoftware.yamlbeans:yamlbeans",0,,MODERATE,CWE-400;CWE-611 -CVE-2023-24621,2023-08-25T21:30:47Z,"Esoteric YamlBeans Unsafe Deserialization vulnerability","com.esotericsoftware.yamlbeans:yamlbeans",0,,HIGH,CWE-502 -CVE-2023-24789,2023-03-06T18:30:22Z,"jeecg-boot contains SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,HIGH,CWE-89 -CVE-2023-24815,2023-02-10T03:27:58Z,"StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route",io.vertx:vertx-web,4.0.0,4.3.8,MODERATE,CWE-22 -CVE-2023-24830,2023-01-30T18:30:28Z,"Withdrawn Advisory: Apache IoTDB contains Improper Authentication","org.apache.iotdb:iotdb-parent",0.13.0,0.13.3,HIGH,CWE-287 -CVE-2023-24831,2023-04-17T09:30:24Z,"Apache IoTDB Grafana Connector vulnerable to Improper Authentication","org.apache.iotdb:iotdb-grafana-connector",0.13.0,0.13.4,CRITICAL,CWE-287 -CVE-2023-24977,2023-02-01T12:32:41Z,"Apache InLong contains Out-of-bounds Read vulnerability",org.apache.inlong:inlong,1.1.0,,HIGH,CWE-125 -CVE-2023-24997,2023-02-01T15:30:20Z,"Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability",org.apache.inlong:inlong,1.1.0,,CRITICAL,CWE-502 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","commons-fileupload:commons-fileupload",0,1.5,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.5,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M2,11.0.0-M5,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.85,8.5.88,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.71,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat:tomcat-coyote",10.1.0-M1,10.1.5,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat:tomcat-coyote",11.0.0-M2,11.0.0-M5,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat:tomcat-coyote",8.5.85,8.5.88,HIGH,CWE-770 -CVE-2023-24998,2023-02-20T18:30:17Z,"Apache Commons FileUpload denial of service vulnerability","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.71,HIGH,CWE-770 -CVE-2023-25141,2023-02-14T15:30:28Z,"Command injection in Apache Sling","org.apache.sling:org.apache.sling.jcr.base",0,3.1.12,HIGH,CWE-74 -CVE-2023-25157,2023-02-22T19:15:56Z,"GeoServer OGC Filter SQL Injection Vulnerabilities","org.geoserver.community:gs-jdbcconfig",0,2.21.4,CRITICAL,CWE-89 -CVE-2023-25157,2023-02-22T19:15:56Z,"GeoServer OGC Filter SQL Injection Vulnerabilities","org.geoserver.community:gs-jdbcconfig",2.22.0,2.22.2,CRITICAL,CWE-89 -CVE-2023-25158,2023-02-22T19:16:06Z,"GeoTools OGC Filter SQL Injection Vulnerabilities",org.geotools:gt-jdbc,0,24.7,CRITICAL,CWE-89 -CVE-2023-25158,2023-02-22T19:16:06Z,"GeoTools OGC Filter SQL Injection Vulnerabilities",org.geotools:gt-jdbc,25.0,25.7,CRITICAL,CWE-89 -CVE-2023-25158,2023-02-22T19:16:06Z,"GeoTools OGC Filter SQL Injection Vulnerabilities",org.geotools:gt-jdbc,26.0,26.7,CRITICAL,CWE-89 -CVE-2023-25158,2023-02-22T19:16:06Z,"GeoTools OGC Filter SQL Injection Vulnerabilities",org.geotools:gt-jdbc,27.0,27.4,CRITICAL,CWE-89 -CVE-2023-25158,2023-02-22T19:16:06Z,"GeoTools OGC Filter SQL Injection Vulnerabilities",org.geotools:gt-jdbc,28.0,28.2,CRITICAL,CWE-89 -CVE-2023-25194,2023-02-07T21:30:23Z,"Apache Kafka Connect vulnerable to Deserialization of Untrusted Data",org.apache.kafka:connect,2.3.0,3.4.0,HIGH,CWE-502 -CVE-2023-25330,2023-04-05T15:30:24Z,"MyBatis-Plus vulnerable to SQL injection via TenantPlugin","com.baomidou:mybatis-plus",0,3.5.3.1,CRITICAL,CWE-89 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,1.0.0,1.0.20,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,1.1.0,2.8.10,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,23.0.0,23.3.11,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,24.0.0,24.0.8,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,24.1.0.alpha1,24.1.0,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:flow-server,3.0.0,9.1.1,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:vaadin,10.0.0,10.0.23,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:vaadin,11.0.0,14.10.1,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:vaadin,23.0.0,23.3.13,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:vaadin,24.0.0,24.0.6,MODERATE,CWE-200;CWE-201 -CVE-2023-25499,2023-06-22T20:01:11Z,"Vaadin vulnerable to possible information disclosure in non visible components.",com.vaadin:vaadin,24.1.0.alpha1,24.1.0,MODERATE,CWE-200;CWE-201 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,1.0.0,1.0.21,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,1.1.0,2.9.3,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,23.0.0,23.3.13,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,24.0.0,24.0.9,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,24.1.alpha1,24.1.0,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:flow-server,3.0.0,9.1.2,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,10.0.0,10.0.24,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,11.0.0,14.10.2,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,15.0.0,22.1.0,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,23.0.0,23.3.14,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,24.0.0,24.0.7,LOW,CWE-1295;CWE-200 -CVE-2023-25500,2023-06-22T20:01:03Z,"Vaadin vulnerable to possible information disclosure of class and method names in RPC response",com.vaadin:vaadin,24.1.0.alpha1,24.1.0,LOW,CWE-1295;CWE-200 -CVE-2023-25569,2023-02-22T21:58:27Z,"apollo-portal has potential CSRF issue","com.ctrip.framework.apollo:apollo",0,2.1.0,MODERATE,CWE-352 -CVE-2023-25570,2023-02-22T21:58:33Z,"Apollo has potential access control security issue in eureka","com.ctrip.framework.apollo:apollo",0,2.1.0,HIGH,CWE-306 -CVE-2023-25581,2024-10-11T22:16:56Z,"pac4j-core affected by a Java deserialization vulnerability",org.pac4j:pac4j-core,0,4.0.0,CRITICAL,CWE-502 -CVE-2023-25601,2023-04-20T18:30:50Z,"Apache DolphinScheduler's python gateway suffered from improper authentication","org.apache.dolphinscheduler:dolphinscheduler-api",3.0.0,3.1.2,MODERATE,CWE-287 -CVE-2023-25613,2023-02-20T18:30:17Z,"Apache Kerby LdapIdentityBackend LDAP Injection vulnerability","org.apache.kerby:ldap-backend",0,2.0.3,CRITICAL,CWE-74 -CVE-2023-25621,2023-02-23T09:30:17Z,"Improper Privilege Management in Apache Sling","org.apache.sling:org.apache.sling.i18n",0,2.6.2,MODERATE,CWE-269 -CVE-2023-25721,2023-03-28T21:30:20Z,"Veracode Scan Jenkins Plugin vulnerable to information disclosure","com.veracode.jenkins:veracode-scan",0,23.3.19.0,MODERATE,CWE-532 -CVE-2023-25722,2023-03-28T21:30:20Z,"Veracode Scan Jenkins Plugin vulnerable to information disclosure","com.veracode.jenkins:veracode-scan",0,23.3.19.0,MODERATE,CWE-214 -CVE-2023-25753,2023-10-19T09:30:18Z,"Apache Shenyu Server Side Request Forgery vulnerability","org.apache.shenyu:shenyu-admin",0,2.6.0,MODERATE,CWE-918 -CVE-2023-25753,2023-10-19T09:30:18Z,"Apache Shenyu Server Side Request Forgery vulnerability","org.apache.shenyu:shenyu-common",0,2.6.0,MODERATE,CWE-918 -CVE-2023-25761,2023-02-15T15:30:41Z,"Cross-site Scripting in Jenkins JUnit Plugin","org.jenkins-ci.plugins:junit",0,"1166.1168.vd6b_8042a_06de",MODERATE,CWE-79 -CVE-2023-25762,2023-02-15T15:30:41Z,"Cross-site Scripting in Jenkins Pipeline: Build Step Plugin","org.jenkins-ci.plugins:pipeline-build-step",0,2.18.1,MODERATE,CWE-79 -CVE-2023-25763,2023-02-15T15:30:41Z,"Cross-site Scripting in Jenkins Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.94,MODERATE,CWE-79 -CVE-2023-25764,2023-02-15T15:30:41Z,"Cross-site Scripting in Jenkins Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.94,MODERATE,CWE-79 -CVE-2023-25765,2023-02-15T15:30:40Z,"Sandbox escape in Jenkins Email Extension Plugin","org.jenkins-ci.plugins:email-ext",0,2.94,CRITICAL,CWE-693 -CVE-2023-25766,2023-02-15T15:30:40Z,"Missing Authorization in Jenkins Azure Credentials Plugin","org.jenkins-ci.plugins:azure-credentials",0,254.v64da,MODERATE,CWE-862 -CVE-2023-25767,2023-02-15T15:30:40Z,"Cross-Site Request Forgery in Jenkins Azure Credentials Plugin","org.jenkins-ci.plugins:azure-credentials",0,254.v64da_8176c83a,HIGH,CWE-352 -CVE-2023-25768,2023-02-15T15:30:40Z,"Missing Authorization in Jenkins Azure Credentials Plugin","org.jenkins-ci.plugins:azure-credentials",0,254.v64da_8176c83a,MODERATE,CWE-862;CWE-863 -CVE-2023-25806,2023-03-07T17:38:38Z,"OpenSearch has time discrepancy in authentication responses","org.opensearch.plugin:opensearch-security",0,1.3.9,MODERATE,CWE-203;CWE-208 -CVE-2023-25806,2023-03-07T17:38:38Z,"OpenSearch has time discrepancy in authentication responses","org.opensearch.plugin:opensearch-security",2.0.0,2.6.0,MODERATE,CWE-203;CWE-208 -CVE-2023-25822,2023-10-10T18:28:11Z,"Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal","com.epam.reportportal:service-api",0,5.10.0,MODERATE,CWE-770 -CVE-2023-25826,2023-05-03T21:30:18Z,"Command injection in OpenTSDB",net.opentsdb:opentsdb,0,,CRITICAL,CWE-78 -CVE-2023-25827,2023-05-03T21:30:18Z,"Cross Site Scripting in OpenTSDB",net.opentsdb:opentsdb,0,,HIGH,CWE-79 -CVE-2023-2585,2023-06-30T20:29:25Z,"Client Spoofing within the Keycloak Device Authorisation Grant","org.keycloak:keycloak-server-spi-private",0,21.1.2,LOW,CWE-358 -CVE-2023-2585,2023-06-30T20:29:25Z,"Client Spoofing within the Keycloak Device Authorisation Grant","org.keycloak:keycloak-services",0,21.1.2,LOW,CWE-358 -CVE-2023-26031,2023-11-16T09:30:24Z,"Apache Hadoop allows local user to gain root privileges","org.apache.hadoop:hadoop-yarn-project",3.3.1,3.3.5,HIGH,CWE-426 -CVE-2023-26048,2023-04-19T18:15:45Z,"OutOfMemoryError for large multipart without filename in Eclipse Jetty","org.eclipse.jetty:jetty-server",0,9.4.51.v20230217,MODERATE,CWE-400;CWE-770 -CVE-2023-26048,2023-04-19T18:15:45Z,"OutOfMemoryError for large multipart without filename in Eclipse Jetty","org.eclipse.jetty:jetty-server",10.0.0,10.0.14,MODERATE,CWE-400;CWE-770 -CVE-2023-26048,2023-04-19T18:15:45Z,"OutOfMemoryError for large multipart without filename in Eclipse Jetty","org.eclipse.jetty:jetty-server",11.0.0,11.0.14,MODERATE,CWE-400;CWE-770 -CVE-2023-26049,2023-04-18T22:19:57Z,"Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies","org.eclipse.jetty:jetty-server",0,9.4.51.v20230217,LOW,CWE-200 -CVE-2023-26049,2023-04-18T22:19:57Z,"Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies","org.eclipse.jetty:jetty-server",10.0.0,10.0.14,LOW,CWE-200 -CVE-2023-26049,2023-04-18T22:19:57Z,"Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies","org.eclipse.jetty:jetty-server",11.0.0,11.0.14,LOW,CWE-200 -CVE-2023-26049,2023-04-18T22:19:57Z,"Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies","org.eclipse.jetty:jetty-server",12.0.0alpha0,12.0.0.beta0,LOW,CWE-200 -CVE-2023-26055,2023-03-03T22:49:27Z,"XWiki Platform may allow privilege escalation to programming rights via user's first name","org.xwiki.commons:xwiki-commons-xml",14.0-rc-1,14.4.4,CRITICAL,CWE-150 -CVE-2023-26055,2023-03-03T22:49:27Z,"XWiki Platform may allow privilege escalation to programming rights via user's first name","org.xwiki.commons:xwiki-commons-xml",14.5,14.7-rc-1,CRITICAL,CWE-150 -CVE-2023-26055,2023-03-03T22:49:27Z,"XWiki Platform may allow privilege escalation to programming rights via user's first name","org.xwiki.commons:xwiki-commons-xml",3.1-milestone-1,13.10.9,CRITICAL,CWE-150 -CVE-2023-26056,2023-03-03T22:54:19Z,"xwiki contains Incorrect Authorization","org.xwiki.platform:xwiki-platform-rendering-macro-context",14.0-rc-1,14.4.5,MODERATE,CWE-863 -CVE-2023-26056,2023-03-03T22:54:19Z,"xwiki contains Incorrect Authorization","org.xwiki.platform:xwiki-platform-rendering-macro-context",14.5,14.8-rc-1,MODERATE,CWE-863 -CVE-2023-26056,2023-03-03T22:54:19Z,"xwiki contains Incorrect Authorization","org.xwiki.platform:xwiki-platform-rendering-macro-context",3.0-milestone-1,13.10.10,MODERATE,CWE-863 -CVE-2023-26119,2023-07-06T19:24:13Z,"HtmlUnit Code Injection vulnerability","net.sourceforge.htmlunit:htmlunit",0,3.0.0,CRITICAL,CWE-74;CWE-94 -CVE-2023-26120,2023-04-10T06:30:16Z,"XXL-JOB vulnerable to Cross-site Scripting",com.xuxueli:xxl-job,0,,MODERATE,CWE-79 -CVE-2023-26154,2023-12-06T06:30:20Z,"pubnub Insufficient Entropy vulnerability",com.pubnub:pubnub,0,,MODERATE,CWE-331 -CVE-2023-26154,2023-12-06T06:30:20Z,"pubnub Insufficient Entropy vulnerability",com.pubnub:pubnub-kotlin,0,7.7.0,MODERATE,CWE-331 -CVE-2023-26269,2023-04-03T09:30:19Z,"Apache James server's JMX management service vulnerable to privilege escalation by local user","org.apache.james:javax-mail-extension",0,3.7.4,HIGH,CWE-862 -CVE-2023-2631,2023-05-16T21:30:22Z,"Jenkins Code Dx Plugin missing permission checks","org.jenkins-ci.plugins:codedx",0,4.0.0,MODERATE, -CVE-2023-2632,2023-05-16T18:30:16Z,"Jenkins Code Dx Plugin stores API keys in plain text","org.jenkins-ci.plugins:codedx",0,4.0.0,MODERATE,CWE-256;CWE-522 -CVE-2023-2633,2023-05-16T18:30:16Z,"Jenkins Code Dx Plugin displays API keys in plain text","org.jenkins-ci.plugins:codedx",0,4.0.0,MODERATE,CWE-256;CWE-522 -CVE-2023-26464,2023-03-10T15:30:43Z,"Apache Log4j 1.x (EOL) allows Denial of Service (DoS)","org.apache.logging.log4j:log4j-core",1.0.4,2.0,HIGH,CWE-400;CWE-502 -CVE-2023-26470,2023-03-03T22:50:41Z,"XWiki Platform subject to Uncontrolled Resource Consumption","org.xwiki.platform:xwiki-platform-oldcore",0,14.0-rc-1,MODERATE,CWE-400;CWE-787 -CVE-2023-26471,2023-03-03T22:49:37Z,"XWiki Platform users may execute anything with superadmin right through comments and async macro","org.xwiki.platform:xwiki-platform-rendering-async-macro",11.6-rc-1,13.10.10,CRITICAL,CWE-284 -CVE-2023-26471,2023-03-03T22:49:37Z,"XWiki Platform users may execute anything with superadmin right through comments and async macro","org.xwiki.platform:xwiki-platform-rendering-async-macro",14.0,14.4.6,CRITICAL,CWE-284 -CVE-2023-26471,2023-03-03T22:49:37Z,"XWiki Platform users may execute anything with superadmin right through comments and async macro","org.xwiki.platform:xwiki-platform-rendering-async-macro",14.5,14.9,CRITICAL,CWE-284 -CVE-2023-26472,2023-03-03T22:48:57Z,"XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile","org.xwiki.platform:xwiki-platform-icon-ui",14.0,14.4.6,CRITICAL,CWE-116 -CVE-2023-26472,2023-03-03T22:48:57Z,"XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile","org.xwiki.platform:xwiki-platform-icon-ui",14.5,14.9,CRITICAL,CWE-116 -CVE-2023-26472,2023-03-03T22:48:57Z,"XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile","org.xwiki.platform:xwiki-platform-icon-ui",6.2-milestone-1,13.10.10,CRITICAL,CWE-116 -CVE-2023-26473,2023-03-03T22:46:43Z,"Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm","org.xwiki.platform:xwiki-platform-web",1.3-rc-1,13.10.11,MODERATE,CWE-284 -CVE-2023-26473,2023-03-03T22:46:43Z,"Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm","org.xwiki.platform:xwiki-platform-web",14.0,14.4.7,MODERATE,CWE-284 -CVE-2023-26473,2023-03-03T22:46:43Z,"Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm","org.xwiki.platform:xwiki-platform-web",14.5,14.10,MODERATE,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-legacy-oldcore",13.10,13.10.11,CRITICAL,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-legacy-oldcore",14.0,14.4.7,CRITICAL,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-legacy-oldcore",14.5,14.10,CRITICAL,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-oldcore",13.10,13.10.11,CRITICAL,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-oldcore",14.0,14.4.7,CRITICAL,CWE-284 -CVE-2023-26474,2023-03-03T22:48:40Z,"XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.10,CRITICAL,CWE-284 -CVE-2023-26475,2023-03-02T15:16:43Z,"xwiki-platform vulnerable to Remote Code Execution in Annotations","org.xwiki.platform:xwiki-platform-annotation-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-269;CWE-270 -CVE-2023-26475,2023-03-02T15:16:43Z,"xwiki-platform vulnerable to Remote Code Execution in Annotations","org.xwiki.platform:xwiki-platform-annotation-ui",14.5,14.10,CRITICAL,CWE-269;CWE-270 -CVE-2023-26475,2023-03-02T15:16:43Z,"xwiki-platform vulnerable to Remote Code Execution in Annotations","org.xwiki.platform:xwiki-platform-annotation-ui",2.3-milestone-1,13.10.11,CRITICAL,CWE-269;CWE-270 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-livetable-ui",13.5.0,13.10.9,HIGH,CWE-200;CWE-307 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-livetable-ui",14.0.0,14.7-rc-1,HIGH,CWE-200;CWE-307 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-livetable-ui",3.2-m3,13.4.4,HIGH,CWE-200;CWE-307 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",13.5.0,13.10.9,HIGH,CWE-200;CWE-307 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",14.0.0,14.7-rc-1,HIGH,CWE-200;CWE-307 -CVE-2023-26476,2023-03-03T22:47:49Z,"XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",3.2-m3,13.4.4,HIGH,CWE-200;CWE-307 -CVE-2023-26477,2023-03-03T22:51:02Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.0,14.4.6,CRITICAL,CWE-94;CWE-95 -CVE-2023-26477,2023-03-03T22:51:02Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.5,14.9-rc-1,CRITICAL,CWE-94;CWE-95 -CVE-2023-26477,2023-03-03T22:51:02Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",6.2.4,13.10.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-26478,2023-03-03T22:52:47Z,"xwiki contains Exposed Dangerous Method or Function","org.xwiki.platform:xwiki-platform-store-filesystem-oldcore",14.3-rc-1,14.4.6,MODERATE,CWE-749 -CVE-2023-26478,2023-03-03T22:52:47Z,"xwiki contains Exposed Dangerous Method or Function","org.xwiki.platform:xwiki-platform-store-filesystem-oldcore",14.5,14.9-rc-1,MODERATE,CWE-749 -CVE-2023-26479,2023-03-03T22:53:35Z,"xwiki vulnerable to Improper Handling of Exceptional Conditions","org.xwiki.platform:xwiki-platform-rendering-parser",14.0,14.4.6,MODERATE,CWE-755 -CVE-2023-26479,2023-03-03T22:53:35Z,"xwiki vulnerable to Improper Handling of Exceptional Conditions","org.xwiki.platform:xwiki-platform-rendering-parser",14.5,14.9-rc-1,MODERATE,CWE-755 -CVE-2023-26479,2023-03-03T22:53:35Z,"xwiki vulnerable to Improper Handling of Exceptional Conditions","org.xwiki.platform:xwiki-platform-rendering-parser",6.0,13.10.10,MODERATE,CWE-755 -CVE-2023-26480,2023-03-03T22:53:51Z,"XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data","org.xwiki.platform:xwiki-platform-livedata-macro",12.10,13.10.10,HIGH,CWE-79 -CVE-2023-26480,2023-03-03T22:53:51Z,"XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data","org.xwiki.platform:xwiki-platform-livedata-macro",14.0,14.4.7,HIGH,CWE-79 -CVE-2023-26480,2023-03-03T22:53:51Z,"XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data","org.xwiki.platform:xwiki-platform-livedata-macro",14.5,14.9,HIGH,CWE-79 -CVE-2023-26512,2023-07-17T09:30:23Z,"rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message","org.apache.eventmesh:eventmesh-connector-rabbitmq",1.7.0,,CRITICAL,CWE-502 -CVE-2023-26513,2023-03-20T15:30:20Z,"Apache Sling Resource Merger has Excessive Iteration vulnerability","org.apache.sling:org.apache.sling.resourcemerger",1.2.0,1.4.2,HIGH,CWE-834 -CVE-2023-26812,2023-04-28T21:30:19Z,"Duplicate Advisory: Arbitrary code execution in jfinal CMS","com.jflyfox:jflyfox_jfinal",0,,CRITICAL, -CVE-2023-27025,2023-04-02T03:30:16Z,"RuoYi vulnerable to arbitrary file download",com.ruoyi:ruoyi,0,4.7.6,HIGH,CWE-494 -CVE-2023-27087,2023-03-21T21:30:19Z,"Xuxueli xxl-job allows attacker to obtain sensitive information via the pageList parameter",com.xuxueli:xxl-job,2.2.0,,HIGH, -CVE-2023-27094,2023-03-23T18:30:18Z,"Hippo4j privilege escalation issue",cn.hippo4j:hippo4j-all,0,,HIGH, -CVE-2023-27095,2023-03-16T03:30:16Z,"Exposure of Sensitive Information in OpenGoofy Hippo4j",cn.hippo4j:hippo4j-core,0,,MODERATE,CWE-200;CWE-732 -CVE-2023-27096,2023-03-27T15:30:17Z,"Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module",cn.hippo4j:hippo4j-all,0,,MODERATE,CWE-732 -CVE-2023-27150,2023-12-26T06:30:33Z,"OpenCRX Cross-site Scripting vulnerability",org.opencrx:opencrx-core,0,,MODERATE,CWE-79 -CVE-2023-27162,2023-03-31T21:30:38Z,"OpenAPI Generator vulnerable to Server-Side Request Forgery","org.openapitools:openapi-generator-project",0,,CRITICAL,CWE-918 -CVE-2023-27296,2023-03-27T15:30:16Z,"Apache InLong vulnerable to JDBC Deserialization of Untrusted Data","org.apache.inlong:inlong-manager",1.1.0,1.6.0,HIGH,CWE-502 -CVE-2023-27479,2023-03-08T17:18:33Z,"org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-panels-ui",14.0,14.4.7,CRITICAL,CWE-74 -CVE-2023-27479,2023-03-08T17:18:33Z,"org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-panels-ui",14.5,14.10-rc-1,CRITICAL,CWE-74 -CVE-2023-27479,2023-03-08T17:18:33Z,"org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-panels-ui",6.3-milestone-2,13.10.11,CRITICAL,CWE-74 -CVE-2023-27480,2023-03-08T17:19:30Z,"XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference","org.xwiki.platform:xwiki-platform-xar-model",1.1-milestone-3,13.10.11,HIGH,CWE-611 -CVE-2023-27480,2023-03-08T17:19:30Z,"XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference","org.xwiki.platform:xwiki-platform-xar-model",14.0,14.4.7,HIGH,CWE-611 -CVE-2023-27480,2023-03-08T17:19:30Z,"XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference","org.xwiki.platform:xwiki-platform-xar-model",14.5,14.10-rc-1,HIGH,CWE-611 -CVE-2023-27602,2023-07-06T19:24:13Z,"Apache Linkis Unrestricted File Upload vulnerability",org.apache.linkis:linkis,0,1.3.2,CRITICAL,CWE-434 -CVE-2023-27603,2023-07-06T19:24:13Z,"Apache Linkis Zip Slip issue",org.apache.linkis:linkis,0,1.3.2,CRITICAL,CWE-22;CWE-434 -CVE-2023-27898,2023-03-10T21:30:19Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",0,2.375.4,HIGH,CWE-79 -CVE-2023-27898,2023-03-10T21:30:19Z,"Cross-site Scripting vulnerability in Jenkins","org.jenkins-ci.main:jenkins-core",2.376,2.394,HIGH,CWE-79 -CVE-2023-27899,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.375.4,HIGH,CWE-863 -CVE-2023-27899,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,HIGH,CWE-863 -CVE-2023-27899,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.388,2.394,HIGH,CWE-863 -CVE-2023-27900,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.375.4,MODERATE,CWE-770 -CVE-2023-27900,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,MODERATE,CWE-770 -CVE-2023-27900,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.388,2.394,MODERATE,CWE-770 -CVE-2023-27901,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.375.4,HIGH,CWE-770 -CVE-2023-27901,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,HIGH,CWE-770 -CVE-2023-27901,2023-03-10T21:30:19Z,"Denial of service in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.388,2.394,HIGH,CWE-770 -CVE-2023-27902,2023-03-10T21:30:19Z,"Incorrect Permission Preservation in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.375.4,MODERATE, -CVE-2023-27902,2023-03-10T21:30:19Z,"Incorrect Permission Preservation in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,MODERATE, -CVE-2023-27902,2023-03-10T21:30:19Z,"Incorrect Permission Preservation in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.388,2.394,MODERATE, -CVE-2023-27903,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",0,2.375.4,LOW,CWE-863 -CVE-2023-27903,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,LOW,CWE-863 -CVE-2023-27903,2023-03-10T21:30:19Z,"Incorrect Authorization in Jenkins Core","org.jenkins-ci.main:jenkins-core",2.388,2.394,LOW,CWE-863 -CVE-2023-27904,2023-03-10T21:30:19Z," Information disclosure through error stack traces related to agents ","org.jenkins-ci.main:jenkins-core",0,2.375.4,LOW, -CVE-2023-27904,2023-03-10T21:30:19Z," Information disclosure through error stack traces related to agents ","org.jenkins-ci.main:jenkins-core",2.376,2.387.1,LOW, -CVE-2023-27904,2023-03-10T21:30:19Z," Information disclosure through error stack traces related to agents ","org.jenkins-ci.main:jenkins-core",2.388,2.394,LOW, -CVE-2023-27905,2023-03-10T21:30:19Z,"Cross site scripting vulnerability in update-center2 ","org.jenkins-ci:update-center2",3.13,3.15,MODERATE,CWE-79 -CVE-2023-2798,2023-05-25T15:30:17Z,"Unrestricted recursion in htmlunit",org.htmlunit:htmlunit,0,2.70.0,HIGH,CWE-400;CWE-787 -CVE-2023-27987,2023-07-06T19:24:13Z,"Apache Linkis Authentication Bypass vulnerability",org.apache.linkis:linkis,0,1.3.2,CRITICAL,CWE-294;CWE-326 -CVE-2023-28118,2023-03-20T21:26:59Z,"kaml has potential denial of service while parsing input with anchors and aliases ","com.charleskorn.kaml:kaml",0,0.53.0,HIGH,CWE-776 -CVE-2023-28158,2023-03-29T15:30:17Z,"Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)","org.apache.archiva:archiva",2.0.0,2.2.10,MODERATE,CWE-79 -CVE-2023-28326,2023-03-28T15:30:18Z,"Apache OpenMeetings missing authentication and can allow user impersonation ","org.apache.openmeetings:openmeetings-parent",2.0.0,7.0.0,CRITICAL,CWE-306 -CVE-2023-28462,2023-03-30T21:30:21Z,"Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed","fish.payara.server:payara-aggregator",5.2020.1,6.2022.1.Alpha3,CRITICAL, -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.convertors",0,5.6.106,HIGH,CWE-22 -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.core",0,5.6.106,HIGH,CWE-22 -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.r4b",0,5.6.106,HIGH,CWE-22 -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.r5",0,5.6.106,HIGH,CWE-22 -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.utilities",0,5.6.106,HIGH,CWE-22 -CVE-2023-28465,2023-03-10T22:15:55Z,"HL7 FHIR Partial Path Zip Slip due to bypass of CVE-2023-24057","ca.uhn.hapi.fhir:org.hl7.fhir.validation",0,5.6.106,HIGH,CWE-22 -CVE-2023-28628,2023-03-27T22:31:13Z,"lambdaisland/uri `authority-regex` returns the wrong authority",lambdaisland:uri,0,1.14.120,MODERATE,CWE-601;CWE-706 -CVE-2023-28640,2023-03-27T22:17:57Z,"Apiman vulnerable to permissions bypass due to missing check on API key URL","io.apiman:apiman-manager-api-rest-impl",0,3.1.0.Final,MODERATE,CWE-269;CWE-280;CWE-862 -CVE-2023-28668,2023-04-02T21:30:17Z,"Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled","org.jenkins-ci.plugins:role-strategy",0,587.588.v850a_20a_30162,MODERATE, -CVE-2023-28669,2023-04-02T21:30:17Z,"Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting","org.jenkins-ci.plugins:jacoco",0,3.3.2.1,HIGH,CWE-79 -CVE-2023-28670,2023-04-02T21:30:17Z,"Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting","com.paul8620.jenkins.plugins:pipeline-aggregator-view",0,1.14,HIGH,CWE-79 -CVE-2023-28671,2023-04-02T21:30:17Z,"Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery","org.jenkinsci.plugins:octoperf",0,4.5.1,MODERATE,CWE-352 -CVE-2023-28672,2023-04-02T21:30:17Z,"Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture","org.jenkinsci.plugins:octoperf",0,4.5.2,MODERATE,CWE-862 -CVE-2023-28673,2023-04-02T21:30:17Z,"Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration ","org.jenkinsci.plugins:octoperf",0,4.5.3,MODERATE,CWE-284;CWE-862 -CVE-2023-28674,2023-04-02T21:30:17Z,"Jenkins OctoPerf Load Testing Plugin vulnerable to Cross-site Request Forgery","org.jenkinsci.plugins:octoperf",0,4.5.3,MODERATE,CWE-352 -CVE-2023-28675,2023-04-02T21:30:17Z,"Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections","org.jenkinsci.plugins:octoperf",0,4.5.3,MODERATE,CWE-284;CWE-862 -CVE-2023-28676,2023-04-02T21:30:17Z,"Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery","org.jenkins-ci.plugins:convert-to-pipeline",0,,HIGH,CWE-352 -CVE-2023-28677,2023-04-02T21:30:17Z,"Jenkins Convert To Pipeline Plugin vulnerable to command injection","org.jenkins-ci.plugins:convert-to-pipeline",0,,HIGH,CWE-77 -CVE-2023-28678,2023-04-02T21:30:17Z,"Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)","org.jenkins-ci.plugins:cppcheck",0,,HIGH,CWE-79 -CVE-2023-28679,2023-04-02T21:30:17Z,"Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting","javagh.jenkins:mashup-portlets-plugin",0,,HIGH,CWE-79 -CVE-2023-28680,2023-04-02T21:30:17Z,"Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks","org.jenkins-ci.plugins:crap4j",0,,HIGH,CWE-611 -CVE-2023-28681,2023-04-02T21:30:17Z,"Jenkins Visual Studio Code Metrics Plugin vulnerable to XML external entity (XXE) attacks","org.jenkins-ci.plugins:vs-code-metrics",0,,HIGH,CWE-611 -CVE-2023-28682,2023-04-02T21:30:16Z,"Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks","org.jenkins-ci.plugins:perfpublisher",0,,HIGH,CWE-611 -CVE-2023-28683,2023-04-02T21:30:16Z,"Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks","org.jenkins-ci.plugins:phabricator-plugin",0,,HIGH,CWE-611 -CVE-2023-28684,2023-04-02T21:30:16Z,"Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks","com.sap.jenkinsci:remote-jobs-view-plugin",0,,HIGH,CWE-611 -CVE-2023-28685,2023-07-06T19:24:12Z,"Jenkins AbsInt a³ Plugin XML External Entity Reference vulnerability","org.jenkins-ci.plugins:absint-a3",0,,HIGH,CWE-611 -CVE-2023-28708,2023-03-22T12:30:16Z,"Apache Tomcat vulnerable to Unprotected Transport of Credentials","org.apache.tomcat:tomcat-catalina",10.1.0-M1,10.1.6,MODERATE,CWE-523 -CVE-2023-28708,2023-03-22T12:30:16Z,"Apache Tomcat vulnerable to Unprotected Transport of Credentials","org.apache.tomcat:tomcat-catalina",11.0.0-M1,11.0.0-M3,MODERATE,CWE-523 -CVE-2023-28708,2023-03-22T12:30:16Z,"Apache Tomcat vulnerable to Unprotected Transport of Credentials","org.apache.tomcat:tomcat-catalina",8.5.0,8.5.86,MODERATE,CWE-523 -CVE-2023-28708,2023-03-22T12:30:16Z,"Apache Tomcat vulnerable to Unprotected Transport of Credentials","org.apache.tomcat:tomcat-catalina",9.0.0-M1,9.0.72,MODERATE,CWE-523 -CVE-2023-28709,2023-07-06T21:14:59Z,"Apache Tomcat - Fix for CVE-2023-24998 was incomplete","org.apache.tomcat.embed:tomcat-embed-core",10.1.5,10.1.8,HIGH,CWE-193 -CVE-2023-28709,2023-07-06T21:14:59Z,"Apache Tomcat - Fix for CVE-2023-24998 was incomplete","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M2,11.0.0-M5,HIGH,CWE-193 -CVE-2023-28709,2023-07-06T21:14:59Z,"Apache Tomcat - Fix for CVE-2023-24998 was incomplete","org.apache.tomcat.embed:tomcat-embed-core",9.0.71,9.0.74,HIGH,CWE-193 -CVE-2023-28709,2023-07-06T21:14:59Z,"Apache Tomcat - Fix for CVE-2023-24998 was incomplete","org.apache.tomcat:tomcat-coyote",8.5.85,8.5.88,HIGH,CWE-193 -CVE-2023-28754,2023-07-19T09:30:54Z,"Apache ShardingSphere-Agent Deserialization of Untrusted Data vulnerability","org.apache.shardingsphere:shardingsphere",0,5.4.0,HIGH,CWE-502 -CVE-2023-28857,2024-08-05T21:18:59Z,"Apereo CAS vulnerable to credential leaks for LDAP authentication","org.apereo.cas:cas-server-support-x509-core",6.5.0,6.6.6,MODERATE,CWE-200;CWE-522 -CVE-2023-28867,2023-03-27T03:30:16Z,"GraphQL Java vulnerable to stack consumption","com.graphql-java:graphql-java",0,"0.0.0-2023-03-20T01-49-44-80e3135",HIGH,CWE-770 -CVE-2023-28867,2023-03-27T03:30:16Z,"GraphQL Java vulnerable to stack consumption","com.graphql-java:graphql-java",1.2,17.5,HIGH,CWE-770 -CVE-2023-28867,2023-03-27T03:30:16Z,"GraphQL Java vulnerable to stack consumption","com.graphql-java:graphql-java",18.0,18.4,HIGH,CWE-770 -CVE-2023-28867,2023-03-27T03:30:16Z,"GraphQL Java vulnerable to stack consumption","com.graphql-java:graphql-java",19.0,19.4,HIGH,CWE-770 -CVE-2023-28867,2023-03-27T03:30:16Z,"GraphQL Java vulnerable to stack consumption","com.graphql-java:graphql-java",20.0,20.1,HIGH,CWE-770 -CVE-2023-28935,2023-03-30T12:30:15Z,"Apache UIMA DUCC allows remote code execution ","org.apache.uima:uima-ducc-parent",0,,HIGH,CWE-77 -CVE-2023-28936,2023-07-06T21:14:56Z,"Apache OpenMeetings insufficient authorization vulnerability","org.apache.openmeetings:openmeetings-db",2.0.0,7.1.0,MODERATE,CWE-697 -CVE-2023-29014,2023-04-07T19:22:41Z,"Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter","io.goobi.viewer:viewer-core",0,23.03,MODERATE,CWE-79 -CVE-2023-29015,2023-04-07T19:22:38Z,"Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments","io.goobi.viewer:viewer-core",0,23.03,MODERATE,CWE-79 -CVE-2023-29016,2023-04-07T19:22:33Z,"Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames","io.goobi.viewer:viewer-core",0,23.03,MODERATE,CWE-79 -CVE-2023-29032,2023-05-12T09:30:15Z,"Apache OpenMeetings Improper Authentication vulnerability","org.apache.openmeetings:openmeetings-parent",3.1.3,7.1.0,HIGH,CWE-287 -CVE-2023-29055,2024-01-29T15:30:25Z,"Apache Kylin has Insufficiently Protected Credentials","org.apache.kylin:kylin-core-common",2.0.0,4.0.4,HIGH,CWE-522 -CVE-2023-29201,2023-04-12T20:38:17Z,"org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability","org.xwiki.commons:xwiki-commons-xml",4.2-milestone-1,14.6-rc-1,CRITICAL,CWE-79 -CVE-2023-29202,2023-04-12T20:38:37Z,"org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability","org.xwiki.platform:xwiki-core-rendering-macro-rss",1.8,,CRITICAL,CWE-79 -CVE-2023-29202,2023-04-12T20:38:37Z,"org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability","org.xwiki.platform:xwiki-platform-rendering-macro-rss",0,14.6-rc-1,CRITICAL,CWE-79 -CVE-2023-29203,2023-04-12T20:40:00Z,"Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm ","org.xwiki.platform:xwiki-platform-web-templates",13.9-rc-1,13.10.8,LOW,CWE-359;CWE-668 -CVE-2023-29203,2023-04-12T20:40:00Z,"Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm ","org.xwiki.platform:xwiki-platform-web-templates",14.0-rc-1,14.4.3,LOW,CWE-359;CWE-668 -CVE-2023-29203,2023-04-12T20:40:00Z,"Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm ","org.xwiki.platform:xwiki-platform-web-templates",14.5,14.7-rc-1,LOW,CWE-359;CWE-668 -CVE-2023-29204,2023-04-12T20:38:42Z,"org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability","org.xwiki.platform:xwiki-platform-oldcore",14.0-rc-1,14.4.4,MODERATE,CWE-601 -CVE-2023-29204,2023-04-12T20:38:42Z,"org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.8-rc-1,MODERATE,CWE-601 -CVE-2023-29204,2023-04-12T20:38:42Z,"org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability","org.xwiki.platform:xwiki-platform-oldcore",6.0-rc-1,13.10.10,MODERATE,CWE-601 -CVE-2023-29205,2023-04-12T20:38:44Z,"org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro","org.xwiki.platform:xwiki-platform-rendering-xwiki",0,14.8-rc-1,CRITICAL,CWE-79 -CVE-2023-29206,2023-04-12T20:38:47Z,"org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins","org.xwiki.platform:xwiki-platform-skin-skinx",3.0-milestone-1,14.9-rc-1,CRITICAL,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo",14.5,14.9,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin",14.5,14.9,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",14.5,14.9,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web",14.5,14.9,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web-templates",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web-templates",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-platform-web-templates",14.5,14.9,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-web-standard",1.9-milestone-2,13.10.10,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-web-standard",14.0-rc-1,14.4.6,HIGH,CWE-79 -CVE-2023-29207,2023-04-12T20:43:21Z,"Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro","org.xwiki.platform:xwiki-web-standard",14.5,14.9,HIGH,CWE-79 -CVE-2023-29208,2023-04-12T20:34:55Z,"org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents ","org.xwiki.platform:xwiki-platform-oldcore",1.2-milestone-1,13.10.11,HIGH,CWE-668 -CVE-2023-29208,2023-04-12T20:34:55Z,"org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents ","org.xwiki.platform:xwiki-platform-oldcore",14.0-rc-1,14.4.7,HIGH,CWE-668 -CVE-2023-29208,2023-04-12T20:34:55Z,"org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents ","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.10,HIGH,CWE-668 -CVE-2023-29209,2023-04-12T20:35:03Z,"org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro",10.9,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-29209,2023-04-12T20:35:03Z,"org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29209,2023-04-12T20:35:03Z,"org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29210,2023-04-12T20:35:13Z,"org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-29210,2023-04-12T20:35:13Z,"org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-notifications-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29210,2023-04-12T20:35:13Z,"org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-notifications-ui",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29211,2023-04-12T20:35:30Z,"org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29211,2023-04-12T20:35:30Z,"org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29211,2023-04-12T20:35:30Z,"org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki",5.3-milestone-2,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-29212,2023-04-12T20:35:37Z,"xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-panels-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29212,2023-04-12T20:35:37Z,"xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-panels-ui",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29213,2023-04-12T20:35:42Z,"org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-logging-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-352;CWE-74;CWE-95 -CVE-2023-29213,2023-04-12T20:35:42Z,"org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-logging-ui",14.5,14.10,CRITICAL,CWE-352;CWE-74;CWE-95 -CVE-2023-29213,2023-04-12T20:35:42Z,"org.xwiki.platform:xwiki-platform-logging-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-logging-ui",4.2-milestone-3,13.10.11,CRITICAL,CWE-352;CWE-74;CWE-95 -CVE-2023-29214,2023-04-12T20:35:50Z,"org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-panels-ui",1.1-M2,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-29214,2023-04-12T20:35:50Z,"org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-panels-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29214,2023-04-12T20:35:50Z,"org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-panels-ui",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29215,2023-04-10T09:30:15Z,"Apache Linkis JDBC EngineConn has deserialization vulnerability","org.apache.linkis:linkis-engineconn",0,1.3.2,CRITICAL,CWE-502 -CVE-2023-29216,2023-04-10T09:30:15Z,"Apache Linkis DatasourceManager module has deserialization vulnerability","org.apache.linkis:linkis-datasource",0,1.3.2,CRITICAL,CWE-502 -CVE-2023-29234,2023-12-15T09:30:17Z,"Bypass serialize checks in Apache Dubbo",org.apache.dubbo:dubbo,3.1.0,3.1.11,HIGH,CWE-502 -CVE-2023-29234,2023-12-15T09:30:17Z,"Bypass serialize checks in Apache Dubbo",org.apache.dubbo:dubbo,3.2.0,3.2.5,HIGH,CWE-502 -CVE-2023-29246,2023-05-12T09:30:14Z,"Apache OpenMeetings vulnerable to remote code execution via null-bye injection","org.apache.openmeetings:openmeetings-parent",2.0.0,7.1.0,HIGH,CWE-20 -CVE-2023-29471,2023-04-27T21:30:26Z,"Lightbend Alpakka Kafka logs credentials on debug level","com.typesafe.akka:akka-stream-kafka",0,4.0.2,MODERATE,CWE-312;CWE-532 -CVE-2023-29506,2023-04-12T20:36:19Z,"org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints","org.xwiki.platform:xwiki-platform-security-authentication-default",13.10.8,13.10.11,MODERATE,CWE-79 -CVE-2023-29506,2023-04-12T20:36:19Z,"org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints","org.xwiki.platform:xwiki-platform-security-authentication-default",14.4.3,14.4.7,MODERATE,CWE-79 -CVE-2023-29506,2023-04-12T20:36:19Z,"org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints","org.xwiki.platform:xwiki-platform-security-authentication-default",14.6,14.10,MODERATE,CWE-79 -CVE-2023-29507,2023-04-12T20:36:28Z,"org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors","org.xwiki.platform:xwiki-platform-oldcore",14.4.1,14.4.7,CRITICAL,CWE-648 -CVE-2023-29507,2023-04-12T20:36:28Z,"org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.10,CRITICAL,CWE-648 -CVE-2023-29508,2023-04-12T20:36:36Z,"org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting","org.xwiki.platform:xwiki-platform-livedata-macro",13.10.10,13.10.11,HIGH,CWE-79;CWE-80 -CVE-2023-29508,2023-04-12T20:36:36Z,"org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting","org.xwiki.platform:xwiki-platform-livedata-macro",14.4,14.4.7,HIGH,CWE-79;CWE-80 -CVE-2023-29508,2023-04-12T20:36:36Z,"org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting","org.xwiki.platform:xwiki-platform-livedata-macro",14.9,14.10,HIGH,CWE-79;CWE-80 -CVE-2023-29509,2023-04-12T20:36:42Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-29509,2023-04-12T20:36:42Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-29509,2023-04-12T20:36:42Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",7.2-rc-1,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-29510,2023-04-19T18:26:35Z,"Code injection via unescaped translations in xwiki-platform","org.xwiki.platform:xwiki-platform-administration-ui",4.3-milestone-2,14.10.2,CRITICAL,CWE-74 -CVE-2023-29511,2023-04-12T20:36:56Z,"xwiki-platform-administration-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-administration-ui",1.5M2,13.10.11,CRITICAL,CWE-95 -CVE-2023-29511,2023-04-12T20:36:56Z,"xwiki-platform-administration-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-administration-ui",14.0-rc-1,14.4.8,CRITICAL,CWE-95 -CVE-2023-29511,2023-04-12T20:36:56Z,"xwiki-platform-administration-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-administration-ui",14.5,14.10.1,CRITICAL,CWE-95 -CVE-2023-29512,2023-04-20T21:38:48Z,"xwiki-platform-web-templates vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-web-templates",1.0B1,13.10.11,CRITICAL,CWE-74 -CVE-2023-29512,2023-04-20T21:38:48Z,"xwiki-platform-web-templates vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-web-templates",14.0-rc-1,14.4.8,CRITICAL,CWE-74 -CVE-2023-29512,2023-04-20T21:38:48Z,"xwiki-platform-web-templates vulnerable to Eval Injection","org.xwiki.platform:xwiki-platform-web-templates",14.5,14.10.1,CRITICAL,CWE-74 -CVE-2023-29513,2023-04-20T21:39:56Z,"xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro","org.xwiki.platform:xwiki-platform-web-templates",8.0-rc-1,14.10.1,MODERATE,CWE-284 -CVE-2023-29514,2023-04-20T21:46:57Z,"XWiki vulnerable to Code Injection in template provider administration","org.xwiki.platform.applications:xwiki-application-administration",1.35,,CRITICAL,CWE-74 -CVE-2023-29514,2023-04-20T21:46:57Z,"XWiki vulnerable to Code Injection in template provider administration","org.xwiki.platform:xwiki-platform-administration",3.1-milestone-1,,CRITICAL,CWE-74 -CVE-2023-29514,2023-04-20T21:46:57Z,"XWiki vulnerable to Code Injection in template provider administration","org.xwiki.platform:xwiki-platform-administration-ui",14.0-rc-1,14.4.8,CRITICAL,CWE-74 -CVE-2023-29514,2023-04-20T21:46:57Z,"XWiki vulnerable to Code Injection in template provider administration","org.xwiki.platform:xwiki-platform-administration-ui",14.5,14.10.1,CRITICAL,CWE-74 -CVE-2023-29514,2023-04-20T21:46:57Z,"XWiki vulnerable to Code Injection in template provider administration","org.xwiki.platform:xwiki-platform-administration-ui",4.2-milestone-1,13.10.11,CRITICAL,CWE-74 -CVE-2023-29515,2023-04-20T21:58:10Z,"XWiki App Within Minutes app grants space admin rights that allows cross-site scripting","org.xwiki.platform:xwiki-platform-appwithinminutes",4.0-milestone-2,4.2-milestone-1,MODERATE,CWE-79 -CVE-2023-29515,2023-04-20T21:58:10Z,"XWiki App Within Minutes app grants space admin rights that allows cross-site scripting","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",14.0-rc-1,14.4.8,MODERATE,CWE-79 -CVE-2023-29515,2023-04-20T21:58:10Z,"XWiki App Within Minutes app grants space admin rights that allows cross-site scripting","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",14.5,14.10.1,MODERATE,CWE-79 -CVE-2023-29515,2023-04-20T21:58:10Z,"XWiki App Within Minutes app grants space admin rights that allows cross-site scripting","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",4.2-milestone-1,13.10.11,MODERATE,CWE-79 -CVE-2023-29516,2023-04-20T22:00:14Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector","org.xwiki.platform:xwiki-platform-attachment-ui",14.0-rc-1,14.4.8,CRITICAL,CWE-74;CWE-95 -CVE-2023-29516,2023-04-20T22:00:14Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector","org.xwiki.platform:xwiki-platform-attachment-ui",14.5,14.10.1,CRITICAL,CWE-74;CWE-95 -CVE-2023-29516,2023-04-20T22:00:14Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector","org.xwiki.platform:xwiki-platform-attachment-ui",2.0-rc-2,13.10.11,CRITICAL,CWE-74;CWE-95 -CVE-2023-29517,2023-04-20T22:01:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer","org.xwiki.platform:xwiki-platform-office-viewer",14.0-rc-1,14.4.8,HIGH,CWE-200 -CVE-2023-29517,2023-04-20T22:01:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer","org.xwiki.platform:xwiki-platform-office-viewer",14.5,14.10.1,HIGH,CWE-200 -CVE-2023-29517,2023-04-20T22:01:35Z,"Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer","org.xwiki.platform:xwiki-platform-office-viewer",2.5-milestone-2,13.10.11,HIGH,CWE-200 -CVE-2023-29518,2023-04-20T22:04:00Z,"XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon","org.xwiki.platform:xwiki-platform-invitation-ui",14.0-rc-1,14.4.8,HIGH,CWE-74 -CVE-2023-29518,2023-04-20T22:04:00Z,"XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon","org.xwiki.platform:xwiki-platform-invitation-ui",14.5,14.10.1,HIGH,CWE-74 -CVE-2023-29518,2023-04-20T22:04:00Z,"XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon","org.xwiki.platform:xwiki-platform-invitation-ui",2.5-m-1,13.10.11,HIGH,CWE-74 -CVE-2023-29519,2023-04-20T22:04:49Z,"org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection","org.xwiki.platform:xwiki-platform-attachment-ui",14.0-rc-1,14.4.8,HIGH,CWE-74 -CVE-2023-29519,2023-04-20T22:04:49Z,"org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection","org.xwiki.platform:xwiki-platform-attachment-ui",14.5,14.10.2,HIGH,CWE-74 -CVE-2023-29519,2023-04-20T22:04:49Z,"org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection","org.xwiki.platform:xwiki-platform-attachment-ui",3.0-rc-1,13.10.11,HIGH,CWE-74 -CVE-2023-29520,2023-04-20T22:05:26Z,"XWiki Platform vulnerable to page render failure due to broken translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",14.0-rc-1,14.4.8,MODERATE,CWE-248;CWE-755 -CVE-2023-29520,2023-04-20T22:05:26Z,"XWiki Platform vulnerable to page render failure due to broken translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",14.5,14.10.1,MODERATE,CWE-248;CWE-755 -CVE-2023-29520,2023-04-20T22:05:26Z,"XWiki Platform vulnerable to page render failure due to broken translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",4.3-milestone-2,13.10.11,MODERATE,CWE-248;CWE-755 -CVE-2023-29521,2023-04-20T22:06:19Z,"XWiki Platform vulnerable to code injection from account/view through VFS Tree macro","org.xwiki.platform:xwiki-platform-vfs-ui",14.0-rc-1,14.4.8,HIGH,CWE-74 -CVE-2023-29521,2023-04-20T22:06:19Z,"XWiki Platform vulnerable to code injection from account/view through VFS Tree macro","org.xwiki.platform:xwiki-platform-vfs-ui",14.5,14.10.2,HIGH,CWE-74 -CVE-2023-29521,2023-04-20T22:06:19Z,"XWiki Platform vulnerable to code injection from account/view through VFS Tree macro","org.xwiki.platform:xwiki-platform-vfs-ui",7.4-milestone-2,13.10.11,HIGH,CWE-74 -CVE-2023-29522,2023-04-20T22:15:35Z,"XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet","org.xwiki.platform:xwiki-platform-xclass-ui",14.5,14.10.3,HIGH,CWE-74 -CVE-2023-29522,2023-04-20T22:15:35Z,"XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet","org.xwiki.platform:xwiki-platform-xclass-ui",7.0-rc-1,14.4.8,HIGH,CWE-74 -CVE-2023-29523,2023-04-20T22:16:45Z,"XWiki Platform vulnerable to code injection in display method used in user profiles","org.xwiki.platform:xwiki-platform-oldcore",14.0-rc-1,14.4.8,CRITICAL,CWE-74 -CVE-2023-29523,2023-04-20T22:16:45Z,"XWiki Platform vulnerable to code injection in display method used in user profiles","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.10.2,CRITICAL,CWE-74 -CVE-2023-29523,2023-04-20T22:16:45Z,"XWiki Platform vulnerable to code injection in display method used in user profiles","org.xwiki.platform:xwiki-platform-oldcore",3.3-milestone-1,13.10.11,CRITICAL,CWE-74 -CVE-2023-29524,2023-04-20T22:17:16Z,"XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet","org.xwiki.platform:xwiki-platform-scheduler-ui",2.0.1,14.10.3,CRITICAL,CWE-74 -CVE-2023-29525,2023-04-20T22:25:42Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration","org.xwiki.platform:xwiki-platform-distribution-war",12.6.1,13.10.11,CRITICAL,CWE-74 -CVE-2023-29525,2023-04-20T22:25:42Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration","org.xwiki.platform:xwiki-platform-distribution-war",14.0-rc-1,14.4.8,CRITICAL,CWE-74 -CVE-2023-29525,2023-04-20T22:25:42Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration","org.xwiki.platform:xwiki-platform-distribution-war",14.5,14.6-rc-1,CRITICAL,CWE-74 -CVE-2023-29525,2023-04-20T22:25:42Z,"XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration","org.xwiki.platform:xwiki-platform-legacy-events-hibernate-ui",14.6-rc-1,14.10.3,CRITICAL,CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-oldcore",10.11.1,13.10.11,CRITICAL,CWE-284;CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-oldcore",14.0-rc-1,14.4.8,CRITICAL,CWE-284;CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-oldcore",14.5,14.10.3,CRITICAL,CWE-284;CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-rendering-async-macro",10.11.1,13.10.11,CRITICAL,CWE-284;CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-rendering-async-macro",14.0-rc-1,14.4.8,CRITICAL,CWE-284;CWE-74 -CVE-2023-29526,2023-04-20T22:24:46Z,"XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode","org.xwiki.platform:xwiki-platform-rendering-async-macro",14.5,14.10.3,CRITICAL,CWE-284;CWE-74 -CVE-2023-29527,2023-04-20T22:25:02Z,"XWiki Platform vulnerable to code injection from account through AWM view sheet","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",7.4.4,14.10.3,CRITICAL,CWE-74 -CVE-2023-29528,2023-04-20T20:55:02Z,"Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml","org.xwiki.commons:xwiki-commons-xml",4.2-milestone-1,14.10,CRITICAL,CWE-79 -CVE-2023-2974,2023-07-04T15:30:18Z,"quarkus-core vulnerable to client driven TLS cipher downgrading",io.quarkus:quarkus-core,0,2.16.8.Final,MODERATE, -CVE-2023-2976,2023-06-14T18:30:38Z,"Guava vulnerable to insecure use of temporary directory",com.google.guava:guava,1.0,32.0.0-android,MODERATE,CWE-379;CWE-552 -CVE-2023-29921,2023-04-19T12:30:21Z,"PowerJob Incorrect Access Control vulnerability",tech.powerjob:powerjob,0,,MODERATE, -CVE-2023-29922,2023-04-19T21:30:26Z,"PowerJob vulnerable to Incorrect Access Control via the create user/save interface.",tech.powerjob:powerjob,0,,MODERATE,CWE-284 -CVE-2023-29923,2023-04-19T15:30:21Z,"PowerJob vulnerable to Insecure Permissions",tech.powerjob:powerjob,0,,MODERATE,CWE-276 -CVE-2023-29924,2023-04-21T21:30:19Z,"PowerJob vulnerable to incorrect access control",tech.powerjob:powerjob,0,,CRITICAL, -CVE-2023-29926,2023-04-20T15:30:27Z,"PowerJob vulnerable to remote code execution",tech.powerjob:powerjob,0,,CRITICAL, -CVE-2023-30093,2023-05-05T00:30:19Z,"ONOS vulnerable to Cross-site Scripting","org.onosproject:onos-archetypes",1.9.0,,MODERATE,CWE-79 -CVE-2023-30331,2023-05-04T03:30:22Z,"Server-side template injection in beetl",com.ibeetl:beetl,0,,CRITICAL, -CVE-2023-30349,2023-04-27T15:30:44Z,"Remote code execution in JFinal CMS","com.jflyfox:jflyfox_jfinal",0,,CRITICAL, -CVE-2023-30428,2023-07-12T12:31:36Z,"Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization","org.apache.pulsar:pulsar-broker",2.11.0,2.11.1,HIGH,CWE-863 -CVE-2023-30428,2023-07-12T12:31:36Z,"Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization","org.apache.pulsar:pulsar-broker",2.9.0,2.10.4,HIGH,CWE-863 -CVE-2023-30429,2023-07-12T12:31:36Z,"Apache Pulsar Incorrect Authorization vulnerability",org.apache.pulsar:pulsar,0,2.10.4,CRITICAL,CWE-863 -CVE-2023-30429,2023-07-12T12:31:36Z,"Apache Pulsar Incorrect Authorization vulnerability",org.apache.pulsar:pulsar,2.11.0,2.11.1,CRITICAL,CWE-863 -CVE-2023-30465,2023-07-06T19:24:14Z,"Apache InLong SQL Injection vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.6.0,MODERATE,CWE-89 -CVE-2023-30465,2023-07-06T19:24:14Z,"Apache InLong SQL Injection vulnerability","org.apache.inlong:manager-service",1.4.0,1.6.0,MODERATE,CWE-89 -CVE-2023-30513,2023-04-12T18:30:37Z,"Jenkins Kubernetes Plugin does not properly mask credentials","org.csanchez.jenkins.plugins:kubernetes",0,3910.ve59cec5e33ea,MODERATE,CWE-319 -CVE-2023-30514,2023-04-12T18:30:37Z,"Jenkins Azure Key Vault Plugin does not properly mask credentials","org.jenkins-ci.plugins:azure-keyvault",0,188.vf46b,MODERATE,CWE-319 -CVE-2023-30515,2023-04-12T18:30:37Z,"Jenkins Thycotic DevOps Secrets Vault Plugin does not properly mask credentials","io.jenkins.plugins:thycotic-devops-secrets-vault",0,,MODERATE,CWE-319 -CVE-2023-30516,2023-04-12T18:30:37Z,"Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation","org.jenkins-ci.plugins:image-tag-parameter",0,,MODERATE,CWE-295 -CVE-2023-30517,2023-04-12T18:30:37Z,"Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation","io.jenkins.plugins:neuvector-vulnerability-scanner",0,,MODERATE,CWE-295 -CVE-2023-30518,2023-04-12T18:30:37Z,"Jenkins Thycotic Secret Server Plugin missing permissions check","io.jenkins.plugins:thycotic-secret-server",0,,MODERATE,CWE-862 -CVE-2023-30519,2023-04-12T18:30:37Z,"Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication","org.jenkins-ci.plugins:quayio-trigger",0,,MODERATE,CWE-862 -CVE-2023-30520,2023-04-12T18:30:36Z,"Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability","org.jenkins-ci.plugins:quayio-trigger",0,,HIGH,CWE-79 -CVE-2023-30521,2023-04-12T18:30:36Z,"Jenkins Assembla merge request builder Plugin missing authentication to access endpoint","org.jenkins-ci.plugins:assembla-merge-request-builder",0,,MODERATE,CWE-862 -CVE-2023-30522,2023-04-12T18:30:36Z,"Jenkins Fogbugz Plugin has missing permissions check","org.jenkins-ci.plugins:fogbugz",0,,MODERATE,CWE-862 -CVE-2023-30523,2023-04-12T18:30:36Z,"Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller","org.jenkins-ci.plugins:reportportal",0,,MODERATE,CWE-312 -CVE-2023-30524,2023-04-12T18:30:36Z,"Jenkins Report Portal Plugin configuration form does not mask tokens","org.jenkins-ci.plugins:reportportal",0,,MODERATE, -CVE-2023-30525,2023-04-12T18:30:36Z,"Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:reportportal",0,,MODERATE,CWE-352 -CVE-2023-30526,2023-04-12T18:30:36Z,"Jenkins Report Portal Plugin missing permissions check","org.jenkins-ci.plugins:reportportal",0,,MODERATE,CWE-862 -CVE-2023-30527,2023-04-12T18:30:36Z,"Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller","org.jenkins-ci.plugins:wso2id-oauth",0,,LOW,CWE-312 -CVE-2023-30528,2023-04-12T18:30:36Z,"Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form","org.jenkins-ci.plugins:wso2id-oauth",0,,LOW,CWE-312 -CVE-2023-30529,2023-04-12T18:30:36Z,"Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:lucene-search",0,398.v3dfa_cb_223984,MODERATE,CWE-352 -CVE-2023-30530,2023-04-12T18:30:36Z,"Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted","org.jenkins-ci.plugins:consul-kv-builder",0,,MODERATE,CWE-312 -CVE-2023-30531,2023-04-12T18:30:35Z,"Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted","org.jenkins-ci.plugins:consul-kv-builder",0,,MODERATE,CWE-312 -CVE-2023-30532,2023-04-12T18:30:35Z,"Lack of authentication mechanism in Jenkins TurboScript Plugin webhook","org.jenkinsci.plugins.spoonscript:spoonscript",0,,MODERATE,CWE-862 -CVE-2023-30535,2023-04-14T18:28:58Z,"Snowflake JDBC vulnerable to command injection via SSO URL authentication","net.snowflake:snowflake-jdbc",0,3.13.29,HIGH,CWE-20;CWE-77 -CVE-2023-30537,2023-04-12T20:36:51Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",12.6.6,13.10.11,CRITICAL,CWE-94;CWE-95 -CVE-2023-30537,2023-04-12T20:36:51Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.0-rc-1,14.4.7,CRITICAL,CWE-94;CWE-95 -CVE-2023-30537,2023-04-12T20:36:51Z,"org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation","org.xwiki.platform:xwiki-platform-flamingo-theme-ui",14.5,14.10,CRITICAL,CWE-94;CWE-95 -CVE-2023-30601,2023-07-06T21:15:06Z,"Apache Cassandra: Privilege escalation when enabling FQL/Audit logs","org.apache.cassandra:cassandra-all",4.0.0,4.0.10,HIGH,CWE-269 -CVE-2023-30601,2023-07-06T21:15:06Z,"Apache Cassandra: Privilege escalation when enabling FQL/Audit logs","org.apache.cassandra:cassandra-all",4.1.0,4.1.2,HIGH,CWE-269 -CVE-2023-30867,2023-12-15T15:30:27Z,"Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability","org.apache.streampark:streampark",2.0.0,2.1.2,MODERATE,CWE-89 -CVE-2023-31007,2023-07-12T12:31:36Z,"Apache Pulsar Broker Improper Authentication vulnerability","org.apache.pulsar:pulsar-broker",2.11.0,2.11.1,MODERATE,CWE-287 -CVE-2023-31007,2023-07-12T12:31:36Z,"Apache Pulsar Broker Improper Authentication vulnerability","org.apache.pulsar:pulsar-broker",2.9.0,2.10.4,MODERATE,CWE-287 -CVE-2023-31058,2023-07-06T21:14:59Z,"Apache InLong Deserialization of Untrusted Data Vulnerability","org.apache.inlong:manager-common",1.4.0,1.7.0,HIGH,CWE-502 -CVE-2023-31058,2023-07-06T21:14:59Z,"Apache InLong Deserialization of Untrusted Data Vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.7.0,HIGH,CWE-502 -CVE-2023-31062,2023-07-06T21:14:59Z,"Apache InLong Improper Privilege Management vulnerability","org.apache.inlong:manager-dao",1.2.0,1.7.0,CRITICAL,CWE-269 -CVE-2023-31062,2023-07-06T21:14:59Z,"Apache InLong Improper Privilege Management vulnerability","org.apache.inlong:manager-pojo",1.2.0,1.7.0,CRITICAL,CWE-269 -CVE-2023-31062,2023-07-06T21:14:59Z,"Apache InLong Improper Privilege Management vulnerability","org.apache.inlong:manager-service",1.2.0,1.7.0,CRITICAL,CWE-269 -CVE-2023-31062,2023-07-06T21:14:59Z,"Apache InLong Improper Privilege Management vulnerability","org.apache.inlong:manager-web",1.2.0,1.7.0,CRITICAL,CWE-269 -CVE-2023-31064,2023-07-06T21:14:59Z,"Apache InLong has Files or Directories Accessible to External Parties","org.apache.inlong:manager-workflow",1.2.0,1.7.0,HIGH,CWE-552 -CVE-2023-31065,2023-07-06T21:14:59Z,"Apache InLong Insufficient Session Expiration vulnerability","org.apache.inlong:manager-dao",1.4.0,1.7.0,CRITICAL,CWE-613 -CVE-2023-31065,2023-07-06T21:14:59Z,"Apache InLong Insufficient Session Expiration vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.7.0,CRITICAL,CWE-613 -CVE-2023-31065,2023-07-06T21:14:59Z,"Apache InLong Insufficient Session Expiration vulnerability","org.apache.inlong:manager-service",1.4.0,1.7.0,CRITICAL,CWE-613 -CVE-2023-31065,2023-07-06T21:14:59Z,"Apache InLong Insufficient Session Expiration vulnerability","org.apache.inlong:manager-web",1.4.0,1.7.0,CRITICAL,CWE-613 -CVE-2023-31066,2023-07-06T21:14:59Z,"Apache InLong has Files or Directories Accessible to External Parties in Apache InLong","org.apache.inlong:manager-service",1.4.0,1.7.0,CRITICAL,CWE-552 -CVE-2023-31066,2023-07-06T21:14:59Z,"Apache InLong has Files or Directories Accessible to External Parties in Apache InLong","org.apache.inlong:manager-web",1.4.0,1.7.0,CRITICAL,CWE-552 -CVE-2023-31098,2023-07-06T21:14:59Z,"Apache InLong has Weak Password Requirements in Apache InLong","org.apache.inlong:manager-pojo",1.1.0,1.47.0,CRITICAL,CWE-521 -CVE-2023-31101,2023-05-22T18:30:27Z,"User data exposure in Apache InLong","org.apache.inlong:manager-dao",1.5.0,1.7.0,MODERATE,CWE-1188 -CVE-2023-31101,2023-05-22T18:30:27Z,"User data exposure in Apache InLong","org.apache.inlong:manager-pojo",1.5.0,1.7.0,MODERATE,CWE-1188 -CVE-2023-31101,2023-05-22T18:30:27Z,"User data exposure in Apache InLong","org.apache.inlong:manager-service",1.5.0,1.7.0,MODERATE,CWE-1188 -CVE-2023-31101,2023-05-22T18:30:27Z,"User data exposure in Apache InLong","org.apache.inlong:manager-web",1.5.0,1.7.0,MODERATE,CWE-1188 -CVE-2023-31103,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-dao",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31103,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31103,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-service",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31103,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-test",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31103,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-web",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31126,2023-05-09T19:59:31Z,"Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml","org.xwiki.commons:xwiki-commons-xml",14.6-rc-1,14.10.4,CRITICAL,CWE-79;CWE-86 -CVE-2023-31141,2023-05-09T21:25:06Z,"OpenSearch issue with fine-grained access control during extremely rare race conditions","org.opensearch.plugin:opensearch-security",1.0.0,1.3.10.0,MODERATE,CWE-863 -CVE-2023-31141,2023-05-09T21:25:06Z,"OpenSearch issue with fine-grained access control during extremely rare race conditions","org.opensearch.plugin:opensearch-security",2.0.0,2.7.0.0,MODERATE,CWE-863 -CVE-2023-31206,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-dao",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31206,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31206,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-service",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31206,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-test",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31206,2023-07-06T21:14:59Z,"Apache InLong Exposure of Resource to Wrong Sphere vulnerability","org.apache.inlong:manager-web",1.4.0,1.7.0,HIGH,CWE-668 -CVE-2023-31417,2023-10-26T18:30:23Z,"Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs","org.elasticsearch:elasticsearch",7.0.0,7.17.13,MODERATE,CWE-532 -CVE-2023-31417,2023-10-26T18:30:23Z,"Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs","org.elasticsearch:elasticsearch",8.0.0,8.9.2,MODERATE,CWE-532 -CVE-2023-31418,2023-10-26T18:30:23Z,"Elasticsearch vulnerable to Uncontrolled Resource Consumption","org.elasticsearch:elasticsearch",0,7.17.13,HIGH,CWE-400 -CVE-2023-31418,2023-10-26T18:30:23Z,"Elasticsearch vulnerable to Uncontrolled Resource Consumption","org.elasticsearch:elasticsearch",8.0.0,8.9.0,HIGH,CWE-400 -CVE-2023-31419,2023-10-26T18:30:23Z,"Elasticsearch vulnerable to stack overflow in the search API","org.elasticsearch:elasticsearch",7.0.0,7.17.13,MODERATE,CWE-121;CWE-787 -CVE-2023-31419,2023-10-26T18:30:23Z,"Elasticsearch vulnerable to stack overflow in the search API","org.elasticsearch:elasticsearch",8.0.0,8.9.1,MODERATE,CWE-121;CWE-787 -CVE-2023-31453,2023-07-06T21:14:59Z,"Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability","org.apache.inlong:manager-service",1.2.0,1.7.0,HIGH,CWE-732 -CVE-2023-31453,2023-07-06T21:14:59Z,"Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability","org.apache.inlong:manager-web",1.2.0,1.7.0,HIGH,CWE-732 -CVE-2023-31454,2023-07-06T21:14:59Z,"Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource","org.apache.inlong:manager-service",1.2.0,1.7.0,HIGH,CWE-732 -CVE-2023-31469,2023-06-23T09:30:17Z,"Apache StreamPipes Improper Privilege Management vulnerability","org.apache.streampipes:streampipes-parent",0.69.0,0.92.0,HIGH,CWE-269 -CVE-2023-31544,2023-05-16T21:30:23Z,"alkacon-OpenCMS vulnerable to stored Cross-site Scripting",org.opencms:opencms-core,0,11.0.1,MODERATE,CWE-79 -CVE-2023-31579,2023-11-03T00:30:26Z,"Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key","top.tangyh.basic:lamp-core",0,3.8.1,HIGH,CWE-798 -CVE-2023-31579,2023-11-03T00:30:26Z,"Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key","top.tangyh.basic:lamp-util",0,3.8.1,HIGH,CWE-798 -CVE-2023-31580,2023-10-25T18:32:21Z,"light-oauth2 missing public key verification","com.networknt:light-oauth2",0,2.1.27,MODERATE,CWE-295;CWE-347 -CVE-2023-31581,2023-10-25T18:32:21Z,"Sureness uses hardcoded key","com.usthe.sureness:sureness-core",0,1.0.8,CRITICAL,CWE-798 -CVE-2023-31582,2023-10-25T18:32:21Z,"jose4j uses weak cryptographic algorithm",org.bitbucket.b_c:jose4j,0,0.9.3,HIGH,CWE-327;CWE-331 -CVE-2023-3163,2023-06-08T15:30:20Z,"RuoYi Uncontrolled Resource Consumption vulnerability",com.ruoyi:ruoyi,0,,LOW,CWE-400;CWE-89 -CVE-2023-31826,2023-05-23T03:30:16Z,"Command injection in nevado-jms","org.skyscreamer:nevado-jms",0,,HIGH,CWE-862 -CVE-2023-32007,2023-05-02T09:30:17Z,"Apache Spark UI vulnerable to Command Injection","org.apache.spark:spark-parent_2.12",3.1.1,3.2.2,HIGH,CWE-77 -CVE-2023-32068,2023-05-15T20:52:19Z,"org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability","org.xwiki.platform:xwiki-platform-oldcore",0,14.10.4,MODERATE,CWE-601 -CVE-2023-32069,2023-05-11T20:36:59Z,"Privilege escalation (PR)/RCE from account through class sheet","org.xwiki.platform:xwiki-platform-test-ui",3.3-milestone-3,14.10.4,CRITICAL,CWE-863 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.platform:xwiki-core-rendering-api",0,,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.platform:xwiki-platform-annotation-core",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.rendering:xwiki-rendering-syntax-annotatedhtml5",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.rendering:xwiki-rendering-syntax-annotatedxhtml",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.rendering:xwiki-rendering-syntax-html",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.rendering:xwiki-rendering-syntax-html5",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32070,2023-05-11T20:37:30Z,"Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers","org.xwiki.rendering:xwiki-rendering-syntax-xhtml",0,14.6-rc-1,CRITICAL,CWE-79;CWE-83 -CVE-2023-32071,2023-05-09T17:46:22Z,"XWiki Platform vulnerable to RXSS via editor parameter - importinline template","org.xwiki.platform:xwiki-platform-distribution-war",14.5,14.10.4,CRITICAL,CWE-116;CWE-79 -CVE-2023-32071,2023-05-09T17:46:22Z,"XWiki Platform vulnerable to RXSS via editor parameter - importinline template","org.xwiki.platform:xwiki-platform-distribution-war",2.2-milestone-1,14.4.8,CRITICAL,CWE-116;CWE-79 -CVE-2023-32081,2023-05-12T20:20:19Z,"Vert.x STOMP server process client frames that would not send initially a connect frame",io.vertx:vertx-stomp,3.1.0,3.9.16,MODERATE,CWE-287 -CVE-2023-32081,2023-05-12T20:20:19Z,"Vert.x STOMP server process client frames that would not send initially a connect frame",io.vertx:vertx-stomp,4.0.0,4.4.2,MODERATE,CWE-287 -CVE-2023-32200,2023-07-12T09:30:53Z,"Apache Jena Expression Language Injection vulnerability",org.apache.jena:jena,3.7.0,4.9.0,HIGH,CWE-917 -CVE-2023-3223,2023-09-27T15:30:35Z,"Undertow vulnerable to denial of service","io.undertow:undertow-parent",0,2.2.24.Final,HIGH,CWE-400;CWE-789 -CVE-2023-32261,2023-07-19T18:30:55Z,"Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:dimensionsscm",0,0.9.3.1,MODERATE,CWE-863 -CVE-2023-32262,2023-07-19T18:30:56Z,"Exposure of system-scoped credentials in Jenkins Dimensions Plugin","org.jenkins-ci.plugins:dimensionsscm",0,0.9.3.1,MODERATE, -CVE-2023-32263,2023-07-19T18:30:56Z,"Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin","org.jenkins-ci.plugins:dimensionsscm",0.8.17,0.9.3.1,LOW, -CVE-2023-32310,2023-06-02T17:09:17Z,"DataEase API interface has IDOR vulnerability","io.dataease:dataease-plugin-common",0,1.18.7,HIGH,CWE-639 -CVE-2023-32315,2023-05-23T19:54:30Z,"Administration Console authentication bypass in openfire xmppserver","org.igniterealtime.openfire:xmppserver",3.10.0,4.6.8,HIGH,CWE-22 -CVE-2023-32315,2023-05-23T19:54:30Z,"Administration Console authentication bypass in openfire xmppserver","org.igniterealtime.openfire:xmppserver",4.7.0,4.7.5,HIGH,CWE-22 -CVE-2023-32697,2023-05-23T20:07:58Z,"Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled",org.xerial:sqlite-jdbc,3.6.14.1,3.41.2.2,HIGH,CWE-94 -CVE-2023-32731,2023-07-05T19:12:51Z,"Connection confusion in gRPC",io.grpc:grpc-protobuf,0,1.53.0,HIGH,CWE-440 -CVE-2023-32732,2023-07-06T21:15:08Z,"gRPC connection termination issue",io.grpc:grpc-protobuf,0,1.53.0,MODERATE,CWE-440 -CVE-2023-3276,2023-06-15T15:30:15Z,"HuTool XML parsing module has blind XXE vulnerability",cn.hutool:hutool-core,0,,HIGH,CWE-611 -CVE-2023-32977,2023-05-16T18:30:16Z,"Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins.workflow:workflow-job",0,1295.v395eb,HIGH,CWE-79 -CVE-2023-32978,2023-05-16T18:30:16Z,"Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:ldap",0,676.vfa,MODERATE,CWE-352 -CVE-2023-32979,2023-05-16T18:30:16Z,"Jenkins Email Extension Plugin missing permission check","org.jenkins-ci.plugins:email-ext",0,2.96.1,MODERATE,CWE-732 -CVE-2023-32980,2023-05-16T18:30:16Z,"Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:email-ext",0,2.96.1,MODERATE,CWE-352 -CVE-2023-32981,2023-05-16T18:30:16Z,"Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability","org.jenkins-ci.plugins:pipeline-utility-steps",0,2.15.3,MODERATE,CWE-787 -CVE-2023-32982,2023-05-16T18:30:16Z,"Jenkins Ansible Plugin stores and displays secrets in plain text","org.jenkins-ci.plugins:ansible",0,205.v4cb,MODERATE,CWE-311 -CVE-2023-32983,2023-05-16T18:30:16Z,"Jenkins Ansible Plugin job configuration form does not mask variables","org.jenkins-ci.plugins:ansible",0,205.v4cb,MODERATE,CWE-312 -CVE-2023-32984,2023-05-16T18:30:16Z,"Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability","org.jenkins-ci.plugins:testng-plugin",0,730.732.v959a,MODERATE,CWE-79 -CVE-2023-32985,2023-05-16T18:30:16Z,"Jenkins Sidebar Link Plugin vulnerable to Path Traversal","org.jenkins-ci.plugins:sidebar-link",0,2.2.2,MODERATE,CWE-22 -CVE-2023-32986,2023-05-16T18:30:16Z,"Jenkins File Parameter Plugin arbitrary file write vulnerability","io.jenkins.plugins:file-parameters",0,285.287.v4b,HIGH,CWE-732 -CVE-2023-32987,2023-05-16T18:30:16Z,"Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:reverse-proxy-auth-plugin",0,1.7.5,MODERATE,CWE-352 -CVE-2023-32988,2023-05-16T18:30:16Z,"Jenkins Azure VM Agents Plugin missing permission checks","org.jenkins-ci.plugins:azure-vm-agents",0,853.v4a,MODERATE, -CVE-2023-32989,2023-05-16T18:30:16Z,"Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability","org.jenkins-ci.plugins:azure-vm-agents",0,853.v4a,MODERATE,CWE-352 -CVE-2023-32990,2023-05-16T18:30:16Z,"Jenkins Azure VM Agents Plugin missing permission checks","org.jenkins-ci.plugins:azure-vm-agents",0,853.v4a,MODERATE,CWE-732 -CVE-2023-32991,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability","io.jenkins.plugins:miniorange-saml-sp",0,2.1.0,HIGH,CWE-352 -CVE-2023-32992,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin missing permission checks","io.jenkins.plugins:miniorange-saml-sp",0,2.1.0,HIGH,CWE-732 -CVE-2023-32993,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation","io.jenkins.plugins:miniorange-saml-sp",0,2.1.0,MODERATE,CWE-345 -CVE-2023-32994,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation","io.jenkins.plugins:miniorange-saml-sp",0,2.2.0,MODERATE,CWE-295 -CVE-2023-32995,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability","io.jenkins.plugins:miniorange-saml-sp",0,2.0.1,MODERATE,CWE-352 -CVE-2023-32996,2023-05-16T18:30:16Z,"Jenkins SAML Single Sign On(SSO) Plugin missing permission checks","io.jenkins.plugins:miniorange-saml-sp",0,2.0.1,MODERATE,CWE-276 -CVE-2023-32997,2023-05-16T18:30:16Z,"Jenkins CAS Plugin Session Fixation vulnerability","org.jenkins-ci.plugins:cas-plugin",0,1.6.3,HIGH,CWE-384 -CVE-2023-32998,2023-05-16T18:30:16Z,"Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability","com.rapid7:jenkinsci-appspider-plugin",0,1.0.16,MODERATE,CWE-352 -CVE-2023-32999,2023-05-16T18:30:16Z,"Jenkins AppSpider Plugin missing permission check","com.rapid7:jenkinsci-appspider-plugin",0,1.0.16,MODERATE,CWE-276 -CVE-2023-33000,2023-05-16T18:30:16Z,"Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking","io.jenkins.plugins:cavisson-ns-nd-integration",0,4.11.0.48,LOW,CWE-522 -CVE-2023-33001,2023-05-16T18:30:16Z,"Jenkins HashiCorp Vault Plugin has improper masking of credentials","com.datapipe.jenkins.plugins:hashicorp-vault-plugin",0,,MODERATE,CWE-532 -CVE-2023-33002,2023-05-16T18:30:16Z,"TestComplete support Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins:TestComplete",0,,HIGH,CWE-79 -CVE-2023-33003,2023-05-16T18:30:16Z,"Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:tag-profiler",0,,MODERATE,CWE-352 -CVE-2023-33004,2023-05-16T18:30:16Z,"Jenkins Tag Profiler Plugin missing permission check","org.jenkins-ci.plugins:tag-profiler",0,,MODERATE,CWE-732 -CVE-2023-33005,2023-05-16T18:30:16Z,"Jenkins WSO2 Oauth Plugin Session Fixation vulnerability","org.jenkins-ci.plugins:wso2id-oauth",0,,HIGH,CWE-384;CWE-613 -CVE-2023-33006,2023-05-16T18:30:16Z,"Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:wso2id-oauth",0,,MODERATE,CWE-352 -CVE-2023-33007,2023-05-16T18:30:16Z,"Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability","org.jenkins-ci.plugins:loadcomplete",0,,HIGH,CWE-79 -CVE-2023-33008,2023-07-07T12:30:22Z,"Apache Johnzon Deserialization of Untrusted Data vulnerability","org.apache.johnzon:johnzon-mapper",0,1.2.21,MODERATE,CWE-502 -CVE-2023-3308,2023-06-18T09:30:17Z,"Whaleal IceFrog is vulnerable to deserialization ","com.whaleal.icefrog:icefrog-all",0,,MODERATE,CWE-502 -CVE-2023-3315,2023-06-19T21:30:21Z,"Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation","org.jenkins-ci.plugins:teamconcert",0,2.4.2,MODERATE,CWE-862 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-debug-jdk14",1.49,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-debug-jdk15on",1.49,,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-debug-jdk15to18",0,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-debug-jdk18on",0,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-ext-jdk14",1.49,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-ext-jdk15on",1.49,,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-ext-jdk15to18",0,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-ext-jdk18on",0,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-jdk14",1.49,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-jdk15on",1.49,,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-jdk15to18",0,1.74,MODERATE,CWE-295 -CVE-2023-33201,2023-07-05T03:30:23Z,"Bouncy Castle For Java LDAP injection vulnerability","org.bouncycastle:bcprov-jdk18on",0,1.74,MODERATE,CWE-295 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcpkix-jdk18on",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-ext-jdk15on",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-ext-jdk16",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk14",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk15",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk15on",0,,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk15to18",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk16",0,1.73,MODERATE,CWE-400 -CVE-2023-33202,2023-11-23T18:30:33Z,"Bouncy Castle Denial of Service (DoS)","org.bouncycastle:bcprov-jdk18on",0,1.73,MODERATE,CWE-400 -CVE-2023-33246,2023-07-06T21:15:04Z,"Apache RocketMQ may have remote code execution vulnerability when using update configuration function","org.apache.rocketmq:rocketmq-broker",5.0.0,5.1.1,CRITICAL,CWE-94 -CVE-2023-33246,2023-07-06T21:15:04Z,"Apache RocketMQ may have remote code execution vulnerability when using update configuration function","org.apache.rocketmq:rocketmq-controller",5.0.0,5.1.1,CRITICAL,CWE-94 -CVE-2023-33246,2023-07-06T21:15:04Z,"Apache RocketMQ may have remote code execution vulnerability when using update configuration function","org.apache.rocketmq:rocketmq-namesrv",4.0.0,4.9.6,CRITICAL,CWE-94 -CVE-2023-33246,2023-07-06T21:15:04Z,"Apache RocketMQ may have remote code execution vulnerability when using update configuration function","org.apache.rocketmq:rocketmq-namesrv",5.0.0,5.1.1,CRITICAL,CWE-94 -CVE-2023-33264,2023-05-22T03:30:16Z,"Hazelcast vulnerable to unmasked password exposure",com.hazelcast:hazelcast,0,5.3.0,MODERATE,CWE-200;CWE-522 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly","com.hazelcast:hazelcast-enterprise",0,5.0.5,HIGH,CWE-862 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly","com.hazelcast:hazelcast-enterprise",5.1.0,5.1.7,HIGH,CWE-862 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly","com.hazelcast:hazelcast-enterprise",5.2.0,5.2.4,HIGH,CWE-862 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly",com.hazelcast:hazelcast,0,5.0.5,HIGH,CWE-862 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly",com.hazelcast:hazelcast,5.1.0,5.1.7,HIGH,CWE-862 -CVE-2023-33265,2023-07-19T22:08:40Z,"Hazelcast Executor Services don't check client permissions properly",com.hazelcast:hazelcast,5.2.0,5.2.4,HIGH,CWE-862 -CVE-2023-33496,2023-06-07T21:30:18Z,"xxl-rpc deserialization vulnerability",com.xuxueli:xxl-rpc-core,0,,CRITICAL,CWE-502 -CVE-2023-33510,2023-06-07T21:30:18Z,"Jeecg P3 Biz Chat allows remote attackers to read arbitrary files","org.jeecgframework.p3:jeecg-p3-biz-chat",0,,HIGH,CWE-668 -CVE-2023-33544,2023-06-01T15:30:59Z,"hawtio vulnerable to Path Traversal",io.hawt:project,0,,MODERATE,CWE-22 -CVE-2023-33546,2023-06-01T15:30:59Z,"janino vulnerable to denial of service due to stack overflow","org.codehaus.janino:janino-parent",0,,MODERATE,CWE-787 -CVE-2023-33695,2023-06-13T18:30:39Z,"Insecure Temporary File in HuTool",cn.hutool:hutool-core,0,5.8.19,HIGH,CWE-377;CWE-732 -CVE-2023-33725,2023-06-21T18:31:08Z,"Broadleaf vulnerable to Cross-site Scripting","org.broadleafcommerce:broadleaf",5.0.0-GA,6.2.7-GA,MODERATE,CWE-79 -CVE-2023-33779,2023-05-26T18:30:21Z,"Privilege escalation in XXL-Job",com.xuxueli:xxl-job,0,,HIGH, -CVE-2023-33937,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.1.0,7.3.1,MODERATE,CWE-79 -CVE-2023-33938,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.0,7.4.1,MODERATE,CWE-79 -CVE-2023-33939,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.1.0,7.4.3.13,MODERATE,CWE-79 -CVE-2023-33940,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.0,7.4.3.31,MODERATE,CWE-79 -CVE-2023-33941,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.3.41,7.4.3.53,MODERATE,CWE-79 -CVE-2023-33942,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.3.50,7.4.3.51,MODERATE,CWE-79 -CVE-2023-33943,2023-05-24T15:30:27Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.4.3.21,7.4.3.63,MODERATE,CWE-79 -CVE-2023-33944,2023-05-24T18:30:26Z,"Cross-site scripting in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.4,7.4.3.69,MODERATE,CWE-79 -CVE-2023-33945,2023-05-24T18:30:26Z,"SQL injection in Liferay Portal","com.liferay.portal:release.portal.bom",7.3.1,7.4.3.18,HIGH,CWE-89 -CVE-2023-33946,2023-05-24T18:30:26Z,"Liferay portal unauthorized access to objects via OAuth 2 scope","com.liferay.portal:release.portal.bom",7.4.3.4,7.4.3.49,MODERATE,CWE-284 -CVE-2023-33947,2023-05-24T18:30:26Z,"Liferay portal has unauthorized access to object definition via search ","com.liferay.portal:release.portal.bom",7.4.3.4,7.4.3.61,MODERATE,CWE-284 -CVE-2023-33948,2023-05-24T18:30:26Z,"Missing authorization in Liferay portal","com.liferay.portal:release.portal.bom",7.4.3.67,7.4.3.68,HIGH,CWE-862 -CVE-2023-33949,2023-05-24T18:30:26Z,"Insecure Default Initialization In Liferay Portal","com.liferay.portal:release.portal.bom",7.0.0,7.3.1,MODERATE,CWE-1188 -CVE-2023-33950,2023-05-24T18:30:26Z,"Liferay Portal has Inefficient Regular Expression","com.liferay.portal:release.portal.bom",7.4.3.48,7.4.3.77,MODERATE,CWE-1333 -CVE-2023-33962,2023-06-06T00:45:18Z,"JStachio XSS vulnerability: Unescaped single quotes",io.jstach:jstachio,0,1.0.1,MODERATE,CWE-79 -CVE-2023-34034,2023-07-19T15:30:26Z,"Access Control Bypass in Spring Security","org.springframework.security:spring-security-config",5.6.0,5.6.12,CRITICAL,CWE-281;CWE-284 -CVE-2023-34034,2023-07-19T15:30:26Z,"Access Control Bypass in Spring Security","org.springframework.security:spring-security-config",5.7.0,5.7.10,CRITICAL,CWE-281;CWE-284 -CVE-2023-34034,2023-07-19T15:30:26Z,"Access Control Bypass in Spring Security","org.springframework.security:spring-security-config",5.8.0,5.8.5,CRITICAL,CWE-281;CWE-284 -CVE-2023-34034,2023-07-19T15:30:26Z,"Access Control Bypass in Spring Security","org.springframework.security:spring-security-config",6.0.0,6.0.5,CRITICAL,CWE-281;CWE-284 -CVE-2023-34034,2023-07-19T15:30:26Z,"Access Control Bypass in Spring Security","org.springframework.security:spring-security-config",6.1.0,6.1.2,CRITICAL,CWE-281;CWE-284 -CVE-2023-34035,2023-07-18T18:30:36Z,"Spring Security's authorization rules can be misconfigured when using multiple servlets","org.springframework.security:spring-security-config",5.8.0,5.8.5,HIGH,CWE-863 -CVE-2023-34035,2023-07-18T18:30:36Z,"Spring Security's authorization rules can be misconfigured when using multiple servlets","org.springframework.security:spring-security-config",6.0.0,6.0.5,HIGH,CWE-863 -CVE-2023-34035,2023-07-18T18:30:36Z,"Spring Security's authorization rules can be misconfigured when using multiple servlets","org.springframework.security:spring-security-config",6.1.0,6.1.2,HIGH,CWE-863 -CVE-2023-34036,2023-07-17T12:30:32Z,"Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax","org.springframework.hateoas:spring-hateoas",0,1.5.5,MODERATE,CWE-116;CWE-644 -CVE-2023-34036,2023-07-17T12:30:32Z,"Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax","org.springframework.hateoas:spring-hateoas",2.0.0,2.0.5,MODERATE,CWE-116;CWE-644 -CVE-2023-34036,2023-07-17T12:30:32Z,"Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax","org.springframework.hateoas:spring-hateoas",2.1.0,2.1.1,MODERATE,CWE-116;CWE-644 -CVE-2023-34040,2023-08-24T15:31:10Z,"Spring-Kafka has Java Deserialization vulnerability When Improperly Configured","org.springframework.kafka:spring-kafka",2.8.1,2.9.11,HIGH,CWE-502 -CVE-2023-34040,2023-08-24T15:31:10Z,"Spring-Kafka has Java Deserialization vulnerability When Improperly Configured","org.springframework.kafka:spring-kafka",3.0.0,3.0.10,HIGH,CWE-502 -CVE-2023-34042,2024-02-06T00:30:25Z,"Spring Security's spring-security.xsd file is world writable","org.springframework.security:spring-security-config",5.7.9,5.7.11,MODERATE,CWE-732 -CVE-2023-34042,2024-02-06T00:30:25Z,"Spring Security's spring-security.xsd file is world writable","org.springframework.security:spring-security-config",5.8.4,5.8.7,MODERATE,CWE-732 -CVE-2023-34042,2024-02-06T00:30:25Z,"Spring Security's spring-security.xsd file is world writable","org.springframework.security:spring-security-config",6.0.4,6.0.7,MODERATE,CWE-732 -CVE-2023-34042,2024-02-06T00:30:25Z,"Spring Security's spring-security.xsd file is world writable","org.springframework.security:spring-security-config",6.1.1,6.1.4,MODERATE,CWE-732 -CVE-2023-34047,2023-09-20T12:30:22Z,"Spring for GraphQL may be exposed to GraphQL context with values from a different session","org.springframework.graphql:spring-graphql",1.1.0,1.1.6,LOW, -CVE-2023-34047,2023-09-20T12:30:22Z,"Spring for GraphQL may be exposed to GraphQL context with values from a different session","org.springframework.graphql:spring-graphql",1.2.0,1.2.3,LOW, -CVE-2023-34053,2023-11-28T09:30:27Z,"Spring Framework vulnerable to denial of service","org.springframework:spring-webmvc",6.0.0,6.0.14,HIGH, -CVE-2023-34054,2023-11-28T09:30:27Z,"Reactor Netty HTTP Server denial of service vulnerability","io.projectreactor.netty:reactor-netty-core",1.0.0,1.0.39,HIGH, -CVE-2023-34054,2023-11-28T09:30:27Z,"Reactor Netty HTTP Server denial of service vulnerability","io.projectreactor.netty:reactor-netty-core",1.1.0,1.1.13,HIGH, -CVE-2023-34055,2023-11-28T09:30:27Z,"Spring Boot Actuator denial of service vulnerability","org.springframework.boot:spring-boot-actuator",0,2.7.18,MODERATE, -CVE-2023-34055,2023-11-28T09:30:27Z,"Spring Boot Actuator denial of service vulnerability","org.springframework.boot:spring-boot-actuator",3.0.0,3.0.13,MODERATE, -CVE-2023-34055,2023-11-28T09:30:27Z,"Spring Boot Actuator denial of service vulnerability","org.springframework.boot:spring-boot-actuator",3.1.0,3.1.6,MODERATE, -CVE-2023-34062,2023-11-15T12:30:30Z,"In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack","io.projectreactor.netty:reactor-netty-http",1.0.0,1.0.39,HIGH,CWE-22 -CVE-2023-34062,2023-11-15T12:30:30Z,"In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack","io.projectreactor.netty:reactor-netty-http",1.1.0,1.1.13,HIGH,CWE-22 -CVE-2023-3414,2023-07-26T21:30:18Z,"Credential leakage in Jenkins Plug-in for ServiceNow ","io.jenkins.plugins:servicenow-devops",0,1.38.1,MODERATE,CWE-200;CWE-352 -CVE-2023-34149,2023-06-14T09:30:42Z,"Apache Struts vulnerable to memory exhaustion","org.apache.struts:struts2-core",0,2.5.31,MODERATE,CWE-770 -CVE-2023-34149,2023-06-14T09:30:42Z,"Apache Struts vulnerable to memory exhaustion","org.apache.struts:struts2-core",6.0.0,6.1.2.1,MODERATE,CWE-770 -CVE-2023-34150,2023-07-05T09:30:20Z,"Apache Any23 vulnerable to excessive memory usage","org.apache.any23:apache-any23",0,,MODERATE,CWE-20;CWE-400 -CVE-2023-34189,2023-07-25T09:30:17Z,"Apache InLong: General user can delete and update process","org.apache.inlong:inlong-manager",1.4.0,1.8.0,MODERATE,CWE-668 -CVE-2023-34212,2023-06-12T18:30:18Z,"Apache NiFi vulnerable to Deserialization of Untrusted Data","org.apache.nifi:nifi-jms-processors",1.8.0,1.22.0,MODERATE,CWE-502 -CVE-2023-3431,2023-06-27T15:30:28Z,"PlantUML Improper Access Control vulnerability","net.sourceforge.plantuml:plantuml-mit",0,1.2023.9,MODERATE,CWE-284 -CVE-2023-3432,2023-06-27T15:30:29Z,"PlantUML Server-Side Request Forgery vulnerability","net.sourceforge.plantuml:plantuml",0,1.2023.9,HIGH,CWE-918 -CVE-2023-3432,2023-06-27T15:30:29Z,"PlantUML Server-Side Request Forgery vulnerability","net.sourceforge.plantuml:plantuml-mit",0,1.2023.9,HIGH,CWE-918 -CVE-2023-34340,2023-06-21T09:30:15Z,"Apache Accumulo Improper Authentication vulnerability","org.apache.accumulo:accumulo-shell",2.1.0,2.1.1,CRITICAL,CWE-287 -CVE-2023-34396,2023-06-14T09:30:42Z,"Apache Struts vulnerable to memory exhaustion","org.apache.struts:struts2-core",0,2.5.31,HIGH,CWE-770 -CVE-2023-34396,2023-06-14T09:30:42Z,"Apache Struts vulnerable to memory exhaustion","org.apache.struts:struts2-core",6.0.0,6.1.2.1,HIGH,CWE-770 -CVE-2023-3442,2023-07-26T21:30:19Z,"Missing authorization in Jenkins Plug-in for ServiceNow ","io.jenkins.plugins:servicenow-devops",0,1.38.1,HIGH,CWE-862 -CVE-2023-34434,2023-07-25T09:30:18Z,"JDBC URL bypassing by allowLoadLocalInfileInPath param","org.apache.inlong:manager-pojo",1.4.0,1.8.0,HIGH,CWE-502 -CVE-2023-34442,2023-07-10T18:30:49Z,"Apache Camel information exposure vulnerability","org.apache.camel:camel-jira",3.0.0-M3,3.14.9,LOW,CWE-200 -CVE-2023-34442,2023-07-10T18:30:49Z,"Apache Camel information exposure vulnerability","org.apache.camel:camel-jira",3.15.0,3.18.8,LOW,CWE-200 -CVE-2023-34442,2023-07-10T18:30:49Z,"Apache Camel information exposure vulnerability","org.apache.camel:camel-jira",3.20.0,3.20.6,LOW,CWE-200 -CVE-2023-34442,2023-07-10T18:30:49Z,"Apache Camel information exposure vulnerability","org.apache.camel:camel-jira",4.0.0-M1,4.0.0-RC1,LOW,CWE-200 -CVE-2023-34453,2023-06-15T16:13:20Z,"snappy-java's Integer Overflow vulnerability in shuffle leads to DoS","org.xerial.snappy:snappy-java",0,1.1.10.1,MODERATE,CWE-190 -CVE-2023-34454,2023-06-15T16:28:08Z,"snappy-java's Integer Overflow vulnerability in compress leads to DoS","org.xerial.snappy:snappy-java",0,1.1.10.1,MODERATE,CWE-190 -CVE-2023-34455,2023-06-15T17:15:06Z,"snappy-java's unchecked chunk length leads to DoS","org.xerial.snappy:snappy-java",0,1.1.10.1,HIGH,CWE-770 -CVE-2023-34462,2023-06-20T16:33:22Z,"netty-handler SniHandler 16MB allocation",io.netty:netty-handler,0,4.1.94.Final,MODERATE,CWE-400;CWE-770 -CVE-2023-34464,2023-06-20T16:44:35Z,"XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template","org.xwiki.platform:xwiki-platform-web",2.2.1,14.4.8,CRITICAL,CWE-79 -CVE-2023-34464,2023-06-20T16:44:35Z,"XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template","org.xwiki.platform:xwiki-platform-web-templates",0,14.4.8,CRITICAL,CWE-79 -CVE-2023-34464,2023-06-20T16:44:35Z,"XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template","org.xwiki.platform:xwiki-platform-web-templates",14.5,14.10.5,CRITICAL,CWE-79 -CVE-2023-34464,2023-06-20T16:44:35Z,"XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-79 -CVE-2023-34465,2023-06-20T16:44:55Z,"XWiki Platform's Mail.MailConfig can be edited by any user with edit rights","org.xwiki.platform:xwiki-platform-mail-send-default",11.8-rc-1,14.4.8,CRITICAL,CWE-269 -CVE-2023-34465,2023-06-20T16:44:55Z,"XWiki Platform's Mail.MailConfig can be edited by any user with edit rights","org.xwiki.platform:xwiki-platform-mail-send-default",14.5,14.10.6,CRITICAL,CWE-269 -CVE-2023-34465,2023-06-20T16:44:55Z,"XWiki Platform's Mail.MailConfig can be edited by any user with edit rights","org.xwiki.platform:xwiki-platform-mail-send-default",15.0-rc-1,15.1,CRITICAL,CWE-269 -CVE-2023-34466,2023-06-20T16:45:12Z,"XWiki Platform's tags on non-viewable pages can be revealed to users","org.xwiki.platform:xwiki-platform-tag-api",14.5,14.10.4,MODERATE,CWE-200 -CVE-2023-34466,2023-06-20T16:45:12Z,"XWiki Platform's tags on non-viewable pages can be revealed to users","org.xwiki.platform:xwiki-platform-tag-api",5.0-milestone-1,14.4.8,MODERATE,CWE-200 -CVE-2023-34467,2023-06-20T16:45:32Z,"XWiki Platform may retrieve email addresses of all users ","org.xwiki.platform:xwiki-platform-livetable-ui",14.5,14.10.4,HIGH,CWE-402;CWE-668 -CVE-2023-34467,2023-06-20T16:45:32Z,"XWiki Platform may retrieve email addresses of all users ","org.xwiki.platform:xwiki-platform-livetable-ui",3.5-milestone-1,14.4.8,HIGH,CWE-402;CWE-668 -CVE-2023-34468,2023-06-12T18:30:18Z,"Apache NiFi vulnerable to Code Injection","org.apache.nifi:nifi-dbcp-base",0.0.2,1.22.0,HIGH,CWE-94 -CVE-2023-34468,2023-06-12T18:30:18Z,"Apache NiFi vulnerable to Code Injection","org.apache.nifi:nifi-dbcp-service-nar",0.0.2,1.22.0,HIGH,CWE-94 -CVE-2023-34468,2023-06-12T18:30:18Z,"Apache NiFi vulnerable to Code Injection","org.apache.nifi:nifi-hikari-dbcp-service",0.0.2,1.22.0,HIGH,CWE-94 -CVE-2023-34478,2023-07-24T21:30:39Z,"Path Traversal in Apache Shiro","org.apache.shiro:shiro-web",0,1.12.0,CRITICAL,CWE-22 -CVE-2023-34478,2023-07-24T21:30:39Z,"Path Traversal in Apache Shiro","org.apache.shiro:shiro-web",2.0.0-alpha-1,2.0.0-alpha-3,CRITICAL,CWE-22 -CVE-2023-34602,2023-06-19T06:30:42Z,"JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode","org.jeecgframework.boot:jeecg-boot-parent",0,3.5.1,MODERATE,CWE-89 -CVE-2023-34603,2023-06-19T06:30:42Z,"JeecgBoot vulnerable to SQL injection in queryFilterTableDictInfo","org.jeecgframework.boot:jeecg-boot-parent",0,3.5.1,MODERATE,CWE-89 -CVE-2023-34610,2023-06-14T15:30:38Z,"json-io vulnerable to stack exhaustion","com.cedarsoftware:json-io",0,4.14.1,HIGH,CWE-400;CWE-787 -CVE-2023-34612,2023-06-14T15:30:38Z,"ph-json vulnerable to stack exhaustion","com.helger.commons:ph-json",0,,HIGH,CWE-400;CWE-787 -CVE-2023-34613,2023-06-14T15:30:38Z,"sojo vulnerable to stack exhaustion",net.sf.sojo:sojo,0,,HIGH,CWE-400;CWE-787 -CVE-2023-34614,2023-06-14T15:30:38Z,"jsonij vulnerable to stack exhaustion",cc.plural:jsonij,0,,HIGH,CWE-400;CWE-787 -CVE-2023-34615,2023-06-14T15:30:38Z,"JSONUtil vulnerable to stack exhaustion",net.pwall.json:jsonutil,0,,CRITICAL,CWE-400;CWE-787 -CVE-2023-34616,2023-06-14T15:30:38Z,"pbjson vulnerable to stack exhaustion","com.progsbase.libraries:JSON",0,,HIGH,CWE-400;CWE-787 -CVE-2023-34617,2023-06-14T15:30:38Z,"genson vulnerable to stack exhaustion",com.owlike:genson,0,,HIGH,CWE-400;CWE-787 -CVE-2023-34620,2023-06-14T15:30:38Z,"hjson stack exhaustion vulnerability",org.hjson:hjson,0,,HIGH,CWE-400;CWE-787 -CVE-2023-34624,2023-06-14T15:30:38Z,"htmlcleaner vulnerable to stack exhaustion","net.sourceforge.htmlcleaner:htmlcleaner",0,2.29,HIGH,CWE-400;CWE-787 -CVE-2023-34659,2023-06-16T18:30:33Z,"jeecg-boot SQL injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",3.5.0,,CRITICAL,CWE-89 -CVE-2023-34660,2023-06-16T18:30:33Z,"jeecg-boot unrestricted file upload vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,MODERATE,CWE-434 -CVE-2023-34981,2023-06-21T12:30:19Z,"Apache Tomcat vulnerable to information leak","org.apache.tomcat.embed:tomcat-embed-core",10.1.8,10.1.9,HIGH,CWE-732 -CVE-2023-34981,2023-06-21T12:30:19Z,"Apache Tomcat vulnerable to information leak","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M5,11.0.0-M6,HIGH,CWE-732 -CVE-2023-34981,2023-06-21T12:30:19Z,"Apache Tomcat vulnerable to information leak","org.apache.tomcat.embed:tomcat-embed-core",9.0.74,9.0.75,HIGH,CWE-732 -CVE-2023-34981,2023-06-21T12:30:19Z,"Apache Tomcat vulnerable to information leak","org.apache.tomcat:tomcat-coyote",8.5.88,8.5.89,HIGH,CWE-732 -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wfs,0,2.18.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wfs,2.19.0,2.19.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wfs,2.20.0,2.20.4,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wms,0,2.18.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wms,2.19.0,2.19.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wms,2.20.0,2.20.4,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wps,0,2.18.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wps,2.19.0,2.19.6,CRITICAL, -CVE-2023-35042,2023-06-12T15:30:29Z,"GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language",org.geoserver:gs-wps,2.20.0,2.20.4,CRITICAL, -CVE-2023-35088,2023-07-25T09:30:18Z,"SQL injection in audit endpoint","org.apache.inlong:manager-service",1.4.0,1.8.0,CRITICAL,CWE-89 -CVE-2023-35110,2023-06-14T15:30:39Z,"jjson vulnerable to stack exhaustion",de.grobmeier.json:jjson,0,,HIGH,CWE-400;CWE-787 -CVE-2023-35141,2023-06-14T15:30:37Z,"Jenkins CSRF protection bypass vulnerability","org.jenkins-ci.main:jenkins-core",0,2.400,HIGH,CWE-352 -CVE-2023-35142,2023-06-14T15:30:37Z,"SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin","com.checkmarx.jenkins:checkmarx",0,2023.2.6,HIGH,CWE-295 -CVE-2023-35143,2023-06-14T15:30:37Z,"Stored XSS vulnerability in Jenkins Maven Repository Server Plugin",jenkins:repository,0,,MODERATE,CWE-79 -CVE-2023-35144,2023-06-14T15:30:37Z,"Stored XSS vulnerability in Jenkins Maven Repository Server Plugin",jenkins:repository,0,,MODERATE,CWE-79 -CVE-2023-35145,2023-06-14T15:30:37Z,"Jenkins Sonargraph Integration Plugin vulnerable to Stored Cross-site Scripting","org.jenkins-ci.plugins:sonargraph-integration",0,,HIGH,CWE-79 -CVE-2023-35146,2023-06-14T15:30:37Z,"Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting","org.jenkins.plugin.templateWorkflows:template-workflows",0,,HIGH,CWE-79 -CVE-2023-35147,2023-06-14T15:30:37Z,"Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin","org.jenkins-ci.plugins:aws-codecommit-trigger",0,,MODERATE,CWE-732 -CVE-2023-35148,2023-06-14T15:30:37Z,"Jenkins Digital.ai App Management Publisher Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:ease-plugin",0,,MODERATE,CWE-352 -CVE-2023-35149,2023-06-14T15:30:37Z,"Jenkins Digital.ai App Management Publisher Plugin missing permission checks","org.jenkins-ci.plugins:ease-plugin",0,,MODERATE,CWE-862 -CVE-2023-35150,2023-06-20T16:46:11Z,"XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application","org.xwiki.platform:xwiki-platform-invitation-ui",14.5,14.10.4,CRITICAL,CWE-94;CWE-95 -CVE-2023-35150,2023-06-20T16:46:11Z,"XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application","org.xwiki.platform:xwiki-platform-invitation-ui",15.0-rc-1,15.0,CRITICAL,CWE-94;CWE-95 -CVE-2023-35150,2023-06-20T16:46:11Z,"XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application","org.xwiki.platform:xwiki-platform-invitation-ui",2.4-m-2,14.4.8,CRITICAL,CWE-94;CWE-95 -CVE-2023-35151,2023-06-20T16:46:29Z,"XWiki Platform may show email addresses in clear in REST results","org.xwiki.platform:xwiki-platform-rest-server",14.5,14.10.6,HIGH,CWE-359;CWE-668 -CVE-2023-35151,2023-06-20T16:46:29Z,"XWiki Platform may show email addresses in clear in REST results","org.xwiki.platform:xwiki-platform-rest-server",15.0-rc-1,15.1,HIGH,CWE-359;CWE-668 -CVE-2023-35151,2023-06-20T16:46:29Z,"XWiki Platform may show email addresses in clear in REST results","org.xwiki.platform:xwiki-platform-rest-server",7.3-milestone-1,14.4.8,HIGH,CWE-359;CWE-668 -CVE-2023-35152,2023-06-20T16:46:53Z,"XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults","org.xwiki.platform:xwiki-platform-like-ui",12.9-rc-1,14.4.8,CRITICAL,CWE-94;CWE-95 -CVE-2023-35152,2023-06-20T16:46:53Z,"XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults","org.xwiki.platform:xwiki-platform-like-ui",14.5,14.10.6,CRITICAL,CWE-94;CWE-95 -CVE-2023-35152,2023-06-20T16:46:53Z,"XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults","org.xwiki.platform:xwiki-platform-like-ui",15.0-rc-1,15.1,CRITICAL,CWE-94;CWE-95 -CVE-2023-35153,2023-06-20T16:47:13Z,"XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",14.5,14.10.4,CRITICAL,CWE-79;CWE-80 -CVE-2023-35153,2023-06-20T16:47:13Z,"XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",15.0-rc-1,15.0,CRITICAL,CWE-79;CWE-80 -CVE-2023-35153,2023-06-20T16:47:13Z,"XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",5.4.4,14.4.8,CRITICAL,CWE-79;CWE-80 -CVE-2023-35155,2023-06-20T16:48:36Z,"XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email","org.xwiki.platform:xwiki-platform-sharepage-api",14.5,14.10.4,HIGH,CWE-79 -CVE-2023-35155,2023-06-20T16:48:36Z,"XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email","org.xwiki.platform:xwiki-platform-sharepage-api",2.6-rc-2,14.4.8,HIGH,CWE-79 -CVE-2023-35156,2023-06-22T19:59:10Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",15.0-rc-0,15.1,CRITICAL,CWE-79;CWE-87 -CVE-2023-35156,2023-06-22T19:59:10Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",6.0-rc-1,14.10.6,CRITICAL,CWE-79;CWE-87 -CVE-2023-35157,2023-06-22T19:59:25Z,"XWiki Platform vulnerable to reflected cross-site scripting via delattachment action","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-0,15.1-rc-1,HIGH,CWE-79;CWE-80 -CVE-2023-35157,2023-06-22T19:59:25Z,"XWiki Platform vulnerable to reflected cross-site scripting via delattachment action","org.xwiki.platform:xwiki-platform-oldcore",3.2-milestone-3,14.10.6,HIGH,CWE-79;CWE-80 -CVE-2023-35158,2023-06-22T19:59:33Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-87 -CVE-2023-35158,2023-06-22T19:59:33Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",9.4-rc-1,14.10.5,CRITICAL,CWE-87 -CVE-2023-35159,2023-06-22T19:59:47Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-79;CWE-87 -CVE-2023-35159,2023-06-22T19:59:47Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template","org.xwiki.platform:xwiki-platform-web-templates",3.4-milestone-1,14.10.5,CRITICAL,CWE-79;CWE-87 -CVE-2023-35160,2023-06-22T19:59:55Z,"XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-79;CWE-87 -CVE-2023-35160,2023-06-22T19:59:55Z,"XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template","org.xwiki.platform:xwiki-platform-web-templates",2.5-milestone-2,14.10.5,CRITICAL,CWE-79;CWE-87 -CVE-2023-35161,2023-06-22T20:00:00Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-79;CWE-87 -CVE-2023-35161,2023-06-22T20:00:00Z,"XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",6.2-milestone-1,14.10.5,CRITICAL,CWE-79;CWE-87 -CVE-2023-35162,2023-06-20T17:42:16Z,"XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",15.0-rc-1,15.1-rc-1,CRITICAL,CWE-79 -CVE-2023-35162,2023-06-20T17:42:16Z,"XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",6.1-rc-1,14.10.5,CRITICAL,CWE-79 -CVE-2023-35166,2023-06-20T19:55:36Z,"XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel","org.xwiki.platform:xwiki-platform-help-ui",15.0-rc-1,15.1-rc-1,HIGH,CWE-863 -CVE-2023-35166,2023-06-20T19:55:36Z,"XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel","org.xwiki.platform:xwiki-platform-help-ui",8.1-milestone-1,14.10.5,HIGH,CWE-863 -CVE-2023-35701,2024-05-03T09:30:52Z,"Apache Hive Code Injection vulnerability","org.apache.hive:hive-jdbc",4.0.0-alpha-1,4.0.0,MODERATE,CWE-94 -CVE-2023-35839,2023-06-19T03:30:18Z,"Solon vulnerable to deserialization of untrusted data",org.noear:solon,0,2.3.3,CRITICAL,CWE-502 -CVE-2023-35887,2023-07-10T18:30:49Z,"Apache MINA SSHD information disclosure vulnerability","org.apache.sshd:sshd-common",2.1.0,2.9.3,MODERATE,CWE-200;CWE-22 -CVE-2023-35887,2023-07-10T18:30:49Z,"Apache MINA SSHD information disclosure vulnerability","org.apache.sshd:sshd-core",1.0.0,2.1.0,MODERATE,CWE-200;CWE-22 -CVE-2023-35887,2023-07-10T18:30:49Z,"Apache MINA SSHD information disclosure vulnerability","org.apache.sshd:sshd-sftp",1.0.0,2.9.3,MODERATE,CWE-200;CWE-22 -CVE-2023-35925,2023-06-22T20:00:36Z,"FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption","com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit",0,2.6.3,MODERATE,CWE-400 -CVE-2023-35925,2023-06-22T20:00:36Z,"FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption","com.fastasyncworldedit:FastAsyncWorldEdit-Core",0,2.6.3,MODERATE,CWE-400 -CVE-2023-3597,2024-04-17T17:31:50Z,"Keycloak secondary factor bypass in step-up authentication","org.keycloak:keycloak-services",0,22.0.10,MODERATE,CWE-287;CWE-288 -CVE-2023-3597,2024-04-17T17:31:50Z,"Keycloak secondary factor bypass in step-up authentication","org.keycloak:keycloak-services",23.0.0,24.0.3,MODERATE,CWE-287;CWE-288 -CVE-2023-36106,2023-08-17T21:30:53Z,"PowerJob incorrect access control vulnerability",tech.powerjob:powerjob,0,,HIGH,CWE-284 -CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,HIGH,CWE-304 -CVE-2023-3628,2023-12-30T00:30:23Z,"Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,HIGH,CWE-304 -CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",0,14.0.18.Final,HIGH,CWE-304 -CVE-2023-3629,2023-12-30T00:30:23Z," Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions","org.infinispan:infinispan-server-rest",15.0.0.Dev01,15.0.0.Dev04,HIGH,CWE-304 -CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability","com.squareup.okio:okio-jvm",2.0.0-RC1,3.4.0,MODERATE,CWE-195;CWE-681 -CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability",com.squareup.okio:okio,0,1.17.6,MODERATE,CWE-195;CWE-681 -CVE-2023-3635,2023-07-12T21:30:50Z,"Okio Signed to Unsigned Conversion Error vulnerability",com.squareup.okio:okio,2.0.0-RC1,3.4.0,MODERATE,CWE-195;CWE-681 -CVE-2023-36468,2023-06-30T20:42:07Z,"Upgrading doesn't prevent exploiting vulnerable XWiki documents","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-459 -CVE-2023-36468,2023-06-30T20:42:07Z,"Upgrading doesn't prevent exploiting vulnerable XWiki documents","org.xwiki.platform:xwiki-platform-oldcore",2.0,14.10.7,CRITICAL,CWE-459 -CVE-2023-36469,2023-06-30T20:42:02Z,"XWiki Platform vulnerable to Code injection through NotificationRSSService","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-74 -CVE-2023-36469,2023-06-30T20:42:02Z,"XWiki Platform vulnerable to Code injection through NotificationRSSService","org.xwiki.platform:xwiki-platform-notifications-ui",9.6-rc-1,14.10.6,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-default",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-default",6.2-milestone-1,14.10.6,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-script",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-script",6.2-milestone-1,14.10.6,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-ui",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-74 -CVE-2023-36470,2023-06-30T20:41:57Z,"XWiki Platform vulnerable to Code Injection in icon themes","org.xwiki.platform:xwiki-platform-icon-ui",6.2-milestone-1,14.10.6,CRITICAL,CWE-74 -CVE-2023-36471,2023-06-30T20:41:50Z,"org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted","org.xwiki.commons:xwiki-commons-xml",14.6-rc-1,14.10.6,CRITICAL,CWE-74;CWE-79 -CVE-2023-36471,2023-06-30T20:41:50Z,"org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted","org.xwiki.commons:xwiki-commons-xml",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-74;CWE-79 -CVE-2023-36477,2023-06-30T20:40:47Z,"XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages","org.xwiki.contrib:application-ckeditor-ui",1.9,1.64.9,CRITICAL,CWE-79 -CVE-2023-36477,2023-06-30T20:40:47Z,"XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages","org.xwiki.platform:xwiki-platform-ckeditor-ui",14.6-rc-1,14.10.6,CRITICAL,CWE-79 -CVE-2023-36477,2023-06-30T20:40:47Z,"XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages","org.xwiki.platform:xwiki-platform-ckeditor-ui",15.0-rc-1,15.1,CRITICAL,CWE-79 -CVE-2023-36478,2023-10-10T21:16:23Z,"HTTP/2 HPACK integer overflow and buffer allocation","org.eclipse.jetty.http2:http2-hpack",10.0.0,10.0.16,HIGH,CWE-190 -CVE-2023-36478,2023-10-10T21:16:23Z,"HTTP/2 HPACK integer overflow and buffer allocation","org.eclipse.jetty.http2:http2-hpack",11.0.0,11.0.16,HIGH,CWE-190 -CVE-2023-36478,2023-10-10T21:16:23Z,"HTTP/2 HPACK integer overflow and buffer allocation","org.eclipse.jetty.http2:http2-hpack",9.3.0,9.4.53,HIGH,CWE-190 -CVE-2023-36478,2023-10-10T21:16:23Z,"HTTP/2 HPACK integer overflow and buffer allocation","org.eclipse.jetty.http3:http3-qpack",10.0.0,10.0.16,HIGH,CWE-190 -CVE-2023-36478,2023-10-10T21:16:23Z,"HTTP/2 HPACK integer overflow and buffer allocation","org.eclipse.jetty.http3:http3-qpack",11.0.0,11.0.16,HIGH,CWE-190 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty.ee10:jetty-ee10-servlets",0,12.0.0-beta2,LOW,CWE-149 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty.ee8:jetty-ee8-servlets",0,12.0.0-beta2,LOW,CWE-149 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty.ee9:jetty-ee9-servlets",0,12.0.0-beta2,LOW,CWE-149 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty:jetty-servlets",10.0.0,10.0.16,LOW,CWE-149 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty:jetty-servlets",11.0.0,11.0.16,LOW,CWE-149 -CVE-2023-36479,2023-09-14T16:16:00Z,"Jetty vulnerable to errant command quoting in CGI Servlet","org.eclipse.jetty:jetty-servlets",9.0.0,9.4.52,LOW,CWE-149 -CVE-2023-36480,2023-08-03T19:45:39Z,"Aerospike Java Client vulnerable to unsafe deserialization of server responses","com.aerospike:aerospike-client",0,4.5.0,CRITICAL,CWE-502 -CVE-2023-36480,2023-08-03T19:45:39Z,"Aerospike Java Client vulnerable to unsafe deserialization of server responses","com.aerospike:aerospike-client",5.0.0,5.2.0,CRITICAL,CWE-502 -CVE-2023-36480,2023-08-03T19:45:39Z,"Aerospike Java Client vulnerable to unsafe deserialization of server responses","com.aerospike:aerospike-client",6.0.0,6.2.0,CRITICAL,CWE-502 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-cdc-mysql-bundle",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-dbcp-service",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-hadoop-dbcp-service",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-hbase_2-client-service",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-hikari-dbcp-service",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-jms-processors",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-record-serialization-services",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36542,2023-07-29T09:30:15Z,"Apache NiFi Code Injection vulnerability","org.apache.nifi:nifi-standard-processors",0.0.2,1.23.0,HIGH,CWE-94 -CVE-2023-36566,2023-10-10T18:31:33Z,"Microsoft Common Data Model SDK Denial of Service Vulnerability","com.microsoft.commondatamodel:objectmodel",0,1.7.4,MODERATE,CWE-20 -CVE-2023-36812,2023-06-30T22:58:41Z,"Remote Code Execution for 2.4.1 and earlier",net.opentsdb:opentsdb,0,2.4.2,CRITICAL,CWE-74 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.1.0,3.1.2,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.10.0,3.10.2,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.11.0,3.11.1,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.2.0,3.2.4,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.3.0,3.3.2,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.4.0,3.4.3,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.5.0,3.5.3,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.6.0,3.6.6,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.7.0,3.7.4,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.8.0,3.8.4,MODERATE,CWE-284 -CVE-2023-36820,2023-10-05T20:55:14Z,"io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud","io.micronaut.security:micronaut-security-oauth2",3.9.0,3.9.6,MODERATE,CWE-284 -CVE-2023-37277,2023-07-10T21:53:12Z,"XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API","com.xpn.xwiki.platform:xwiki-core-rest-server",1.8,14.10.8,CRITICAL,CWE-352 -CVE-2023-37277,2023-07-10T21:53:12Z,"XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API","com.xpn.xwiki.platform:xwiki-rest",1.8,14.10.8,CRITICAL,CWE-352 -CVE-2023-37277,2023-07-10T21:53:12Z,"XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API","org.xwiki.platform:xwiki-platform-rest-server",1.8,14.10.8,CRITICAL,CWE-352 -CVE-2023-37277,2023-07-10T21:53:12Z,"XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API","org.xwiki.platform:xwiki-platform-rest-server",15.0-rc-1,15.2,CRITICAL,CWE-352 -CVE-2023-37460,2023-07-25T17:20:43Z,"Arbitrary File Creation in AbstractUnArchiver","org.codehaus.plexus:plexus-archiver",0,4.8.0,HIGH,CWE-22 -CVE-2023-37462,2023-07-14T21:53:52Z,"org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-skin-ui",14.5,14.10.4,CRITICAL,CWE-74;CWE-95 -CVE-2023-37462,2023-07-14T21:53:52Z,"org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerability","org.xwiki.platform:xwiki-platform-skin-ui",7.0-rc-1,14.4.8,CRITICAL,CWE-74;CWE-95 -CVE-2023-37471,2023-07-20T18:54:13Z,"OpenAM vulnerable to user impersonation using SAMLv1.x SSO process","org.openidentityplatform.openam:openam-federation-library",0,14.7.3,CRITICAL,CWE-287 -CVE-2023-37476,2023-07-18T18:47:27Z,"OpenRefine vulnerable to zip slip in project import",org.openrefine:main,0,3.7.4,MODERATE,CWE-22 -CVE-2023-37544,2023-12-20T09:30:26Z,"Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability","org.apache.pulsar:pulsar-websocket",0,2.10.5,HIGH,CWE-287 -CVE-2023-37544,2023-12-20T09:30:26Z,"Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability","org.apache.pulsar:pulsar-websocket",2.11.0,2.11.2,HIGH,CWE-287 -CVE-2023-37544,2023-12-20T09:30:26Z,"Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability","org.apache.pulsar:pulsar-websocket",3.0.0,3.0.1,HIGH,CWE-287 -CVE-2023-37579,2023-07-12T12:31:36Z,"Apache Pulsar Function Worker Incorrect Authorization vulnerability","org.apache.pulsar:pulsar-functions-worker",0,2.10.4,MODERATE,CWE-863 -CVE-2023-37579,2023-07-12T12:31:36Z,"Apache Pulsar Function Worker Incorrect Authorization vulnerability","org.apache.pulsar:pulsar-functions-worker",2.11.0,2.11.1,MODERATE,CWE-863 -CVE-2023-37582,2023-07-12T12:31:36Z,"RocketMQ NameServer component Code Injection vulnerability","org.apache.rocketmq:rocketmq-namesrv",0,4.9.7,CRITICAL,CWE-94 -CVE-2023-37582,2023-07-12T12:31:36Z,"RocketMQ NameServer component Code Injection vulnerability","org.apache.rocketmq:rocketmq-namesrv",5.0.0,5.1.2,CRITICAL,CWE-94 -CVE-2023-37602,2023-07-20T21:30:58Z,"Alkacon OpenCMS arbitrary file upload vulnerability",org.opencms:opencms-core,0,,MODERATE,CWE-79 -CVE-2023-37754,2023-07-28T15:30:23Z,"Code injection in PowerJob","tech.powerjob:powerjob-common",0,,CRITICAL, -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-standalone",1.0.0,2.20.11,CRITICAL,CWE-502 -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-standalone",2.21.0,2.21.18,CRITICAL,CWE-502 -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-standalone-components",1.0.0,2.20.11,CRITICAL,CWE-502 -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-standalone-components",2.21.0,2.21.18,CRITICAL,CWE-502 -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-webapp",1.0.0,2.20.11,CRITICAL,CWE-502 -CVE-2023-37895,2023-07-25T15:30:26Z,"Remote code execution in Apache Jackrabbit","org.apache.jackrabbit:jackrabbit-webapp",2.21.0,2.21.18,CRITICAL,CWE-502 -CVE-2023-37908,2023-10-25T21:02:49Z,"org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability","org.xwiki.rendering:xwiki-rendering-xml",14.6-rc-1,14.10.4,CRITICAL,CWE-79;CWE-83;CWE-86 -CVE-2023-37909,2023-10-25T21:03:11Z,"Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet","org.xwiki.platform:xwiki-platform-menu",5.1-rc-1,14.10.8,HIGH,CWE-94;CWE-95 -CVE-2023-37909,2023-10-25T21:03:11Z,"Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet","org.xwiki.platform:xwiki-platform-menu-ui",15.0-rc-1,15.3-rc-1,HIGH,CWE-94;CWE-95 -CVE-2023-37909,2023-10-25T21:03:11Z,"Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet","org.xwiki.platform:xwiki-platform-menu-ui",5.1-rc-1,14.10.8,HIGH,CWE-94;CWE-95 -CVE-2023-37910,2023-10-25T21:06:32Z,"org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move","org.xwiki.platform:xwiki-platform-attachment-api",14.0-rc-1,14.4.8,HIGH,CWE-862 -CVE-2023-37910,2023-10-25T21:06:32Z,"org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move","org.xwiki.platform:xwiki-platform-attachment-api",14.5,14.10.4,HIGH,CWE-862 -CVE-2023-37911,2023-10-25T21:06:58Z,"org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.3-rc-1,MODERATE,CWE-668 -CVE-2023-37911,2023-10-25T21:06:58Z,"org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents","org.xwiki.platform:xwiki-platform-oldcore",9.4-rc-1,14.10.8,MODERATE,CWE-668 -CVE-2023-37912,2023-10-25T21:07:42Z,"XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro","org.xwiki.platform:xwiki-core-rendering-macro-footnotes",0,14.10.6,HIGH,CWE-270 -CVE-2023-37912,2023-10-25T21:07:42Z,"XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro","org.xwiki.rendering:xwiki-rendering-macro-footnotes",0,14.10.6,HIGH,CWE-270 -CVE-2023-37912,2023-10-25T21:07:42Z,"XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro","org.xwiki.rendering:xwiki-rendering-macro-footnotes",15.0-rc-1,15.1-rc-1,HIGH,CWE-270 -CVE-2023-37913,2023-10-25T21:08:32Z,"org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter","org.xwiki.platform:xwiki-platform-office-importer",15.0-rc-1,15.3-rc-1,CRITICAL,CWE-22 -CVE-2023-37913,2023-10-25T21:08:32Z,"org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter","org.xwiki.platform:xwiki-platform-office-importer",3.5-milestone-1,14.10.8,CRITICAL,CWE-22 -CVE-2023-37914,2023-08-18T21:50:33Z,"XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message","org.xwiki.platform:xwiki-platform-invitation-ui",14.5,14.10.6,CRITICAL,CWE-94;CWE-95 -CVE-2023-37914,2023-08-18T21:50:33Z,"XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message","org.xwiki.platform:xwiki-platform-invitation-ui",15.0-rc-1,15.2-rc-1,CRITICAL,CWE-94;CWE-95 -CVE-2023-37914,2023-08-18T21:50:33Z,"XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message","org.xwiki.platform:xwiki-platform-invitation-ui",2.5-m-1,14.4.8,CRITICAL,CWE-94;CWE-95 -CVE-2023-37942,2023-07-12T18:30:38Z,"Jenkins External Monitor Job Type Plugin XML external entity vulnerability","org.jenkins-ci.plugins:external-monitor-job",0,207.v98a,MODERATE,CWE-611 -CVE-2023-37943,2023-07-12T18:30:38Z,"Jenkins Active Directory Plugin vulnerable to Active Directory credential disclosure","org.jenkins-ci.plugins:active-directory",0,2.30.1,MODERATE,CWE-311 -CVE-2023-37944,2023-07-12T18:30:38Z,"Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.","org.datadog.jenkins.plugins:datadog",0,5.4.2,MODERATE,CWE-862 -CVE-2023-37945,2023-07-12T18:30:38Z,"Jenkins SAML Single Sign On(SSO) Plugin missing permission check","io.jenkins.plugins:miniorange-saml-sp",0,2.3.1,MODERATE,CWE-862 -CVE-2023-37946,2023-07-12T18:30:38Z,"Jenkins OpenShift Login Plugin session fixation vulnerability","org.openshift.jenkins:openshift-login",0,1.1.0.230.v5d7030b,HIGH,CWE-384 -CVE-2023-37947,2023-07-12T18:30:38Z,"Jenkins OpenShift Login Plugin vulnerable to Open Redirect","org.openshift.jenkins:openshift-login",0,1.1.0.230.v5d7030b,MODERATE,CWE-601 -CVE-2023-37948,2023-07-12T18:30:38Z,"Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation","org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute",0,1.0.17,MODERATE,CWE-20 -CVE-2023-37949,2023-07-12T18:30:38Z,"Jenkins Orka by MacStadium Plugin missing permission check","io.jenkins.plugins:macstadium-orka",0,1.34,MODERATE,CWE-862 -CVE-2023-37950,2023-07-12T18:30:38Z,"Jenkins mabl Plugin missing permission check","com.mabl.integration.jenkins:mabl-integration",0,0.0.47,MODERATE,CWE-862 -CVE-2023-37951,2023-07-12T18:30:38Z,"Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials","com.mabl.integration.jenkins:mabl-integration",0,0.0.47,MODERATE,CWE-522 -CVE-2023-37952,2023-07-12T18:30:38Z,"Jenkins mabl Plugin vulnerable to cross-site request forgery","com.mabl.integration.jenkins:mabl-integration",0,0.0.47,MODERATE,CWE-352 -CVE-2023-37953,2023-07-12T18:30:38Z,"Jenkins mabl Plugin missing permission check","com.mabl.integration.jenkins:mabl-integration",0,0.0.47,MODERATE,CWE-862 -CVE-2023-37954,2023-07-12T18:30:38Z,"Jenkins Rebuilder Plugin vulnerable to Cross Site Request Forgery","com.sonyericsson.hudson.plugins.rebuild:rebuild",0,,MODERATE,CWE-352 -CVE-2023-37955,2023-07-12T18:30:38Z,"Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery","org.jenkins-ci.plugins:test-results-aggregator",0,1.2.16,MODERATE,CWE-352 -CVE-2023-37956,2023-07-12T18:30:38Z,"Jenkins Test Results Aggregator Plugin missing permission check","org.jenkins-ci.plugins:test-results-aggregator",0,,MODERATE,CWE-862 -CVE-2023-37957,2023-07-12T18:30:38Z,"Jenkins Pipeline restFul API Plugin vulnerable to Cross Site Request Forgery","io.jenkins.plugins:pipeline-restful-api",0,,HIGH,CWE-352 -CVE-2023-37958,2023-07-12T18:30:39Z,"Jenkins Sumologic Publisher Plugin vulnerable to cross-site request forgery","org.jenkins-ci.plugins:sumologic-publisher",0,,HIGH,CWE-352 -CVE-2023-37959,2023-07-12T18:30:39Z,"Jenkins Sumologic Publisher Plugin missing permission check","org.jenkins-ci.plugins:sumologic-publisher",0,,MODERATE,CWE-862 -CVE-2023-37960,2023-07-12T18:30:39Z,"Jenkins MathWorks Polyspace Plugin vulnerable to arbitrary file read","com.mathworks.polyspace.jenkins:mathworks-polyspace",0,,MODERATE,CWE-22 -CVE-2023-37961,2023-07-12T18:30:39Z,"Jenkins Assembla Auth Plugin vulnerable to cross-site request forgery","org.jenkins-ci.plugins:assembla-auth",0,,HIGH,CWE-352 -CVE-2023-37962,2023-07-12T18:30:39Z,"Jenkins Benchmark Evaluator Plugin vulnerable to cross-site request forgery","io.jenkins.plugins:benchmark-evaluator",0,,HIGH,CWE-352 -CVE-2023-37963,2023-07-12T18:30:39Z,"Jenkins Benchmark Evaluator Plugin missing permission check","io.jenkins.plugins:benchmark-evaluator",0,,MODERATE,CWE-862 -CVE-2023-37964,2023-07-12T18:30:39Z,"Jenkins ElasticBox CI Plugin vulnerable to cross-site request forgery","org.jenkins-ci.plugins:elasticbox",0,,HIGH,CWE-352 -CVE-2023-37965,2023-07-12T18:30:39Z,"Jenkins ElasticBox CI Plugin missing permission check","org.jenkins-ci.plugins:elasticbox",0,,MODERATE,CWE-862 -CVE-2023-3815,2023-07-21T06:30:17Z,"RuoYi vulnerable to Cross-site Scripting",com.ruoyi:ruoyi,0,,LOW,CWE-79 -CVE-2023-38286,2023-07-14T06:31:00Z,"Spring-boot-admin sandbox bypass via crafted HTML","de.codecentric:spring-boot-admin-server",0,2.7.16,HIGH,CWE-77 -CVE-2023-38286,2023-07-14T06:31:00Z,"Spring-boot-admin sandbox bypass via crafted HTML","de.codecentric:spring-boot-admin-server",3.0.0,3.1.2,HIGH,CWE-77 -CVE-2023-38435,2023-07-25T18:30:32Z,"Cross-site Scripting in healthcheck webconsole plugin","org.apache.felix:org.apache.felix.healthcheck.webconsoleplugin",0,2.1.0,MODERATE,CWE-79 -CVE-2023-38493,2023-07-25T18:24:39Z,"Paths contain matrix variables bypass decorators","com.linecorp.armeria:armeria",0,1.24.3,HIGH,CWE-863 -CVE-2023-38509,2023-07-27T19:28:45Z,"Obfuscated email addresses should not be sorted","org.xwiki.platform:xwiki-platform-livetable-ui",15.0,15.3-rc-1,MODERATE,CWE-402 -CVE-2023-38509,2023-07-27T19:28:45Z,"Obfuscated email addresses should not be sorted","org.xwiki.platform:xwiki-platform-livetable-ui",3.5-milestone-1,14.10.9,MODERATE,CWE-402 -CVE-2023-38647,2023-07-26T09:30:15Z,"Deserialization vulnerability in Helix workflow and REST","org.apache.helix:helix-core",0,1.3.0,CRITICAL,CWE-502 -CVE-2023-38647,2023-07-26T09:30:15Z,"Deserialization vulnerability in Helix workflow and REST","org.apache.helix:helix-rest",0,1.3.0,CRITICAL,CWE-502 -CVE-2023-38889,2023-08-15T18:31:32Z,"Alluxio vulnerable to arbitrary code execution","org.alluxio:alluxio-parent",0,,CRITICAL,CWE-94 -CVE-2023-38905,2023-08-17T21:30:53Z,"Jeecg-boot SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,MODERATE,CWE-89 -CVE-2023-3894,2023-08-08T18:30:37Z,"Denial of service in jackson-dataformats-text","com.fasterxml.jackson.dataformat:jackson-dataformats-text",0,2.15.0,HIGH,CWE-20;CWE-400;CWE-787 -CVE-2023-38992,2023-07-28T15:30:23Z,"SQL injection in jeecg-boot","org.jeecgframework.boot:jeecg-boot-common",0,3.5.3,CRITICAL,CWE-89 -CVE-2023-39010,2023-07-28T15:30:23Z,"Code injection in BoofCV",org.boofcv:boofcv-core,0,0.43.1,CRITICAL,CWE-94 -CVE-2023-39013,2023-07-28T15:30:23Z,"Code injection in Duke","no.priv.garshol.duke:duke",0,,CRITICAL,CWE-74;CWE-94 -CVE-2023-39015,2023-07-28T15:30:23Z,"Code injection in webmagic-core","us.codecraft:webmagic-core",0,,CRITICAL,CWE-94 -CVE-2023-39018,2023-07-28T15:30:23Z,"FFmpeg discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.",net.bramp.ffmpeg:ffmpeg,0,,CRITICAL,CWE-94 -CVE-2023-39020,2023-07-28T15:30:23Z,"Code injection in stanford-parser","edu.stanford.nlp:stanford-parser",0,4.5.5,CRITICAL,CWE-94 -CVE-2023-39021,2023-07-28T15:30:23Z,"Code injection in wix-embedded-mysql","com.wix:wix-embedded-mysql",0,,CRITICAL,CWE-94 -CVE-2023-39022,2023-07-28T15:30:23Z,"Code injection in oscore",opensymphony:oscore,0,,CRITICAL,CWE-94 -CVE-2023-39106,2023-08-21T18:31:23Z,"Nacos Spring vulnerable to Unsafe Deserialization","com.alibaba.nacos:nacos-spring-context",0,,HIGH,CWE-502 -CVE-2023-39151,2023-07-26T15:30:57Z,"Jenkins Stored Cross-site Scripting vulnerability ","org.jenkins-ci.main:jenkins-core",0,2.401.3,HIGH,CWE-79 -CVE-2023-39151,2023-07-26T15:30:57Z,"Jenkins Stored Cross-site Scripting vulnerability ","org.jenkins-ci.main:jenkins-core",2.402,2.414.1,HIGH,CWE-79 -CVE-2023-39151,2023-07-26T15:30:57Z,"Jenkins Stored Cross-site Scripting vulnerability ","org.jenkins-ci.main:jenkins-core",2.415,2.416,HIGH,CWE-79 -CVE-2023-39152,2023-07-26T15:30:57Z,"Incorrect control flow in Jenkins Gradle Plugin breaks credentials masking in the build log","org.jenkins-ci.plugins:gradle",0,2.8.1,MODERATE,CWE-670 -CVE-2023-39153,2023-07-26T15:30:57Z,"CSRF vulnerability in GitLab Authentication Plugin","org.jenkins-ci.plugins:gitlab-oauth",0,1.18,MODERATE,CWE-352 -CVE-2023-39154,2023-07-26T15:30:57Z,"Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials ","com.qualys.plugins:qualys-was",0,2.0.11,MODERATE,CWE-863 -CVE-2023-39155,2023-07-26T15:30:57Z,"Secret displayed without masking by Chef Identity Plugin ","org.jenkins-ci.plugins:chef-identity",0,,LOW,CWE-200;CWE-668 -CVE-2023-39156,2023-07-26T15:30:57Z,"CSRF vulnerability in Bazaar Plugin ","org.jenkins-ci.plugins:bazaar",0,,MODERATE,CWE-352 -CVE-2023-39196,2024-02-07T15:30:48Z,"Apache Ozone Improper Authentication vulnerability","org.apache.ozone:ozone-main",1.2.0,1.4.0,MODERATE,CWE-287 -CVE-2023-39410,2023-09-29T18:30:22Z,"Apache Avro Java SDK vulnerable to Improper Input Validation",org.apache.avro:avro,0,1.11.3,HIGH,CWE-20;CWE-502 -CVE-2023-39685,2023-09-01T12:30:44Z,"hson-java vulnerable to denial of service",org.hjson:hjson,0,3.0.1,HIGH,CWE-125;CWE-94 -CVE-2023-3990,2023-07-28T09:30:29Z,"Cross-site Scripting in Mingsoft MCMS",net.mingsoft:ms-mcms,0,5.3.2,LOW,CWE-79 -CVE-2023-39913,2023-11-08T09:30:25Z,"Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability",org.apache.uima:uimaj,0,3.5.0,HIGH,CWE-20;CWE-502 -CVE-2023-40037,2023-08-19T00:30:29Z,"Apache NiFi Insufficient Property Validation vulnerability","org.apache.nifi:nifi-dbcp-base",1.21.0,1.23.1,MODERATE,CWE-184;CWE-697 -CVE-2023-40037,2023-08-19T00:30:29Z,"Apache NiFi Insufficient Property Validation vulnerability","org.apache.nifi:nifi-dbcp-service-api",1.21.0,1.23.1,MODERATE,CWE-184;CWE-697 -CVE-2023-40037,2023-08-19T00:30:29Z,"Apache NiFi Insufficient Property Validation vulnerability","org.apache.nifi:nifi-dbcp-service-bundle",1.21.0,1.23.1,MODERATE,CWE-184;CWE-697 -CVE-2023-40037,2023-08-19T00:30:29Z,"Apache NiFi Insufficient Property Validation vulnerability","org.apache.nifi:nifi-jms-processors",1.21.0,1.23.1,MODERATE,CWE-184;CWE-697 -CVE-2023-40167,2023-09-14T16:17:27Z,"Jetty accepts ""+"" prefixed value in Content-Length","org.eclipse.jetty:jetty-http",10.0.0,10.0.16,MODERATE,CWE-130 -CVE-2023-40167,2023-09-14T16:17:27Z,"Jetty accepts ""+"" prefixed value in Content-Length","org.eclipse.jetty:jetty-http",11.0.0,11.0.16,MODERATE,CWE-130 -CVE-2023-40167,2023-09-14T16:17:27Z,"Jetty accepts ""+"" prefixed value in Content-Length","org.eclipse.jetty:jetty-http",12.0.0,12.0.1,MODERATE,CWE-130 -CVE-2023-40167,2023-09-14T16:17:27Z,"Jetty accepts ""+"" prefixed value in Content-Length","org.eclipse.jetty:jetty-http",9.0.0,9.4.52,MODERATE,CWE-130 -CVE-2023-40176,2023-08-21T19:59:12Z,"XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer","org.xwiki.platform:xwiki-platform-web-templates",4.1-milestone-2,14.10.5,MODERATE,CWE-79 -CVE-2023-40177,2023-08-21T20:10:55Z,"XWiki Platform privilege escalation (PR) from account through AWM content fields","org.xwiki.platform:xwiki-platform-appwithinminutes-ui",4.3-milestone-2,14.10.5,CRITICAL,CWE-95 -CVE-2023-40191,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",2023.Q3,2023.Q3.6,CRITICAL,CWE-79 -CVE-2023-40191,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u44,,CRITICAL,CWE-79 -CVE-2023-40191,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.portal.bom",7.4.3.44,,CRITICAL,CWE-79 -CVE-2023-40311,2023-08-14T18:32:59Z,"OpenNMS vulnerable to Cross-site Scripting","org.opennms:opennms-webapp",31.0.8,32.0.2,MODERATE,CWE-79 -CVE-2023-40312,2023-08-14T18:32:59Z,"OpenNMS vulnerable to Cross-site Scripting","org.opennms:opennms-webapp",31.0.8,32.0.2,MODERATE,CWE-79 -CVE-2023-40313,2023-08-17T21:30:53Z,"OpenNMS vulnerable to remote code execution","org.opennms:opennms-base-assembly",0,32.0.2,HIGH,CWE-94 -CVE-2023-40314,2023-11-17T00:31:06Z,"OpenNMS Cross-site Scripting vulnerability","org.opennms:opennms-webapp",0,32.0.5,MODERATE,CWE-20;CWE-79 -CVE-2023-40315,2023-08-17T21:30:54Z,"OpenNMS privilege escalation vulnerability","org.opennms:opennms-webapp-rest",31.0.8,32.0.2,MODERATE,CWE-863 -CVE-2023-40336,2023-08-16T15:30:17Z,"Jenkins Folders Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:cloudbees-folder",0,6.848.ve3b,HIGH,CWE-352 -CVE-2023-40337,2023-08-16T15:30:17Z,"Jenkins Folders Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:cloudbees-folder",0,6.848.ve3b,MODERATE,CWE-352 -CVE-2023-40338,2023-08-16T15:30:17Z,"Jenkins Folders Plugin information disclosure vulnerability","org.jenkins-ci.plugins:cloudbees-folder",0,6.848.ve3b,MODERATE,CWE-209;CWE-532 -CVE-2023-40339,2023-08-16T15:30:18Z,"Jenkins Config File Provider Plugin improper credential masking vulnerability","org.jenkins-ci.plugins:config-file-provider",0,953.v0432a,MODERATE, -CVE-2023-40340,2023-08-16T15:30:18Z,"Jenkins NodeJS Plugin improper credential masking vulnerability","org.jenkins-ci.plugins:nodejs",0,1.6.1,MODERATE, -CVE-2023-40341,2023-08-16T15:30:18Z,"Jenkins Blue Ocean Plugin cross-site request forgery vulnerability","io.jenkins.blueocean:blueocean",0,1.27.5.1,MODERATE,CWE-352 -CVE-2023-40342,2023-08-16T15:30:18Z,"Jenkins Flaky Test Handler Plugin stored cross-site scripting vulnerability","org.jenkins-ci.plugins:flaky-test-handler",0,1.2.3,HIGH,CWE-79 -CVE-2023-40343,2023-08-16T15:30:18Z,"Jenkins Tuleap Authentication Plugin non-constant time token comparison","io.jenkins.plugins:tuleap-oauth",0,1.1.21,LOW,CWE-203 -CVE-2023-40344,2023-08-16T15:30:18Z,"Jenkins Delphix Plugin missing permission check","org.jenkins-ci.plugins:delphix",0,3.0.3,MODERATE,CWE-862 -CVE-2023-40345,2023-08-16T15:30:18Z,"Jenkins Delphix Plugin vulnerable to exposure of system-scoped credentials","org.jenkins-ci.plugins:delphix",0,3.0.3,MODERATE,CWE-522 -CVE-2023-40346,2023-08-16T15:30:18Z,"Jenkins Shortcut Job Plugin stored cross-site scripting vulnerability","io.jenkins.plugins:shortcut-job",0,0.5,HIGH,CWE-79 -CVE-2023-40347,2023-08-16T15:30:18Z,"Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin vulnerable to exposure of system-scoped credentials","org.jenkins-ci.plugins:maven-artifact-choicelistprovider",0,,MODERATE,CWE-522 -CVE-2023-40348,2023-08-16T15:30:18Z,"Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure","org.jenkins-ci.plugins:gogs-webhook",0,,MODERATE,CWE-200 -CVE-2023-40349,2023-08-16T15:30:18Z,"Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure","org.jenkins-ci.plugins:gogs-webhook",0,,MODERATE,CWE-665 -CVE-2023-40350,2023-08-16T15:30:18Z,"Jenkins Docker Swarm Plugin stored cross-site scripting vulnerability","org.jenkins-ci.plugins:docker-swarm",0,,HIGH,CWE-79 -CVE-2023-40351,2023-08-16T15:30:18Z,"Jenkins Favorite View Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:favorite-view",0,,MODERATE,CWE-352 -CVE-2023-4043,2023-11-03T09:32:49Z,"Eclipse Parsson Denial of Service vulnerability","org.eclipse.parsson:project",0,1.0.5,MODERATE,CWE-20;CWE-834 -CVE-2023-4043,2023-11-03T09:32:49Z,"Eclipse Parsson Denial of Service vulnerability","org.eclipse.parsson:project",1.1.0,1.1.4,MODERATE,CWE-20;CWE-834 -CVE-2023-40572,2023-08-23T20:37:04Z,"XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.4-rc-1,HIGH,CWE-352 -CVE-2023-40572,2023-08-23T20:37:04Z,"XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action","org.xwiki.platform:xwiki-platform-oldcore",3.2-milestone-3,14.10.9,HIGH,CWE-352 -CVE-2023-40573,2023-08-23T20:41:30Z,"XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution","com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler",1.3,,CRITICAL,CWE-284 -CVE-2023-40573,2023-08-23T20:41:30Z,"XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution","org.xwiki.platform:xwiki-platform-scheduler-api",0,14.10.9,CRITICAL,CWE-284 -CVE-2023-40573,2023-08-23T20:41:30Z,"XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution","org.xwiki.platform:xwiki-platform-scheduler-api",15.0-rc-1,15.4-rc-1,CRITICAL,CWE-284 -CVE-2023-4061,2023-11-08T03:30:32Z,"wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.wildfly.core:wildfly-controller",0,22.0.0.Final,MODERATE,CWE-200 -CVE-2023-40743,2023-09-05T15:30:25Z,"Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService",axis:axis,0,,CRITICAL,CWE-20;CWE-75 -CVE-2023-40743,2023-09-05T15:30:25Z,"Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService",org.apache.axis:axis,0,,CRITICAL,CWE-20;CWE-75 -CVE-2023-40771,2023-09-01T18:30:41Z,"DataEase vulnerable to SQL injection","io.dataease:dataease-plugin-common",0,,HIGH,CWE-89 -CVE-2023-40809,2023-11-18T06:30:23Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40810,2023-11-18T06:30:23Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40812,2023-11-18T06:30:23Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40813,2023-11-18T06:30:24Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40814,2023-11-18T06:30:24Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40815,2023-11-18T06:30:24Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40816,2023-11-18T06:30:24Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40817,2023-11-18T06:30:24Z,"Cross-site Scripting in OpenCRX","org.opencrx:opencrx-core-models",0,,MODERATE,CWE-79 -CVE-2023-40826,2023-08-29T00:32:04Z,"pf4j vulnerable to remote code execution via the zippluginPath parameter",org.pf4j:pf4j,0,,HIGH,CWE-22;CWE-94 -CVE-2023-40827,2023-08-29T00:32:04Z,"pf4j vulnerable to remote code execution via loadpluginPath parameter",org.pf4j:pf4j,0,,HIGH,CWE-22;CWE-94 -CVE-2023-40828,2023-08-29T00:32:04Z,"pf4j vulnerable to remote code execution via expandIfZip method in the extract function",org.pf4j:pf4j,0,,HIGH,CWE-22;CWE-94 -CVE-2023-40989,2023-09-22T21:30:23Z,"SQL injection in jeecgboot","org.jeecgframework.boot:jeecg-boot-common",0,3.6.0,CRITICAL,CWE-89 -CVE-2023-41034,2023-08-31T21:47:28Z,"DDFFileParser is vulnerable to XXE Attacks","org.eclipse.leshan:leshan-core",0,1.5.0,MODERATE,CWE-611 -CVE-2023-41034,2023-08-31T21:47:28Z,"DDFFileParser is vulnerable to XXE Attacks","org.eclipse.leshan:leshan-core",2.0.0-M1,2.0.0-M13,MODERATE,CWE-611 -CVE-2023-41041,2023-07-06T20:47:54Z,"Graylog user session is still usable after logout","org.graylog2:graylog2-server",1.0,5.0.9,LOW,CWE-613 -CVE-2023-41041,2023-07-06T20:47:54Z,"Graylog user session is still usable after logout","org.graylog2:graylog2-server",5.1.0,5.1.3,LOW,CWE-613 -CVE-2023-41044,2023-07-06T20:53:15Z,"Graylog server has partial path traversal vulnerability in Support Bundle feature","org.graylog2:graylog2-server",5.1.0,5.1.3,LOW,CWE-22 -CVE-2023-41045,2023-07-06T20:51:48Z,"Graylog vulnerable to insecure source port usage for DNS queries","org.graylog2:graylog2-server",0,5.0.9,LOW,CWE-345 -CVE-2023-41045,2023-07-06T20:51:48Z,"Graylog vulnerable to insecure source port usage for DNS queries","org.graylog2:graylog2-server",5.1.0,5.1.3,LOW,CWE-345 -CVE-2023-41046,2023-09-04T16:36:40Z,"Velocity execution without script right through VelocityCode and VelocityWiki property","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.4-rc-1,MODERATE,CWE-862 -CVE-2023-41046,2023-09-04T16:36:40Z,"Velocity execution without script right through VelocityCode and VelocityWiki property","org.xwiki.platform:xwiki-platform-oldcore",7.2,14.10.10,MODERATE,CWE-862 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.13,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M11,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.93,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.80,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability",org.apache.tomcat:tomcat,10.1.0-M1,10.1.13,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability",org.apache.tomcat:tomcat,11.0.0-M1,11.0.0-M11,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability",org.apache.tomcat:tomcat,8.5.0,8.5.93,MODERATE,CWE-601 -CVE-2023-41080,2023-08-25T21:30:48Z,"Apache Tomcat Open Redirect vulnerability",org.apache.tomcat:tomcat,9.0.0-M1,9.0.80,MODERATE,CWE-601 -CVE-2023-41327,2023-09-06T20:51:42Z,"WireMock Controlled Server Side Request Forgery vulnerability through URL","org.wiremock:wiremock-webhooks-extension",2.0.0,2.35.1,MODERATE,CWE-918 -CVE-2023-41327,2023-09-06T20:51:42Z,"WireMock Controlled Server Side Request Forgery vulnerability through URL","org.wiremock:wiremock-webhooks-extension",3.0.0,3.0.3,MODERATE,CWE-918 -CVE-2023-41329,2023-09-08T12:19:49Z,"Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes","com.github.tomakehurst:wiremock-jre8",0,2.35.1,LOW,CWE-290;CWE-350 -CVE-2023-41329,2023-09-08T12:19:49Z,"Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes","com.github.tomakehurst:wiremock-jre8-standalone",0,2.35.1,LOW,CWE-290;CWE-350 -CVE-2023-41329,2023-09-08T12:19:49Z,"Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes","org.wiremock:wiremock-standalone",0,3.0.3,LOW,CWE-290;CWE-350 -CVE-2023-41329,2023-09-08T12:19:49Z,"Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes",org.wiremock:wiremock,0,3.0.3,LOW,CWE-290;CWE-350 -CVE-2023-41339,2023-10-24T19:20:34Z,"Unsecured WMS dynamic styling sld= parameter affords blind unauthenticated SSRF","org.geoserver.web:gs-web-app",0,2.22.5,MODERATE,CWE-918 -CVE-2023-41339,2023-10-24T19:20:34Z,"Unsecured WMS dynamic styling sld= parameter affords blind unauthenticated SSRF","org.geoserver.web:gs-web-app",2.23.0,2.23.2,MODERATE,CWE-918 -CVE-2023-41339,2023-10-24T19:20:34Z,"Unsecured WMS dynamic styling sld= parameter affords blind unauthenticated SSRF",org.geoserver:gs-wms,0,2.22.5,MODERATE,CWE-918 -CVE-2023-41339,2023-10-24T19:20:34Z,"Unsecured WMS dynamic styling sld= parameter affords blind unauthenticated SSRF",org.geoserver:gs-wms,2.23.0,2.23.2,MODERATE,CWE-918 -CVE-2023-41542,2023-12-30T03:30:19Z,"Jeecg Boot SQL injection vulnerability","org.jeecgframework.boot:jeecg-boot-common",0,,CRITICAL,CWE-89 -CVE-2023-41543,2023-12-30T03:30:19Z,"Jeecg Boot SQL Injection","org.jeecgframework.boot:jeecg-boot-common",0,,CRITICAL,CWE-89 -CVE-2023-41544,2023-12-30T06:30:28Z,"JeecgBoot server-side template injection","org.jeecgframework.boot:jeecg-boot-common",0,,CRITICAL,CWE-94 -CVE-2023-41578,2023-09-08T21:30:35Z,"Jeecg boot arbitrary file read vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,HIGH,CWE-22 -CVE-2023-41835,2023-12-05T09:33:27Z,"Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability","org.apache.struts:struts2-core",0,2.5.32,HIGH,CWE-459 -CVE-2023-41835,2023-12-05T09:33:27Z,"Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability","org.apache.struts:struts2-core",6.0.0,6.1.2.2,HIGH,CWE-459 -CVE-2023-41835,2023-12-05T09:33:27Z,"Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability","org.apache.struts:struts2-core",6.2.0,6.3.0.1,HIGH,CWE-459 -CVE-2023-41877,2024-03-20T14:45:21Z,"GeoServer log file path traversal vulnerability",org.geoserver:gs-main,0,,HIGH,CWE-22 -CVE-2023-41886,2023-09-12T13:52:05Z,"OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack",org.openrefine:database,0,3.7.5,HIGH,CWE-89 -CVE-2023-41887,2023-09-12T13:52:54Z,"OpenRefine Remote Code execution in project import with mysql jdbc url attack",org.openrefine:database,0,3.7.5,CRITICAL,CWE-89 -CVE-2023-41900,2023-09-15T13:36:10Z,"Jetty's OpenId Revoked authentication allows one request","org.eclipse.jetty:jetty-openid",10.0.0,10.0.16,LOW,CWE-1390;CWE-287 -CVE-2023-41900,2023-09-15T13:36:10Z,"Jetty's OpenId Revoked authentication allows one request","org.eclipse.jetty:jetty-openid",11.0.0,11.0.16,LOW,CWE-1390;CWE-287 -CVE-2023-41900,2023-09-15T13:36:10Z,"Jetty's OpenId Revoked authentication allows one request","org.eclipse.jetty:jetty-openid",9.4.21,9.4.52.v20230823,LOW,CWE-1390;CWE-287 -CVE-2023-41916,2024-07-15T09:36:22Z,"Apache Linkis DataSource allows arbitrary file reading","org.apache.linkis:linkis-datasource",1.4.0,1.6.0,HIGH,CWE-552 -CVE-2023-41930,2023-09-06T15:30:26Z,"Path traversal in Jenkins Job Configuration History Plugin","org.jenkins-ci.plugins:jobConfigHistory",0,1229.v3039470161a_d,MODERATE,CWE-22 -CVE-2023-41931,2023-09-06T15:30:26Z,"XSS vulnerability in Jenkins Job Configuration History Plugin","org.jenkins-ci.plugins:jobConfigHistory",0,1229.v3039470161a_d,MODERATE,CWE-79 -CVE-2023-41932,2023-09-06T15:30:26Z,"Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin","org.jenkins-ci.plugins:jobConfigHistory",0,1229.v3039470161a_d,MODERATE,CWE-611 -CVE-2023-41933,2023-09-06T15:30:26Z,"Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability","org.jenkins-ci.plugins:jobConfigHistory",0,1229.v3039470161a_d,HIGH,CWE-611 -CVE-2023-41934,2023-09-06T15:30:26Z,"Improper masking of credentials in Jenkins Pipeline Maven Integration Plugin","org.jenkins-ci.plugins:pipeline-maven",0,1331.v003efa_fd6e81,MODERATE,CWE-532 -CVE-2023-41935,2023-09-06T15:30:26Z,"Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin","org.jenkins-ci.plugins:azure-ad",0,378.vd6e2874a,HIGH,CWE-697 -CVE-2023-41935,2023-09-06T15:30:26Z,"Non-constant time nonce comparison in Jenkins Microsoft Entra ID (previously Azure AD) Plugin","org.jenkins-ci.plugins:azure-ad",378.380.v545b,397.v907382dd9b,HIGH,CWE-697 -CVE-2023-41936,2023-09-06T15:30:26Z,"Jenkins Google Login Plugin non-constant time token comparison","org.jenkins-ci.plugins:google-login",0,1.8,HIGH,CWE-697 -CVE-2023-41937,2023-09-06T15:30:26Z,"SSRF vulnerability in Jenkins Bitbucket Push and Pull Request Plugin allows capturing credentials","io.jenkins.plugins:bitbucket-push-and-pull-request",2.4.0,2.8.4,HIGH,CWE-918 -CVE-2023-41938,2023-09-06T15:30:26Z,"CSRF vulnerability in Jenkins Ivy Plugin","org.jenkins-ci.plugins:ivy",0,,MODERATE,CWE-352 -CVE-2023-41939,2023-09-06T15:30:26Z,"Disabled permissions can be granted by Jenkins SSH2 Easy Plugin","org.jenkins-ci.plugins:ssh2easy",0,1.6,HIGH,CWE-281 -CVE-2023-41940,2023-09-06T15:30:26Z,"Stored XSS vulnerability in Jenkins TAP Plugin",org.tap4j:tap,0,,MODERATE,CWE-79 -CVE-2023-41941,2023-09-06T15:30:26Z,"Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs","org.jenkins-ci.plugins:aws-codecommit-trigger",0,,MODERATE,CWE-862 -CVE-2023-41942,2023-09-06T15:30:26Z,"CSRF vulnerability in Jenkins AWS CodeCommit Trigger Plugin","org.jenkins-ci.plugins:aws-codecommit-trigger",0,,MODERATE,CWE-352 -CVE-2023-41943,2023-09-06T15:30:26Z,"Missing permission check in Jenkins AWS CodeCommit Trigger Plugin ","org.jenkins-ci.plugins:aws-codecommit-trigger",0,,MODERATE,CWE-862 -CVE-2023-41944,2023-09-06T15:30:26Z,"HTML injection vulnerability in Jenkins AWS CodeCommit Trigger Plugin","org.jenkins-ci.plugins:aws-codecommit-trigger",0,,MODERATE,CWE-79 -CVE-2023-41945,2023-09-06T15:30:26Z,"Disabled permissions granted by Jenkins Assembla Auth Plugin","org.jenkins-ci.plugins:assembla-auth",0,,HIGH,CWE-862 -CVE-2023-41946,2023-09-06T15:30:26Z,"CSRF vulnerability in Jenkins Frugal Testing Plugin","io.jenkins.plugins:frugal-testing",0,,LOW,CWE-352 -CVE-2023-41947,2023-09-06T15:30:26Z,"Missing permission checks in Jenkins Frugal Testing Plugin","io.jenkins.plugins:frugal-testing",0,,MODERATE,CWE-862 -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.jdt:org.eclipse.jdt.ui",0,3.30.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.core.runtime",0,3.29.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.jface",0,3.31.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.platform",0,4.29.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.ui.forms",0,3.13.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.ui.ide",0,3.21.100,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.ui.workbench",0,3.130.0,MODERATE, -CVE-2023-4218,2023-11-30T19:52:54Z,"Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:org.eclipse.urischeme",0,1.3.100,MODERATE, -CVE-2023-42268,2023-09-08T21:30:35Z,"Jeecg boot SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,CRITICAL,CWE-89 -CVE-2023-42276,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-core,0,,CRITICAL,CWE-120 -CVE-2023-42276,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-json,0,,CRITICAL,CWE-120 -CVE-2023-42277,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-core,0,,CRITICAL,CWE-120 -CVE-2023-42277,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-json,0,,CRITICAL,CWE-120 -CVE-2023-42278,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-core,0,,HIGH,CWE-120 -CVE-2023-42278,2023-09-09T00:30:48Z,"hutool Buffer Overflow vulnerability",cn.hutool:hutool-json,0,,HIGH,CWE-120 -CVE-2023-42496,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",2023.Q3,2023.Q3.6,CRITICAL,CWE-79 -CVE-2023-42496,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.10.ep3,7.3.10.u34,CRITICAL,CWE-79 -CVE-2023-42496,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.10.ep1,,CRITICAL,CWE-79 -CVE-2023-42496,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.portal.bom",7.3.3,,CRITICAL,CWE-79 -CVE-2023-42498,2024-02-21T03:30:37Z,"Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",2023.Q3,2023.Q3.5,CRITICAL,CWE-79 -CVE-2023-42498,2024-02-21T03:30:37Z,"Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u4,,CRITICAL,CWE-79 -CVE-2023-42498,2024-02-21T03:30:37Z,"Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting","com.liferay.portal:release.portal.bom",7.4.3.8,,CRITICAL,CWE-79 -CVE-2023-42503,2023-09-14T09:30:28Z,"Apache Commons Compress denial of service vulnerability","org.apache.commons:commons-compress",1.22,1.24.0,MODERATE,CWE-20;CWE-400 -CVE-2023-42794,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,8.5.85,8.5.94,MODERATE,CWE-459 -CVE-2023-42794,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,9.0.70,9.0.81,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.14,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M12,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.94,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.81,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,10.1.0-M1,10.1.14,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,11.0.0-M1,11.0.0-M12,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,8.5.0,8.5.94,MODERATE,CWE-459 -CVE-2023-42795,2023-10-10T18:31:35Z,"Apache Tomcat Incomplete Cleanup vulnerability",org.apache.tomcat:tomcat,9.0.0-M1,9.0.81,MODERATE,CWE-459 -CVE-2023-42809,2024-08-05T21:29:22Z,"Redisson vulnerable to Deserialization of Untrusted Data",org.redisson:redisson,0,3.22.0,CRITICAL,CWE-502 -CVE-2023-4301,2023-08-22T00:31:11Z,"Jenkins Fortify Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:fortify",0,22.2.39,MODERATE,CWE-352 -CVE-2023-4302,2023-08-22T00:31:10Z,"Jenkins Fortify Plugin missing permission check","org.jenkins-ci.plugins:fortify",0,22.2.39,MODERATE,CWE-862 -CVE-2023-4303,2023-08-22T00:31:11Z,"Jenkins Fortify Plugin HTML injection vulnerability","org.jenkins-ci.plugins:fortify",0,22.2.39,MODERATE,CWE-79 -CVE-2023-43123,2023-11-23T12:30:23Z,"Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files ","org.apache.storm:storm-core",2.0.0,2.6.0,LOW,CWE-200 -CVE-2023-43494,2023-09-20T18:30:21Z,"Jenkins does not exclude sensitive build variables from search","org.jenkins-ci.main:jenkins-core",2.415,2.424,MODERATE, -CVE-2023-43494,2023-09-20T18:30:21Z,"Jenkins does not exclude sensitive build variables from search","org.jenkins-ci.main:jenkins-core",2.50,2.414.2,MODERATE, -CVE-2023-43495,2023-09-20T18:30:21Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",2.415,2.424,HIGH,CWE-79 -CVE-2023-43495,2023-09-20T18:30:21Z,"Jenkins Cross-site Scripting vulnerability","org.jenkins-ci.main:jenkins-core",2.50,2.414.2,HIGH,CWE-79 -CVE-2023-43496,2023-09-20T18:30:21Z,"Jenkins temporary plugin file created with insecure permissions ","org.jenkins-ci.main:jenkins-core",2.415,2.424,HIGH,CWE-276 -CVE-2023-43496,2023-09-20T18:30:21Z,"Jenkins temporary plugin file created with insecure permissions ","org.jenkins-ci.main:jenkins-core",2.50,2.414.2,HIGH,CWE-276 -CVE-2023-43497,2023-09-20T18:30:21Z,"Jenkins temporary uploaded file created with insecure permissions","org.jenkins-ci.main:jenkins-core",2.415,2.424,LOW,CWE-434 -CVE-2023-43497,2023-09-20T18:30:21Z,"Jenkins temporary uploaded file created with insecure permissions","org.jenkins-ci.main:jenkins-core",2.50,2.414.2,LOW,CWE-434 -CVE-2023-43498,2023-09-20T18:30:21Z,"Jenkins temporary uploaded file created with insecure permissions","org.jenkins-ci.main:jenkins-core",2.415,2.424,LOW,CWE-377 -CVE-2023-43498,2023-09-20T18:30:21Z,"Jenkins temporary uploaded file created with insecure permissions","org.jenkins-ci.main:jenkins-core",2.50,2.414.2,LOW,CWE-377 -CVE-2023-43499,2023-09-20T18:30:21Z,"Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,2.4.2,HIGH,CWE-79 -CVE-2023-43500,2023-09-20T18:30:21Z,"Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,2.4.2,MODERATE,CWE-352 -CVE-2023-43501,2023-09-20T18:30:21Z,"Jenkins Build Failure Analyzer Plugin missing permission check","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,2.4.2,MODERATE,CWE-862 -CVE-2023-43502,2023-09-20T18:30:21Z,"Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability","com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer",0,2.4.2,MODERATE,CWE-352 -CVE-2023-43642,2023-09-25T18:30:18Z,"snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact","org.xerial.snappy:snappy-java",0,1.1.10.4,HIGH,CWE-770 -CVE-2023-43643,2023-10-09T00:42:27Z,"mXSS in AntiSamy","org.owasp.antisamy:antisamy",0,1.7.4,MODERATE,CWE-79 -CVE-2023-43666,2023-10-16T09:30:19Z,"Insufficient Verification of Data Authenticity in Apache InLong",org.apache.inlong:inlong,1.4.0,1.9.0,MODERATE,CWE-345 -CVE-2023-43667,2023-10-16T09:30:19Z,"SQL Injection in Apache InLong",org.apache.inlong:inlong,1.4.0,1.8.0,HIGH,CWE-74;CWE-89 -CVE-2023-43668,2023-10-16T09:30:19Z,"Authorization Bypass in Apache InLong","org.apache.inlong:manager-pojo",1.4.0,1.9.0,CRITICAL,CWE-502;CWE-639 -CVE-2023-43795,2023-10-24T19:21:02Z,"WPS Server Side Request Forgery vulnerability","org.geoserver.extension:gs-wps-core",0,2.22.5,HIGH,CWE-918 -CVE-2023-43795,2023-10-24T19:21:02Z,"WPS Server Side Request Forgery vulnerability","org.geoserver.extension:gs-wps-core",2.23.0,2.23.2,HIGH,CWE-918 -CVE-2023-43961,2023-10-25T18:32:23Z,"SaToken authentication bypass vulnerability",cn.dev33:sa-token-core,0,1.36.0,HIGH,CWE-287;CWE-863 -CVE-2023-44483,2023-10-20T12:31:04Z,"Apache Santuario - XML Security for Java are vulnerable to private key disclosure","org.apache.santuario:xmlsec",0,2.2.6,MODERATE,CWE-532 -CVE-2023-44483,2023-10-20T12:31:04Z,"Apache Santuario - XML Security for Java are vulnerable to private key disclosure","org.apache.santuario:xmlsec",2.3.0,2.3.4,MODERATE,CWE-532 -CVE-2023-44483,2023-10-20T12:31:04Z,"Apache Santuario - XML Security for Java are vulnerable to private key disclosure","org.apache.santuario:xmlsec",3.0.0,3.0.3,MODERATE,CWE-532 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","com.typesafe.akka:akka-http-core",0,10.5.3,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","com.typesafe.akka:akka-http-core_2.11",0,,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","com.typesafe.akka:akka-http-core_2.12",0,10.5.3,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","com.typesafe.akka:akka-http-core_2.13",0,10.5.3,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat.embed:tomcat-embed-core",10.0.0,10.1.14,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M12,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.94,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat.embed:tomcat-embed-core",9.0.0,9.0.81,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat:tomcat-coyote",10.0.0,10.1.14,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat:tomcat-coyote",11.0.0-M1,11.0.0-M12,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.94,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.apache.tomcat:tomcat-coyote",9.0.0,9.0.81,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-common",10.0.0,10.0.17,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-common",11.0.0,11.0.17,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-common",9.3.0,9.4.53,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-server",10.0.0,10.0.17,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-server",11.0.0,11.0.17,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:http2-server",9.3.0,9.4.53,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:jetty-http2-common",12.0.0,12.0.2,MODERATE,CWE-400 -CVE-2023-44487,2023-10-10T21:28:24Z,"HTTP/2 Stream Cancellation Attack","org.eclipse.jetty.http2:jetty-http2-server",12.0.0,12.0.2,MODERATE,CWE-400 -CVE-2023-44794,2023-10-25T18:32:23Z,"SaToken privilege escalation vulnerability",cn.dev33:sa-token-core,0,1.37.0,CRITICAL,CWE-281;CWE-284 -CVE-2023-44981,2023-10-11T12:30:27Z,"Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper","org.apache.zookeeper:zookeeper",0,3.7.2,CRITICAL,CWE-639 -CVE-2023-44981,2023-10-11T12:30:27Z,"Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.8.0,3.8.3,CRITICAL,CWE-639 -CVE-2023-44981,2023-10-11T12:30:27Z,"Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper","org.apache.zookeeper:zookeeper",3.9.0,3.9.1,CRITICAL,CWE-639 -CVE-2023-45134,2023-10-25T21:09:06Z,"XWiki Platform XSS vulnerability from account in the create page form via template provider","org.xwiki.platform:xwiki-platform-web",3.1-milestone-1,13.4-rc-1,CRITICAL,CWE-79 -CVE-2023-45134,2023-10-25T21:09:06Z,"XWiki Platform XSS vulnerability from account in the create page form via template provider","org.xwiki.platform:xwiki-platform-web-templates",0,14.10.12,CRITICAL,CWE-79 -CVE-2023-45134,2023-10-25T21:09:06Z,"XWiki Platform XSS vulnerability from account in the create page form via template provider","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.5-rc-1,CRITICAL,CWE-79 -CVE-2023-45134,2023-10-25T21:09:06Z,"XWiki Platform XSS vulnerability from account in the create page form via template provider","org.xwiki.platform:xwiki-web-standard",2.4-milestone-2,3.1-milestone-1,CRITICAL,CWE-79 -CVE-2023-45135,2023-10-25T21:13:10Z,"XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title","org.xwiki.platform:xwiki-platform-web",7.2-milestone-2,14.10.12,CRITICAL,CWE-116 -CVE-2023-45135,2023-10-25T21:13:10Z,"XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title","org.xwiki.platform:xwiki-platform-web-templates",0,14.10.12,CRITICAL,CWE-116 -CVE-2023-45135,2023-10-25T21:13:10Z,"XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.5-rc-1,CRITICAL,CWE-116 -CVE-2023-45136,2023-10-25T21:13:37Z,"XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled","org.xwiki.platform:xwiki-platform-web-templates",12.0-rc-1,14.10.12,CRITICAL,CWE-79 -CVE-2023-45136,2023-10-25T21:13:37Z,"XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.5-rc-1,CRITICAL,CWE-79 -CVE-2023-45137,2023-10-25T21:14:07Z,"XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages","org.xwiki.platform:xwiki-platform-web",3.1-milestone-2,13.4-rc-1,CRITICAL,CWE-79 -CVE-2023-45137,2023-10-25T21:14:07Z,"XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages","org.xwiki.platform:xwiki-platform-web-templates",0,14.10.12,CRITICAL,CWE-79 -CVE-2023-45137,2023-10-25T21:14:07Z,"XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages","org.xwiki.platform:xwiki-platform-web-templates",15.0-rc-1,15.5-rc-1,CRITICAL,CWE-79 -CVE-2023-45138,2023-10-17T02:19:16Z,"XWiki Change Request Application UI XSS and remote code execution through change request title","org.xwiki.contrib.changerequest:application-changerequest-ui",0.11,1.9.2,CRITICAL,CWE-79 -CVE-2023-45144,2023-10-17T12:51:01Z,"XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter","com.xwiki.identity-oauth:identity-oauth-ui",1.0,1.6,CRITICAL,CWE-79 -CVE-2023-45146,2024-08-05T21:29:22Z,"XXL-RPC Deserialization of Untrusted Data vulnerability",com.xuxueli:xxl-rpc-core,0,,CRITICAL,CWE-502 -CVE-2023-45277,2023-10-19T18:30:30Z,"Yamcs Path Traversal vulnerability",org.yamcs:yamcs,0,5.8.7,HIGH,CWE-22 -CVE-2023-45278,2023-10-19T18:30:30Z,"Yamcs API Directory Traversal vulnerability",org.yamcs:yamcs,0,5.8.7,CRITICAL,CWE-22 -CVE-2023-45279,2023-10-20T00:30:24Z,"Yamcs Cross-site Scripting vulnerability",org.yamcs:yamcs,0,5.8.7,MODERATE,CWE-79 -CVE-2023-45280,2023-10-20T00:30:24Z,"Yamcs Cross-site Scripting vulnerability",org.yamcs:yamcs,0,5.8.7,MODERATE,CWE-79 -CVE-2023-45303,2023-10-06T21:30:49Z,"ThingsBoard Server-Side Template Injection","org.thingsboard:thingsboard",0,3.5,HIGH,CWE-74 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.14,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M12,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.94,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.81,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability",org.apache.tomcat:tomcat,10.1.0-M1,10.1.14,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability",org.apache.tomcat:tomcat,11.0.0-M1,11.0.0-M12,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability",org.apache.tomcat:tomcat,8.5.0,8.5.94,MODERATE,CWE-20 -CVE-2023-45648,2023-10-10T21:31:12Z,"Apache Tomcat Improper Input Validation vulnerability",org.apache.tomcat:tomcat,9.0.0-M1,9.0.81,MODERATE,CWE-20 -CVE-2023-45669,2023-10-17T13:23:20Z,"WebAuthn4J Spring Security Improper signature counter value handling","com.webauthn4j:webauthn4j-spring-security-core",0,0.9.1.RELEASE,MODERATE,CWE-287 -CVE-2023-45807,2023-10-17T14:25:36Z,"OpenSearch Issue with tenant read-only permissions","org.opensearch.plugin:opensearch-security",0,1.3.14.0,MODERATE,CWE-281 -CVE-2023-45807,2023-10-17T14:25:36Z,"OpenSearch Issue with tenant read-only permissions","org.opensearch.plugin:opensearch-security",2.0.0.0,2.11.0.0,MODERATE,CWE-281 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,0,,HIGH,CWE-281;CWE-922 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,4.2,,HIGH,CWE-281;CWE-922 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,5.0,,HIGH,CWE-281;CWE-922 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,5.1,,HIGH,CWE-281;CWE-922 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,5.2.0,5.2.5,HIGH,CWE-281;CWE-922 -CVE-2023-45859,2024-02-27T21:54:15Z,"Missing permission checks on Hazelcast client protocol",com.hazelcast:hazelcast,5.3.0,5.3.5,HIGH,CWE-281;CWE-922 -CVE-2023-4586,2023-10-04T12:30:14Z,"Withdrawn Advisory: Netty-handler does not validate host names by default",io.netty:netty-handler,4.1.0.Final,,MODERATE,CWE-295 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector","com.hazelcast:hazelcast-enterprise",0,,HIGH,CWE-89 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector","com.hazelcast:hazelcast-enterprise",5.2.0,5.2.5,HIGH,CWE-89 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector","com.hazelcast:hazelcast-enterprise",5.3.0,5.3.5,HIGH,CWE-89 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector",com.hazelcast:hazelcast,0,,HIGH,CWE-89 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector",com.hazelcast:hazelcast,5.2.0,5.2.5,HIGH,CWE-89 -CVE-2023-45860,2024-02-16T23:14:45Z,"Hazelcast Platform permission checking in CSV File Source connector",com.hazelcast:hazelcast,5.3.0,5.3.5,HIGH,CWE-89 -CVE-2023-45960,2023-10-25T18:32:23Z,"Withdrawn Advisory: dom4j XML Entity Expansion vulnerability",org.dom4j:dom4j,0,,MODERATE,CWE-776 -CVE-2023-46120,2023-10-24T01:49:09Z,"RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack",com.rabbitmq:amqp-client,0,5.18.0,MODERATE,CWE-400 -CVE-2023-46122,2023-10-24T01:51:04Z,"sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)",org.scala-sbt:io_2.12,1.0.0,1.9.7,LOW,CWE-22 -CVE-2023-46122,2023-10-24T01:51:04Z,"sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)",org.scala-sbt:io_2.13,1.0.0,1.9.7,LOW,CWE-22 -CVE-2023-46122,2023-10-24T01:51:04Z,"sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)",org.scala-sbt:io_3,1.0.0,1.9.7,LOW,CWE-22 -CVE-2023-46122,2023-10-24T01:51:04Z,"sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)",org.scala-sbt:sbt,0.3.4,1.9.7,LOW,CWE-22 -CVE-2023-46131,2023-12-20T21:12:09Z,"Grails data binding causes JVM crash and/or other denial of service","org.grails:grails-databinding",2.0.0,3.3.17,MODERATE,CWE-400 -CVE-2023-46131,2023-12-20T21:12:09Z,"Grails data binding causes JVM crash and/or other denial of service","org.grails:grails-databinding",4.0.0,4.1.3,MODERATE,CWE-400 -CVE-2023-46131,2023-12-20T21:12:09Z,"Grails data binding causes JVM crash and/or other denial of service","org.grails:grails-databinding",5.0.0,5.3.4,MODERATE,CWE-400 -CVE-2023-46131,2023-12-20T21:12:09Z,"Grails data binding causes JVM crash and/or other denial of service","org.grails:grails-databinding",6.0.0,6.1.0,MODERATE,CWE-400 -CVE-2023-46226,2024-01-15T12:30:19Z,"Remote Code Execution vulnerability in Apache IoTDB via UDF","org.apache.iotdb:iotdb-core",1.0.0,1.3.0,HIGH, -CVE-2023-46227,2023-10-19T12:30:23Z,"Apache InLong Deserialization of Untrusted Data Vulnerability","org.apache.inlong:manager-common",1.4.0,1.9.0,HIGH,CWE-502 -CVE-2023-46227,2023-10-19T12:30:23Z,"Apache InLong Deserialization of Untrusted Data Vulnerability","org.apache.inlong:manager-pojo",1.4.0,1.9.0,HIGH,CWE-502 -CVE-2023-46242,2023-11-07T22:35:24Z,"XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token","org.xwiki.platform:xwiki-platform-oldcore",1.0,14.10.7,CRITICAL,CWE-352;CWE-94 -CVE-2023-46242,2023-11-07T22:35:24Z,"XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token","org.xwiki.platform:xwiki-platform-oldcore",15.0,15.2-rc-1,CRITICAL,CWE-352;CWE-94 -CVE-2023-46243,2023-11-07T23:02:57Z,"XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action","org.xwiki.platform:xwiki-platform-oldcore",1.0,14.10.6,HIGH,CWE-94 -CVE-2023-46243,2023-11-07T23:02:57Z,"XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action","org.xwiki.platform:xwiki-platform-oldcore",15.0,15.2-rc-1,HIGH,CWE-94 -CVE-2023-46244,2023-11-07T23:03:57Z,"XWiki Platform privilege escalation from script right to programming right through title displayer","org.xwiki.platform:xwiki-platform-display-api",15.0,15.2-rc-1,CRITICAL,CWE-863 -CVE-2023-46244,2023-11-07T23:03:57Z,"XWiki Platform privilege escalation from script right to programming right through title displayer","org.xwiki.platform:xwiki-platform-display-api",3.2-milestone-3,14.10.7,CRITICAL,CWE-863 -CVE-2023-46279,2023-12-15T09:30:17Z,"Apache Dubbo: Bypass deny serialize list check in Apache Dubbo",org.apache.dubbo:dubbo,3.1.5,3.1.6,CRITICAL,CWE-502 -CVE-2023-4639,2024-11-17T12:30:29Z,"Undertow incorrectly parses cookies","io.undertow:undertow-core",0,2.2.30.Final,HIGH,CWE-444 -CVE-2023-4639,2024-11-17T12:30:29Z,"Undertow incorrectly parses cookies","io.undertow:undertow-core",2.3.0.Alpha1,2.3.11.Final,HIGH,CWE-444 -CVE-2023-46442,2024-05-24T20:09:40Z,"Soot Infinite Loop vulnerability",org.soot-oss:soot,0,4.4.1,HIGH,CWE-400;CWE-835 -CVE-2023-46502,2023-10-31T00:31:00Z,"OpenCRX allows a remote attacker to execute arbitrary code via a crafted request","org.opencrx:opencrx-client",0,5.3.0,CRITICAL,CWE-611;CWE-918 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.16,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M11,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.96,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.83,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat:tomcat-catalina",10.1.0-M1,10.1.16,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat:tomcat-catalina",11.0.0-M1,11.0.0-M11,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat:tomcat-catalina",8.5.0,8.5.96,HIGH,CWE-20;CWE-444 -CVE-2023-46589,2023-11-28T18:30:23Z,"Apache Tomcat Improper Input Validation vulnerability","org.apache.tomcat:tomcat-catalina",9.0.0-M1,9.0.83,HIGH,CWE-20;CWE-444 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-client",0,5.15.16,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-client",5.16.0,5.16.7,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-client",5.17.0,5.17.6,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-client",5.18.0,5.18.3,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-openwire-legacy",5.16.0,5.16.7,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-openwire-legacy",5.17.0,5.17.6,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-openwire-legacy",5.18.0,5.18.3,CRITICAL,CWE-502 -CVE-2023-46604,2023-10-27T15:30:20Z,"Apache ActiveMQ is vulnerable to Remote Code Execution","org.apache.activemq:activemq-openwire-legacy",5.8.0,5.15.16,CRITICAL,CWE-502 -CVE-2023-46650,2023-10-25T18:32:25Z,"Stored XSS vulnerability in Jenkins GitHub Plugin","com.coravy.hudson.plugins.github:github",0,1.37.3.1,HIGH,CWE-79 -CVE-2023-46651,2023-10-25T18:32:25Z,"Jenkins Warnings Plugin exposures system-scoped credentials","io.jenkins.plugins:warnings-ng",0,10.4.1,MODERATE,CWE-200;CWE-522 -CVE-2023-46651,2023-10-25T18:32:25Z,"Jenkins Warnings Plugin exposures system-scoped credentials","io.jenkins.plugins:warnings-ng",10.5.0,10.5.1,MODERATE,CWE-200;CWE-522 -CVE-2023-46652,2023-10-25T18:32:25Z,"Jenkins lambdatest-automation Plugin missing permission check","org.jenkins-ci.plugins:lambdatest-automation",0,1.20.10,MODERATE,CWE-862 -CVE-2023-46653,2023-10-25T18:32:25Z,"Jenkins lambdatest-automation Plugin may expose Credentials access token","org.jenkins-ci.plugins:lambdatest-automation",0,1.21.0,LOW,CWE-312 -CVE-2023-46654,2023-10-25T18:32:25Z,"Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion","org.jenkins-ci.plugins:electricflow",0,1.1.33,HIGH,CWE-22;CWE-59 -CVE-2023-46655,2023-10-25T18:32:25Z,"Jenkins CloudBees CD Plugin vulnerable to arbitrary file read","org.jenkins-ci.plugins:electricflow",0,1.1.33,MODERATE,CWE-22;CWE-59 -CVE-2023-46656,2023-10-25T18:32:25Z,"Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison","igalg.jenkins.plugins:multibranch-scan-webhook-trigger",0,,LOW,CWE-208;CWE-697 -CVE-2023-46657,2023-10-25T18:32:25Z,"Jenkins Gogs Plugin uses non-constant time webhook token comparison","org.jenkins-ci.plugins:gogs-webhook",0,,LOW,CWE-208;CWE-697 -CVE-2023-46658,2023-10-25T18:32:25Z,"Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison ","io.jenkins.plugins:teams-webhook-trigger",0,,LOW,CWE-208;CWE-697 -CVE-2023-46659,2023-10-25T18:32:25Z,"Jenkins Edgewall Trac Plugin vulnerable to Stored XSS","org.jenkins-ci.plugins:trac",0,,HIGH,CWE-79 -CVE-2023-46660,2023-10-25T18:32:25Z,"Non-constant time webhook token hash comparison in Jenkins Zanata Plugin","org.jenkins-ci.plugins:zanata",0,,LOW,CWE-208;CWE-697 -CVE-2023-46673,2023-11-22T12:30:26Z,"Elasticsearch Improper Handling of Exceptional Conditions","org.elasticsearch:elasticsearch",7.0.0,7.17.14,MODERATE,CWE-755 -CVE-2023-46673,2023-11-22T12:30:26Z,"Elasticsearch Improper Handling of Exceptional Conditions","org.elasticsearch:elasticsearch",8.0.0,8.10.3,MODERATE,CWE-755 -CVE-2023-46674,2023-12-05T18:30:23Z,"Elasticsearch-hadoop Unsafe Deserialization","org.elasticsearch:elasticsearch-hadoop",0,7.17.11,MODERATE,CWE-502 -CVE-2023-46674,2023-12-05T18:30:23Z,"Elasticsearch-hadoop Unsafe Deserialization","org.elasticsearch:elasticsearch-hadoop",8.0.0,8.9.0,MODERATE,CWE-502 -CVE-2023-46731,2023-11-08T14:51:06Z,"XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest","org.xwiki.platform:xwiki-platform-administration",0,14.10.14,CRITICAL,CWE-94;CWE-95 -CVE-2023-46731,2023-11-08T14:51:06Z,"XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest","org.xwiki.platform:xwiki-platform-administration-ui",0,14.10.14,CRITICAL,CWE-94;CWE-95 -CVE-2023-46731,2023-11-08T14:51:06Z,"XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest","org.xwiki.platform:xwiki-platform-administration-ui",15.0-rc-1,15.5.1,CRITICAL,CWE-94;CWE-95 -CVE-2023-46732,2023-11-08T14:51:37Z,"XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",15.0-rc-1,15.5.1,CRITICAL,CWE-79;CWE-80 -CVE-2023-46732,2023-11-08T14:51:37Z,"XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu","org.xwiki.platform:xwiki-platform-flamingo-skin-resources",9.7-rc-1,14.10.14,CRITICAL,CWE-79;CWE-80 -CVE-2023-46749,2024-01-15T12:30:19Z,"Apache Shiro vulnerable to path traversal","org.apache.shiro:shiro-core",0,1.13.0,MODERATE,CWE-22 -CVE-2023-46749,2024-01-15T12:30:19Z,"Apache Shiro vulnerable to path traversal","org.apache.shiro:shiro-core",2.0.0alpha1,2.0.0-alpha4,MODERATE,CWE-22 -CVE-2023-46750,2023-12-14T09:30:19Z,"Open redirect in Apache Shiro","org.apache.shiro:shiro-web",0,1.13.0,MODERATE,CWE-601 -CVE-2023-46750,2023-12-14T09:30:19Z,"Open redirect in Apache Shiro","org.apache.shiro:shiro-web",2.0.0-alpha-1,2.0.0-alpha-4,MODERATE,CWE-601 -CVE-2023-46801,2024-07-15T09:36:22Z,"Apache Linkis DataSource remote code execution vulnerability","org.apache.linkis:linkis-datasource",1.4.0,1.6.0,HIGH,CWE-502 -CVE-2023-47112,2023-11-16T20:13:06Z,"Authenticated users can view job names and groups they do not have authorization to view",org.rundeck:rundeckapp,4.17.0,4.17.3,MODERATE,CWE-862 -CVE-2023-47320,2023-12-13T15:30:57Z,"Broken access control in Silverpeas","org.silverpeas.core:silverpeas-core-war",0,6.3.2,LOW,CWE-284 -CVE-2023-47320,2023-12-13T15:30:57Z,"Broken access control in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,LOW,CWE-284 -CVE-2023-47321,2023-12-13T15:30:58Z,"Broken access control in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,MODERATE,CWE-284 -CVE-2023-47322,2023-12-13T15:30:58Z,"Cross Site Request Forgery in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,HIGH,CWE-352;CWE-79 -CVE-2023-47323,2023-12-13T15:30:58Z,"Missing access control in Silverpeas","org.silverpeas.core:silverpeas-core-api",0,6.3.2,HIGH, -CVE-2023-47323,2023-12-13T15:30:58Z,"Missing access control in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,HIGH, -CVE-2023-47324,2023-12-13T15:30:58Z,"Cross-site Scripting in silverpeas","org.silverpeas.core:silverpeas-core-api",0,6.3.2,MODERATE,CWE-79 -CVE-2023-47324,2023-12-13T15:30:58Z,"Cross-site Scripting in silverpeas","org.silverpeas.core:silverpeas-core-configuration",0,6.3.2,MODERATE,CWE-79 -CVE-2023-47324,2023-12-13T15:30:58Z,"Cross-site Scripting in silverpeas","org.silverpeas.core:silverpeas-core-war",0,6.3.2,MODERATE,CWE-79 -CVE-2023-47324,2023-12-13T15:30:58Z,"Cross-site Scripting in silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,MODERATE,CWE-79 -CVE-2023-47325,2023-12-13T15:30:58Z,"Broken access control in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,MODERATE,CWE-284 -CVE-2023-47326,2023-12-13T15:30:58Z,"Cross Site Request Forgery in Silverpeas","org.silverpeas.core:silverpeas-core",0,6.3.2,HIGH,CWE-352 -CVE-2023-47327,2023-12-13T15:30:58Z,"Broken access control in Silverpeas","org.silverpeas.core:silverpeas-core-web",0,6.3.2,MODERATE,CWE-284 -CVE-2023-47467,2023-11-22T18:30:57Z,"Directory Traversal in jeecg-boot","org.jeecgframework.boot:jeecg-boot-common",0,,MODERATE,CWE-22 -CVE-2023-4759,2023-09-18T15:30:18Z,"Arbitrary File Overwrite in Eclipse JGit ","org.eclipse.jgit:org.eclipse.jgit",0,5.13.3.202401111512-r,HIGH,CWE-178 -CVE-2023-4759,2023-09-18T15:30:18Z,"Arbitrary File Overwrite in Eclipse JGit ","org.eclipse.jgit:org.eclipse.jgit",6.0.0.202111291000-r,6.6.1.202309021850-r,HIGH,CWE-178 -CVE-2023-47795,2024-02-21T15:30:45Z,"Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",2023.Q3,2023.Q3.6,CRITICAL,CWE-79 -CVE-2023-47795,2024-02-21T15:30:45Z,"Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u18,2023.Q3.6,CRITICAL,CWE-79 -CVE-2023-47795,2024-02-21T15:30:45Z,"Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",7.4.3.18,,CRITICAL,CWE-79 -CVE-2023-47797,2023-11-17T06:31:22Z,"Liferay Portal XSS with `p_l_back_url_title` on edit content page","com.liferay.portal:release.portal.bom",7.4.3.94,7.4.3.96,CRITICAL,CWE-79 -CVE-2023-47798,2024-02-08T03:32:45Z,"Liferay Portal's account lockout does not invalidate existing user sessions","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp5,MODERATE,CWE-384 -CVE-2023-47798,2024-02-08T03:32:45Z,"Liferay Portal's account lockout does not invalidate existing user sessions","com.liferay.portal:release.portal.bom",7.2.0,7.3.1,MODERATE,CWE-384 -CVE-2023-48087,2023-11-15T15:30:21Z,"xxl-job-admin vulnerable to Insecure Permissions","com.xuxueli:xxl-job-admin",0,,MODERATE,CWE-732 -CVE-2023-48088,2023-11-15T15:30:21Z,"xxl-job-admin vulnerable to Cross Site Scripting","com.xuxueli:xxl-job-admin",0,,MODERATE,CWE-79 -CVE-2023-48089,2023-11-15T15:30:21Z,"xxl-job-admin vulnerable to Remote Code Execution","com.xuxueli:xxl-job-admin",0,,HIGH, -CVE-2023-48222,2023-11-16T20:48:46Z,"Authenticated Rundeck users can view or delete jobs they do not have authorization for.",org.rundeck:rundeck,4.12.0,4.17.3,HIGH,CWE-862 -CVE-2023-48240,2023-11-20T21:00:05Z,"Cookies are sent to external images in rendered diff (and server side request forgery)","org.xwiki.platform:xwiki-platform-diff-xml",11.10.1,14.10.15,CRITICAL,CWE-201;CWE-918 -CVE-2023-48240,2023-11-20T21:00:05Z,"Cookies are sent to external images in rendered diff (and server side request forgery)","org.xwiki.platform:xwiki-platform-diff-xml",15.0-rc-1,15.5.1,CRITICAL,CWE-201;CWE-918 -CVE-2023-48240,2023-11-20T21:00:05Z,"Cookies are sent to external images in rendered diff (and server side request forgery)","org.xwiki.platform:xwiki-platform-diff-xml",15.6-rc-1,15.6,CRITICAL,CWE-201;CWE-918 -CVE-2023-48241,2023-11-20T21:00:44Z,"Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service","org.xwiki.platform:xwiki-platform-search-solr-query",15.0-rc-1,15.5.1,HIGH,CWE-285 -CVE-2023-48241,2023-11-20T21:00:44Z,"Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service","org.xwiki.platform:xwiki-platform-search-solr-query",6.3-milestone-2,14.10.15,HIGH,CWE-285 -CVE-2023-48292,2023-11-20T21:01:07Z,"Run Shell Command allows Cross-Site Request Forgery","org.xwiki.contrib:xwiki-application-admintools",4.4,4.5.1,CRITICAL,CWE-352 -CVE-2023-48293,2023-11-20T21:01:25Z,"Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries","org.xwiki.contrib:xwiki-application-admintools",0,4.5.1,HIGH,CWE-352 -CVE-2023-48362,2024-07-24T09:30:40Z,"XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill","org.apache.drill.exec:drill-java-exec",1.19.0,1.21.2,HIGH,CWE-611 -CVE-2023-48396,2024-07-30T09:32:05Z,"Apache SeaTunnel Web Authentication vulnerability","org.apache.seatunnel:seatunnel-web",0,1.0.1,HIGH,CWE-290 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-csrf-reactive",0,2.16.11.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-csrf-reactive",3.0.0,3.2.6.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-csrf-reactive",3.3.0,3.3.3,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-keycloak-authorization",0,2.16.11.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-keycloak-authorization",3.0.0,3.2.6.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-keycloak-authorization",3.3.0,3.3.3,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-undertow",0,2.16.11.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-undertow",3.0.0,3.2.6.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-undertow",3.3.0,3.3.3,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-vertx-http",0,2.16.11.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-vertx-http",3.0.0,3.2.6.Final,HIGH,CWE-148;CWE-863 -CVE-2023-4853,2023-09-20T12:30:22Z,"Quarkus HTTP vulnerable to incorrect evaluation of permissions","io.quarkus:quarkus-vertx-http",3.3.0,3.3.3,HIGH,CWE-148;CWE-863 -CVE-2023-48796,2023-11-24T09:30:28Z,"Apache DolphinScheduler sensitive information disclosure","org.apache.dolphinscheduler:dolphinscheduler",3.0.0,3.0.2,HIGH,CWE-200 -CVE-2023-48848,2023-11-28T18:30:23Z,"ureport arbitrary file read vulnerability","com.bstek.ureport:ureport2-core",0,,HIGH,CWE-22 -CVE-2023-48887,2023-12-02T00:31:05Z,"Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request","org.jupiter-rpc:jupiter-rpc",0,,CRITICAL,CWE-502;CWE-94 -CVE-2023-48910,2023-12-04T18:30:32Z,"Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download","io.github.microcks:microcks",0,1.17.1,CRITICAL,CWE-918 -CVE-2023-48967,2023-12-04T18:30:32Z,"Solon is vulnerable to Deserialization of Untrusted Data",org.noear:solon,0,,CRITICAL,CWE-502 -CVE-2023-49068,2023-11-27T12:30:55Z,"Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability","org.apache.dolphinscheduler:dolphinscheduler-api",0,3.2.1,MODERATE,CWE-200 -CVE-2023-49093,2023-12-04T23:13:30Z,"HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL",org.htmlunit:htmlunit,0,3.9.0,CRITICAL,CWE-94 -CVE-2023-49109,2024-02-20T12:30:58Z,"Remote Code Execution in Apache Dolphinscheduler","org.apache.dolphinscheduler:dolphinscheduler",3.0.0,3.2.1,CRITICAL,CWE-94 -CVE-2023-49145,2023-11-28T00:30:33Z,"Improper Neutralization of Input in Advanced User Interface for Jolt","org.apache.nifi:nifi-jolt-transform-json-ui",0,1.24.0,HIGH,CWE-79 -CVE-2023-4918,2023-09-12T21:10:37Z,"Keycloak vulnerable to Plaintext Storage of User Password","org.keycloak:keycloak-core",22.0.2,22.0.3,HIGH,CWE-256;CWE-319 -CVE-2023-49198,2024-08-21T12:30:25Z,"Apache SeaTunnel SQL Injection vulnerability","org.apache.seatunnel:seatunnel",1.0.0,1.0.1,HIGH,CWE-552 -CVE-2023-49250,2024-02-20T12:31:00Z,"Improper Certificate Validation in Apache DolphinScheduler","org.apache.dolphinscheduler:dolphinscheduler",0,3.2.1,HIGH,CWE-295 -CVE-2023-49280,2023-12-05T19:45:33Z,"Data leak of password hash through change requests","org.xwiki.contrib.changerequest:application-changerequest-default",0.1,1.10,HIGH,CWE-522 -CVE-2023-49299,2023-12-30T18:30:37Z,"Apache DolphinScheduler: Arbitrary js execute as root for authenticated users","org.apache.dolphinscheduler:dolphinscheduler-master",0,3.1.9,HIGH,CWE-20 -CVE-2023-49371,2023-12-01T15:31:22Z,"RuoYi vulnerable to SQL injection vulnerability",com.ruoyi:ruoyi,0,,CRITICAL,CWE-89 -CVE-2023-49372,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49373,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49374,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via /admin/slide/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49375,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49376,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49377,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via /admin/tag/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49378,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via /admin/form/save",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49379,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49380,2023-12-05T15:30:37Z,"Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49381,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/div/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49382,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/div/delete",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49383,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/tag/save",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49395,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/category/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49396,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/category/save",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49397,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49398,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/category/delete",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49446,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/nav/save",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49447,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via /admin/nav/update",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49448,2023-12-05T15:30:38Z,"Cross-Site Request Forgery in JFinalCMS via admin/nav/delete",com.jfinal:jfinal,0,,HIGH,CWE-352 -CVE-2023-49485,2023-12-08T15:30:19Z,"Cross-site Scripting in JFinalCMS",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-49486,2023-12-08T15:30:19Z,"Cross-site Scripting in JFinalCMS",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-49487,2023-12-08T15:30:19Z,"Cross-site Scripting in JFinalCMS",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-49566,2024-07-15T09:36:23Z,"Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability","org.apache.linkis:linkis-datasource",0,1.6.0,HIGH,CWE-502 -CVE-2023-49620,2023-11-30T09:30:32Z,"Apache DolphinScheduler Missing Authorization vulnerability","org.apache.dolphinscheduler:dolphinscheduler-api",0,3.1.0,MODERATE,CWE-862 -CVE-2023-49620,2023-11-30T09:30:32Z,"Apache DolphinScheduler Missing Authorization vulnerability","org.apache.dolphinscheduler:dolphinscheduler-common",0,3.1.0,MODERATE,CWE-862 -CVE-2023-49620,2023-11-30T09:30:32Z,"Apache DolphinScheduler Missing Authorization vulnerability","org.apache.dolphinscheduler:dolphinscheduler-dao",0,3.1.0,MODERATE,CWE-862 -CVE-2023-49620,2023-11-30T09:30:32Z,"Apache DolphinScheduler Missing Authorization vulnerability","org.apache.dolphinscheduler:dolphinscheduler-service",0,3.1.0,MODERATE,CWE-862 -CVE-2023-49652,2023-11-29T15:30:21Z,"Jenkins Google Compute Engine Plugin has incorrect permission checks","org.jenkins-ci.plugins:google-compute-engine",0,4.3.17.1,MODERATE,CWE-862 -CVE-2023-49652,2023-11-29T15:30:21Z,"Jenkins Google Compute Engine Plugin has incorrect permission checks","org.jenkins-ci.plugins:google-compute-engine",4.5,4.551.v5a,MODERATE,CWE-862 -CVE-2023-49653,2023-11-29T15:30:21Z,"Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials","org.jenkins-ci.plugins:jira",0,3.12,MODERATE,CWE-522 -CVE-2023-49654,2023-11-29T15:30:21Z,"Jenkins MATLAB Plugin missing permission checks","org.jenkins-ci.plugins:matlab",0,2.11.1,HIGH,CWE-862 -CVE-2023-49655,2023-11-29T15:30:21Z,"Jenkins MATLAB Plugin cross-site request forgery vulnerability","org.jenkins-ci.plugins:matlab",0,2.11.1,HIGH,CWE-352 -CVE-2023-49656,2023-11-29T15:30:21Z,"Jenkins MATLAB Plugin XML External Entity vulnerability","org.jenkins-ci.plugins:matlab",0,2.11.1,HIGH,CWE-611 -CVE-2023-49673,2023-11-29T15:30:21Z,"Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability","io.jenkins.plugins:neuvector-vulnerability-scanner",0,2.2,MODERATE,CWE-352 -CVE-2023-49674,2023-11-29T15:30:21Z,"Jenkins NeuVector Vulnerability Scanner Plugin missing permission check","io.jenkins.plugins:neuvector-vulnerability-scanner",0,2.2,MODERATE,CWE-862 -CVE-2023-49733,2023-11-30T12:30:18Z,"Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability",org.apache.cocoon:cocoon,2.2.0,2.3.0,CRITICAL,CWE-611 -CVE-2023-49735,2023-12-01T00:31:00Z,"Apache Tiles: Unvalidated input may lead to path traversal and XXE","org.apache.tiles:tiles-core",2.0.0,,HIGH,CWE-22;CWE-776 -CVE-2023-49898,2023-12-15T15:30:27Z,"Apache StreamPark: Authenticated system users could trigger remote command execution","org.apache.streampark:streampark",2.0.0,2.1.2,CRITICAL,CWE-77 -CVE-2023-49921,2024-07-26T06:30:47Z,"Elasticsearch Insertion of Sensitive Information into Log File","org.elasticsearch:elasticsearch",0,7.17.16,MODERATE,CWE-532 -CVE-2023-49921,2024-07-26T06:30:47Z,"Elasticsearch Insertion of Sensitive Information into Log File","org.elasticsearch:elasticsearch",8.0.0,8.11.2,MODERATE,CWE-532 -CVE-2023-50100,2023-12-14T18:30:21Z,"Cross-site Scripting in JFinalcms",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-50101,2023-12-14T18:30:21Z,"Cross-site Scripting in JFinalcms",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-50102,2023-12-14T18:30:21Z,"Cross-site Scripting in JFinalcms",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-50137,2023-12-14T18:30:21Z,"Cross-site Scripting in JFinalcms",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2023-50164,2023-12-07T09:30:45Z,"Apache Struts vulnerable to path traversal","org.apache.struts:struts2-core",2.0.0,2.5.33,CRITICAL,CWE-552 -CVE-2023-50164,2023-12-07T09:30:45Z,"Apache Struts vulnerable to path traversal","org.apache.struts:struts2-core",6.0.0,6.3.0.2,CRITICAL,CWE-552 -CVE-2023-50270,2024-02-20T12:31:00Z,"Session Fixation Apache DolphinScheduler","org.apache.dolphinscheduler:dolphinscheduler",1.3.8,3.2.1,MODERATE,CWE-613 -CVE-2023-50290,2024-01-15T12:30:19Z,"Apache Solr allows read access to host environmet variables","org.apache.solr:solr-core",9.0.0,9.3.0,MODERATE,CWE-200 -CVE-2023-50291,2024-02-09T18:31:07Z,"Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies","org.apache.solr:solr-core",6.0.0,8.11.3,MODERATE,CWE-522 -CVE-2023-50291,2024-02-09T18:31:07Z,"Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies","org.apache.solr:solr-core",9.0.0,9.3.0,MODERATE,CWE-522 -CVE-2023-50292,2024-02-09T18:31:07Z,"Apache Solr Schema Designer blindly ""trusts"" all configsets","org.apache.solr:solr-core",8.10.0,8.11.3,LOW,CWE-732 -CVE-2023-50292,2024-02-09T18:31:07Z,"Apache Solr Schema Designer blindly ""trusts"" all configsets","org.apache.solr:solr-core",9.0.0,9.3.0,LOW,CWE-732 -CVE-2023-50298,2024-02-09T18:31:07Z,"Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds","org.apache.solr:solr-solrj",6.0.0,8.11.3,MODERATE,CWE-200;CWE-922 -CVE-2023-50298,2024-02-09T18:31:07Z,"Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds","org.apache.solr:solr-solrj",9.0.0,9.4.1,MODERATE,CWE-200;CWE-922 -CVE-2023-50298,2024-02-09T18:31:07Z,"Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds","org.apache.solr:solr-solrj-streaming",6.0.0,8.11.3,MODERATE,CWE-200;CWE-922 -CVE-2023-50298,2024-02-09T18:31:07Z,"Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds","org.apache.solr:solr-solrj-streaming",9.0.0,9.4.1,MODERATE,CWE-200;CWE-922 -CVE-2023-50378,2024-03-01T15:31:38Z,"Apache Ambari: Various Cross site scripting problems",org.apache.ambari:ambari,0,2.7.8,MODERATE,CWE-20;CWE-79 -CVE-2023-50379,2024-02-27T09:31:16Z,"Apache Ambari: authenticated users could perform command injection to perform RCE","org.apache.ambari.contrib.views:ambari-contrib-views",2.7.0,2.7.8,HIGH,CWE-94 -CVE-2023-50380,2024-02-27T18:31:02Z,"Apache Ambari XML External Entity injection","org.apache.ambari.contrib.views:wfmanager",2.7.0,2.7.8,MODERATE,CWE-611 -CVE-2023-50386,2024-02-09T18:31:07Z,"Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets ","org.apache.solr:solr-core",6.0.0,8.11.3,MODERATE,CWE-434 -CVE-2023-50386,2024-02-09T18:31:07Z,"Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets ","org.apache.solr:solr-core",9.0.0,9.4.1,MODERATE,CWE-434 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security.xsuaa:spring-xsuaa",0,2.17.0,CRITICAL,CWE-269 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security.xsuaa:spring-xsuaa",3.0.0,3.3.0,CRITICAL,CWE-269 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:java-security",0,2.17.0,CRITICAL,CWE-269 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:java-security",3.0.0,3.3.0,CRITICAL,CWE-269 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:spring-security",0,2.17.0,CRITICAL,CWE-269 -CVE-2023-50422,2023-12-13T13:33:57Z,"Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:spring-security",3.0.0,3.3.0,CRITICAL,CWE-269 -CVE-2023-50449,2023-12-10T18:30:18Z,"Directory Traversal in JFinalCMS",com.jfinal:jfinal,0,,HIGH,CWE-22 -CVE-2023-50570,2023-12-29T15:30:37Z,"IPAddress Infinite Loop vulnerability (Disputed)","com.github.seancfoley:ipaddress",0,,MODERATE,CWE-835 -CVE-2023-50572,2023-12-29T15:30:37Z,"JLine vulnerable to out of memory error",org.jline:jline-parent,0,3.25.0,MODERATE,CWE-122;CWE-787 -CVE-2023-50578,2023-12-30T18:30:35Z,"Mingsoft MCMS SQL injection",net.mingsoft:ms-mcms,0,,HIGH,CWE-89 -CVE-2023-50719,2023-12-16T00:03:54Z,"Solr search discloses password hashes of all users","org.xwiki.platform:xwiki-platform-search-solr-api",15.0-rc-1,15.5.2,HIGH,CWE-200;CWE-312 -CVE-2023-50719,2023-12-16T00:03:54Z,"Solr search discloses password hashes of all users","org.xwiki.platform:xwiki-platform-search-solr-api",15.6-rc-1,15.7-rc-1,HIGH,CWE-200;CWE-312 -CVE-2023-50719,2023-12-16T00:03:54Z,"Solr search discloses password hashes of all users","org.xwiki.platform:xwiki-platform-search-solr-api",7.2-milestone-2,14.10.15,HIGH,CWE-200;CWE-312 -CVE-2023-5072,2023-11-14T22:24:08Z,"Java: DoS Vulnerability in JSON-JAVA",org.json:json,0,20231013,HIGH,CWE-358 -CVE-2023-50720,2023-12-16T00:32:25Z,"Solr search discloses email addresses of users","org.xwiki.platform:xwiki-platform-search-solr-api",0,14.10.15,MODERATE,CWE-200 -CVE-2023-50720,2023-12-16T00:32:25Z,"Solr search discloses email addresses of users","org.xwiki.platform:xwiki-platform-search-solr-api",15.0-rc-1,15.5.2,MODERATE,CWE-200 -CVE-2023-50720,2023-12-16T00:32:25Z,"Solr search discloses email addresses of users","org.xwiki.platform:xwiki-platform-search-solr-api",15.6-rc-1,15.7-rc-1,MODERATE,CWE-200 -CVE-2023-50721,2023-12-16T00:35:25Z,"Remote code execution from account through SearchAdmin","org.xwiki.platform:xwiki-platform-search-ui",15.0-rc-1,15.5.2,CRITICAL,CWE-94 -CVE-2023-50721,2023-12-16T00:35:25Z,"Remote code execution from account through SearchAdmin","org.xwiki.platform:xwiki-platform-search-ui",15.6-rc-1,15.7-rc-1,CRITICAL,CWE-94 -CVE-2023-50721,2023-12-16T00:35:25Z,"Remote code execution from account through SearchAdmin","org.xwiki.platform:xwiki-platform-search-ui",4.5-rc-1,14.10.15,CRITICAL,CWE-94 -CVE-2023-50722,2023-12-16T00:39:39Z,"XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass","org.xwiki.platform:xwiki-platform-administration-ui",15.0-rc-1,15.5.2,CRITICAL,CWE-352 -CVE-2023-50722,2023-12-16T00:39:39Z,"XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass","org.xwiki.platform:xwiki-platform-administration-ui",15.6-rc-1,15.7-rc-1,CRITICAL,CWE-352 -CVE-2023-50722,2023-12-16T00:39:39Z,"XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass","org.xwiki.platform:xwiki-platform-administration-ui",2.3,14.10.15,CRITICAL,CWE-352 -CVE-2023-50723,2023-12-16T00:40:04Z,"Remote code execution/programming rights with configuration section from any user account","org.xwiki.platform:xwiki-platform-administration-ui",15.0-rc-1,15.5.2,CRITICAL,CWE-94;CWE-95 -CVE-2023-50723,2023-12-16T00:40:04Z,"Remote code execution/programming rights with configuration section from any user account","org.xwiki.platform:xwiki-platform-administration-ui",15.6-rc-1,15.7-rc-1,CRITICAL,CWE-94;CWE-95 -CVE-2023-50723,2023-12-16T00:40:04Z,"Remote code execution/programming rights with configuration section from any user account","org.xwiki.platform:xwiki-platform-administration-ui",2.3,14.10.15,CRITICAL,CWE-94;CWE-95 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_2.13",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_3",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_native0.4_2.13",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_native0.4_3",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_sjs1_2.13",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","edu.gemini:gsp-graphql-core_sjs1_3",0,,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_2.13",0,0.18.0,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_3",0,0.18.0,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_native0.4_2.13",0,0.18.0,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_native0.4_3",0,0.18.0,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_sjs1_2.13",0,0.18.0,HIGH,CWE-400 -CVE-2023-50730,2023-12-18T23:26:52Z,"Grackle has StackOverflowError in GraphQL query processing","org.typelevel:grackle-core_sjs1_3",0,0.18.0,HIGH,CWE-400 -CVE-2023-50732,2023-12-19T21:39:31Z,"Velocity execution without script right through tree macro","org.xwiki.platform:xwiki-platform-index-tree-macro",15.0-rc-1,15.2-rc-1,HIGH,CWE-863 -CVE-2023-50732,2023-12-19T21:39:31Z,"Velocity execution without script right through tree macro","org.xwiki.platform:xwiki-platform-index-tree-macro",8.3-rc-1,14.10.7,HIGH,CWE-863 -CVE-2023-50740,2024-03-06T15:31:04Z,"Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged",org.apache.linkis:linkis,0,1.5.0,MODERATE,CWE-532 -CVE-2023-50764,2023-12-13T18:31:04Z,"Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin ","org.jenkins-ci.plugins:scriptler",0,,HIGH, -CVE-2023-50765,2023-12-13T18:31:04Z,"Missing permission check in Jenkins Scriptler Plugin","org.jenkins-ci.plugins:scriptler",0,,MODERATE,CWE-862 -CVE-2023-50766,2023-12-13T18:31:04Z,"Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability","org.sonatype.nexus.ci:nexus-jenkins-plugin",0,3.18.1-01,HIGH,CWE-352 -CVE-2023-50767,2023-12-13T18:31:04Z,"Jenkins Nexus Platform Plugin missing permission check","org.sonatype.nexus.ci:nexus-jenkins-plugin",0,3.18.1-01,HIGH,CWE-862 -CVE-2023-50768,2023-12-13T18:31:04Z,"Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability","org.sonatype.nexus.ci:nexus-jenkins-plugin",0,3.18.1-01,MODERATE,CWE-352 -CVE-2023-50769,2023-12-13T18:31:04Z,"Jenkins Nexus Platform Plugin missing permission check","org.sonatype.nexus.ci:nexus-jenkins-plugin",0,3.18.1-01,MODERATE,CWE-862 -CVE-2023-50770,2023-12-13T18:31:04Z,"Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin ","org.jenkins-ci.plugins:oic-auth",0,4.229.vf736b,MODERATE,CWE-312;CWE-522 -CVE-2023-50771,2023-12-13T18:31:04Z,"Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin ","org.jenkins-ci.plugins:oic-auth",0,3.0,MODERATE,CWE-601 -CVE-2023-50772,2023-12-13T18:31:04Z,"Tokens stored in plain text by Dingding JSON Pusher Plugin ","com.zintow:dingding-json-pusher",0,,MODERATE,CWE-312 -CVE-2023-50773,2023-12-13T18:31:04Z,"Displayed in plain text by Dingding JSON Pusher Plugin ","com.zintow:dingding-json-pusher",0,,MODERATE,CWE-200;CWE-312 -CVE-2023-50774,2023-12-13T18:31:04Z,"Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin","org.jenkins-ci.plugins:htmlresource",0,,HIGH,CWE-352 -CVE-2023-50775,2023-12-13T18:31:04Z," Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin","org.jenkins-ci.plugins:ec2-deployment-dashboard",0,,MODERATE,CWE-352 -CVE-2023-50776,2023-12-13T18:31:04Z,"Tokens stored in plain text by PaaSLane Estimate Plugin ","com.cloudtp.jenkins:paaslane-estimate",0,,MODERATE,CWE-312 -CVE-2023-50777,2023-12-13T18:31:04Z,"Tokens stored in plain text by PaaSLane Estimate Plugin ","com.cloudtp.jenkins:paaslane-estimate",0,,MODERATE,CWE-312 -CVE-2023-50778,2023-12-13T18:31:04Z,"Cross-Site Request Forgery in Jenkins PaaSLane Estimate Plugin","com.cloudtp.jenkins:paaslane-estimate",0,,MODERATE,CWE-352 -CVE-2023-50779,2023-12-13T18:31:04Z,"Missing permission check in Jenkins PaaSLane Estimate Plugin","com.cloudtp.jenkins:paaslane-estimate",0,,MODERATE,CWE-862 -CVE-2023-50780,2024-10-14T18:30:25Z,"Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans","org.apache.activemq:artemis-cli",0,2.29.0,HIGH,CWE-285 -CVE-2023-51074,2023-12-27T21:31:01Z,"json-path Out-of-bounds Write vulnerability","com.jayway.jsonpath:json-path",2.2.0,2.9.0,MODERATE,CWE-787 -CVE-2023-51075,2023-12-27T21:31:01Z,"hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function",cn.hutool:hutool-core,0,5.8.24,HIGH,CWE-835 -CVE-2023-51080,2023-12-27T21:31:01Z,"hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method",cn.hutool:hutool-core,5.8.22,5.8.25,HIGH,CWE-787 -CVE-2023-51084,2023-12-27T21:31:01Z,"hyavijava stack overflow vulnerability",com.github:hyavijava,0,,CRITICAL,CWE-787 -CVE-2023-51282,2024-01-16T03:30:20Z,"Code injection in mingSoft MCMS",net.mingsoft:ms-mcms,0,,HIGH,CWE-94 -CVE-2023-51437,2024-02-07T12:30:25Z,"Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability","org.apache.pulsar:pulsar-broker-auth-sasl",0,2.11.3,HIGH,CWE-200;CWE-203 -CVE-2023-51437,2024-02-07T12:30:25Z,"Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability","org.apache.pulsar:pulsar-broker-auth-sasl",3.0.0,3.0.2,HIGH,CWE-200;CWE-203 -CVE-2023-51437,2024-02-07T12:30:25Z,"Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability","org.apache.pulsar:pulsar-broker-auth-sasl",3.1.0,3.1.1,HIGH,CWE-200;CWE-203 -CVE-2023-51441,2024-01-06T12:30:34Z,"Apache Axis Improper Input Validation vulnerability",axis:axis,0,,HIGH,CWE-20;CWE-918 -CVE-2023-51441,2024-01-06T12:30:34Z,"Apache Axis Improper Input Validation vulnerability",org.apache.axis:axis,0,,HIGH,CWE-20;CWE-918 -CVE-2023-51444,2024-03-20T14:54:59Z,"Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API","org.geoserver:gs-platform",0,2.23.4,HIGH,CWE-20;CWE-434 -CVE-2023-51444,2024-03-20T14:54:59Z,"Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API","org.geoserver:gs-platform",2.24.0,2.24.1,HIGH,CWE-20;CWE-434 -CVE-2023-51444,2024-03-20T14:54:59Z,"Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API","org.geoserver:gs-restconfig",0,2.23.4,HIGH,CWE-20;CWE-434 -CVE-2023-51444,2024-03-20T14:54:59Z,"Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API","org.geoserver:gs-restconfig",2.24.0,2.24.1,HIGH,CWE-20;CWE-434 -CVE-2023-51445,2024-03-20T14:58:17Z,"Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API","org.geoserver:gs-restconfig",0,2.23.3,MODERATE,CWE-79 -CVE-2023-51518,2024-02-27T09:31:16Z,"Apache James server: Privilege escalation via JMX pre-authentication deserialization","org.apache.james:james-server",0,3.7.5,CRITICAL,CWE-502 -CVE-2023-51518,2024-02-27T09:31:16Z,"Apache James server: Privilege escalation via JMX pre-authentication deserialization","org.apache.james:james-server",3.8.0,3.8.1,CRITICAL,CWE-502 -CVE-2023-51656,2023-12-21T12:30:29Z,"Apache IoTDB: Unsafe deserialize map in Sync Tool","org.apache.iotdb:iotdb-parent",0.13.0,1.2.2,HIGH,CWE-502 -CVE-2023-51747,2024-02-27T15:30:31Z,"SMTP smuggling in Apache James","org.apache.james:james-server",0,3.7.5,HIGH,CWE-20;CWE-290 -CVE-2023-51747,2024-02-27T15:30:31Z,"SMTP smuggling in Apache James","org.apache.james:james-server",3.8.0,3.8.1,HIGH,CWE-20;CWE-290 -CVE-2023-51770,2024-02-20T12:31:00Z,"Arbitrary File Read Vulnerability in Apache Dolphinscheduler","org.apache.dolphinscheduler:dolphinscheduler",0,3.2.1,HIGH,CWE-94 -CVE-2023-51775,2024-02-29T03:33:14Z,"jose4j denial of service via specifically crafted JWE",org.bitbucket.b_c:jose4j,0,0.9.4,MODERATE,CWE-400 -CVE-2023-51784,2024-01-03T12:30:21Z,"Apache InLong Manager Remote Code Execution vulnerability","org.apache.inlong:manager-pojo",1.5.0,1.10.0,CRITICAL,CWE-94 -CVE-2023-51785,2024-01-03T12:30:21Z,"Apache InLong Manager Arbitrary File Read Vulnerability","org.apache.inlong:manager-pojo",1.5.0,1.10.0,HIGH,CWE-502 -CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,0,5.2.11,HIGH,CWE-287 -CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.3.0,5.3.8,HIGH,CWE-287 -CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.4.0,5.4.7,HIGH,CWE-287 -CVE-2023-51982,2024-01-30T03:30:30Z,"CrateDB authentication bypass vulnerability",io.crate:crate,5.5.0,5.5.2,HIGH,CWE-287 -CVE-2023-5236,2023-12-28T21:30:37Z,"Infinispan circular object references causes out of memory errors","org.infinispan.protostream:protostream",0,4.6.2.Final,HIGH,CWE-1047 -CVE-2023-52428,2024-02-11T06:30:27Z,"Denial of Service in Connect2id Nimbus JOSE+JWT","com.nimbusds:nimbus-jose-jwt",0,9.37.2,HIGH,CWE-400;CWE-770 -CVE-2023-5245,2023-11-15T15:30:21Z,"Zip slip in mleap","ml.combust.mleap:mleap-runtime_2.12",0,0.23.1,HIGH,CWE-22 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-jdbc-common",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-remote",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-cachestore-sql",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-client-hotrod",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-commons",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-core",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",0,14.0.25.Final,MODERATE,CWE-312 -CVE-2023-5384,2023-12-28T18:30:32Z,"Infinispan caches credentials in clear text","org.infinispan:infinispan-hotrod",15.0.0.Dev01,15.0.0.Dev07,MODERATE,CWE-312 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",0,3.2.10.Final,MODERATE,CWE-285;CWE-287 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",3.3.0,3.6.9,MODERATE,CWE-285;CWE-287 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common",3.7.0,3.7.1,MODERATE,CWE-285;CWE-287 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common-deployment",0,3.2.10.Final,MODERATE,CWE-285;CWE-287 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common-deployment",3.3.0,3.6.9,MODERATE,CWE-285;CWE-287 -CVE-2023-5675,2024-04-25T18:30:39Z,"Quarkus: authorization flaw in quarkus resteasy reactive and classic","io.quarkus:quarkus-resteasy-reactive-common-deployment",3.7.0,3.7.1,MODERATE,CWE-285;CWE-287 -CVE-2023-5685,2024-03-22T21:30:56Z,"XNIO denial of service vulnerability",org.jboss.xnio:xnio-api,0,3.8.14.Final,HIGH,CWE-400 -CVE-2023-5720,2023-11-15T15:30:21Z,"Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain","io.quarkus:quarkus-project",3.0.0.CR1,,HIGH,CWE-526 -CVE-2023-5763,2023-11-03T09:32:49Z,"Eclipse Glassfish remote code execution issue","org.glassfish.main.orb:orb-connector",5.0.0,7.0.0,MODERATE,CWE-20;CWE-913 -CVE-2023-6038,2023-11-16T18:30:31Z,"H2O local file inclusion vulnerability",ai.h2o:h2o-core,0,,CRITICAL,CWE-29;CWE-862 -CVE-2023-6134,2023-12-18T19:31:02Z,"Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri","org.keycloak:keycloak-services",0,23.0.3,MODERATE,CWE-75 -CVE-2023-6147,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability","com.qualys.plugins:qualys-pc",0,1.0.6,MODERATE,CWE-611 -CVE-2023-6148,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability","com.qualys.plugins:qualys-pc",0,1.0.6,MODERATE,CWE-79 -CVE-2023-6149,2024-01-09T09:30:29Z,"Qualys Jenkins Plugin for WAS XML External Entity vulnerability","com.qualys.plugins:qualys-was",0,2.0.12,MODERATE,CWE-611 -CVE-2023-6236,2024-04-10T15:30:37Z,"WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log","org.wildfly.security:wildfly-elytron-http-oidc",0,2.2.5.Final,HIGH,CWE-345 -CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",0,2.13.9.Final,HIGH,CWE-280;CWE-502;CWE-755 -CVE-2023-6267,2024-01-25T21:32:14Z,"Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability","io.quarkus.resteasy.reactive:resteasy-reactive",3.0.0.Final,3.2.9.Final,HIGH,CWE-280;CWE-502;CWE-755 -CVE-2023-6291,2023-12-21T18:25:30Z,"The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted","org.keycloak:keycloak-services",0,23.0.3,HIGH,CWE-20 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-classic",0,1.2.13,HIGH,CWE-502 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-classic",1.3.0,1.3.12,HIGH,CWE-502 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-classic",1.4.0,1.4.12,HIGH,CWE-502 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-core",0,1.2.13,HIGH,CWE-502 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-core",1.3.0,1.3.12,HIGH,CWE-502 -CVE-2023-6378,2023-11-29T12:30:16Z,"logback serialization vulnerability","ch.qos.logback:logback-core",1.4.0,1.4.12,HIGH,CWE-502 -CVE-2023-6393,2023-12-06T18:31:05Z,"Quarkus Cache Runtime exposes sensitive information to an unauthorized actor",io.quarkus:quarkus-cache,3.2.0.CR1,3.2.9.Final,MODERATE,CWE-200 -CVE-2023-6393,2023-12-06T18:31:05Z,"Quarkus Cache Runtime exposes sensitive information to an unauthorized actor",io.quarkus:quarkus-cache,3.3.0.CR1,3.5.2,MODERATE,CWE-200 -CVE-2023-6394,2023-12-09T03:30:15Z,"Authorization bypass in Quarkus","io.quarkus:quarkus-smallrye-graphql-client",0,2.13.9.Final,HIGH,CWE-696;CWE-862 -CVE-2023-6394,2023-12-09T03:30:15Z,"Authorization bypass in Quarkus","io.quarkus:quarkus-smallrye-graphql-client",2.14.0,3.5.3,HIGH,CWE-696;CWE-862 -CVE-2023-6481,2023-12-04T09:30:23Z,"Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data","ch.qos.logback:logback-core",1.2.12,1.2.13,HIGH, -CVE-2023-6481,2023-12-04T09:30:23Z,"Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data","ch.qos.logback:logback-core",1.3.13,1.3.14,HIGH, -CVE-2023-6481,2023-12-04T09:30:23Z,"Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data","ch.qos.logback:logback-core",1.4.13,1.4.14,HIGH, -CVE-2023-6484,2024-04-17T18:24:03Z,"Keycloak vulnerable to log Injection during WebAuthn authentication or registration","org.keycloak:keycloak-services",0,22.0.9,MODERATE,CWE-117 -CVE-2023-6484,2024-04-17T18:24:03Z,"Keycloak vulnerable to log Injection during WebAuthn authentication or registration","org.keycloak:keycloak-services",23.0.0,23.0.5,MODERATE,CWE-117 -CVE-2023-6544,2024-04-17T17:33:29Z,"Keycloak Authorization Bypass vulnerability","org.keycloak:keycloak-services",0,22.0.10,MODERATE,CWE-625 -CVE-2023-6544,2024-04-17T17:33:29Z,"Keycloak Authorization Bypass vulnerability","org.keycloak:keycloak-services",23.0.0,24.0.3,MODERATE,CWE-625 -CVE-2023-6563,2023-12-14T18:30:22Z,"Allocation of Resources Without Limits in Keycloak","org.keycloak:keycloak-model-jpa",0,21.0.0,HIGH,CWE-770 -CVE-2023-6717,2024-04-17T17:33:04Z,"Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow","org.keycloak:keycloak-services",0,22.0.10,MODERATE,CWE-20;CWE-601;CWE-79 -CVE-2023-6717,2024-04-17T17:33:04Z,"Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow","org.keycloak:keycloak-services",23.0.0,24.0.3,MODERATE,CWE-20;CWE-601;CWE-79 -CVE-2023-6787,2024-04-17T18:25:29Z,"Keycloak vulnerable to session hijacking via re-authentication","org.keycloak:keycloak-services",0,22.0.10,MODERATE,CWE-287;CWE-384;CWE-613 -CVE-2023-6787,2024-04-17T18:25:29Z,"Keycloak vulnerable to session hijacking via re-authentication","org.keycloak:keycloak-services",23.0.0,24.0.3,MODERATE,CWE-287;CWE-384;CWE-613 -CVE-2023-6835,2023-12-15T12:30:25Z,"WSO2 API Manager allows attackers to change the API rating","org.wso2.carbon.apimgt:forum",0,,MODERATE,CWE-20 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack","org.wso2.carbon.analytics-common:org.wso2.carbon.event.input.adapter.core",0,5.2.23,MODERATE,CWE-611 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack","org.wso2.carbon.commons:org.wso2.carbon.ntask.core",0,4.7.24,MODERATE,CWE-611 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack","org.wso2.carbon.event-processing:org.wso2.carbon.event.processor.core",0,2.2.12,MODERATE,CWE-611 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack","org.wso2.carbon.governance:org.wso2.carbon.governance.common",0,4.8.13,MODERATE,CWE-611 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack","org.wso2.carbon.registry:org.wso2.carbon.registry.extensions",0,4.7.31,MODERATE,CWE-611 -CVE-2023-6836,2023-12-15T12:30:25Z,"WSO2 products vulnerable to XML External Entity attack",org.wso2.am:wso2am,0,4.0.0-beta,MODERATE,CWE-611 -CVE-2023-6837,2023-12-15T12:30:25Z,"Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning","org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework",0,5.20.254,HIGH, -CVE-2023-6837,2023-12-15T12:30:25Z,"Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning","org.wso2.identity.apps:authentication-portal",0,1.6.179.1,HIGH, -CVE-2023-6841,2024-09-10T18:30:44Z,"Keycloak Denial of Service vulnerability","org.keycloak:keycloak-core",0,24.0.0,HIGH,CWE-231 -CVE-2023-6886,2023-12-17T03:30:19Z,"Xnx3 Wangmarket Cross-Site Scripting vulnerability","com.xnx3.wangmarket:wangmarket",0,,MODERATE,CWE-79 -CVE-2023-6911,2023-12-22T18:30:30Z,"WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability","org.wso2.carbon.registry:carbon-registry",0,4.7.37,MODERATE,CWE-79 -CVE-2023-6927,2023-12-19T00:30:21Z,"Keycloak Open Redirect vulnerability","org.keycloak:keycloak-parent",0,,MODERATE,CWE-601 -CVE-2023-7148,2023-12-29T03:30:29Z,"ShifuML shifu code injection vulnerability",ml.shifu:shifu,0,,MODERATE,CWE-94 -CVE-2023-7272,2024-07-17T15:30:50Z,"Eclipse Parsson stack overflow when parsing deeply nested input","org.eclipse.parsson:parsson",0,1.0.4,CRITICAL,CWE-787 -CVE-2023-7272,2024-07-17T15:30:50Z,"Eclipse Parsson stack overflow when parsing deeply nested input","org.eclipse.parsson:parsson",1.1.0,1.1.3,CRITICAL,CWE-787 -CVE-2024-0758,2024-01-19T21:30:36Z,"JavaScript execution via malicious molfiles (XSS)","de.ipb-halle:molecularfaces",0,0.3.0,MODERATE,CWE-79 -CVE-2024-10039,2024-11-25T19:40:46Z,"Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination ","org.keycloak:keycloak-core",0,,HIGH,CWE-295 -CVE-2024-10039,2024-11-25T19:40:46Z,"Keycloak mTLS Authentication Bypass via Reverse Proxy TLS Termination ","org.keycloak:keycloak-core",25.0.0,26.0.6,HIGH,CWE-295 -CVE-2024-1023,2024-03-27T09:30:40Z,"Eclipse Vert.x memory leak",io.vertx:vertx-core,4.4.5,4.4.7,MODERATE,CWE-119;CWE-200 -CVE-2024-1023,2024-03-27T09:30:40Z,"Eclipse Vert.x memory leak",io.vertx:vertx-core,4.5.0,4.5.2,MODERATE,CWE-119;CWE-200 -CVE-2024-10270,2024-11-25T18:32:12Z,"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",0,24.0.9,HIGH,CWE-1333 -CVE-2024-10270,2024-11-25T18:32:12Z,"org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",25.0.0,26.0.6,HIGH,CWE-1333 -CVE-2024-10451,2024-11-25T18:41:17Z,"Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",0,24.0.9,HIGH,CWE-798 -CVE-2024-10451,2024-11-25T18:41:17Z,"Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,HIGH,CWE-798 -CVE-2024-10492,2024-11-25T18:37:14Z,"Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",0,26.0.6,MODERATE,CWE-73 -CVE-2024-10492,2024-11-25T18:37:14Z,"Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-73 -CVE-2024-1102,2024-04-25T18:30:39Z,"Jberet: jberet-core logging database credentials",org.jberet:jberet-core,0,2.2.1.Final,MODERATE,CWE-200;CWE-523;CWE-532 -CVE-2024-1132,2024-04-17T18:25:08Z,"Keycloak path traversal vulnerability in redirection validation","org.keycloak:keycloak-services",0,22.0.10,HIGH,CWE-22 -CVE-2024-1132,2024-04-17T18:25:08Z,"Keycloak path traversal vulnerability in redirection validation","org.keycloak:keycloak-services",23.0.0,24.0.3,HIGH,CWE-22 -CVE-2024-1143,2024-02-02T16:55:25Z,"Central Dogma Authentication Bypass Vulnerability via Session Leakage","com.linecorp.centraldogma:centraldogma-server",0,0.64.1,CRITICAL, -CVE-2024-1233,2024-04-09T09:31:10Z,"WildFly Elytron: SSRF security issue","org.wildfly.security:wildfly-elytron-realm-token",0,,HIGH,CWE-918 -CVE-2024-12369,2024-12-09T21:31:02Z,"WildFly Elytron OpenID Connect Client Extension authorization code injection attack","org.wildfly:wildfly-elytron-oidc-client-subsystem",0,,MODERATE,CWE-345 -CVE-2024-12397,2024-12-12T09:31:35Z,"io.quarkus.http/quarkus-http-core: Quarkus HTTP Cookie Smuggling","io.quarkus.http:quarkus-http-core",0,5.3.4,HIGH,CWE-444 -CVE-2024-1249,2024-04-17T18:24:38Z,"Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS","org.keycloak:keycloak-services",0,22.0.10,HIGH,CWE-346 -CVE-2024-1249,2024-04-17T18:24:38Z,"Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS","org.keycloak:keycloak-services",23.0.0,24.0.3,HIGH,CWE-346 -CVE-2024-1300,2024-04-02T09:30:42Z,"Eclipse Vert.x vulnerable to a memory leak in TCP servers",io.vertx:vertx-core,4.3.4,4.4.8,MODERATE,CWE-400 -CVE-2024-1300,2024-04-02T09:30:42Z,"Eclipse Vert.x vulnerable to a memory leak in TCP servers",io.vertx:vertx-core,4.5.0,4.5.3,MODERATE,CWE-400 -CVE-2024-1459,2024-02-12T21:30:55Z,"Undertow Path Traversal vulnerability","io.undertow:undertow-core",0,2.2.31.Final,MODERATE,CWE-24 -CVE-2024-1459,2024-02-12T21:30:55Z,"Undertow Path Traversal vulnerability","io.undertow:undertow-core",2.3.0.Alpha1,2.3.12.Final,MODERATE,CWE-24 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",0,42.2.28,CRITICAL,CWE-89 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",42.3.0,42.3.9,CRITICAL,CWE-89 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",42.4.0,42.4.4,CRITICAL,CWE-89 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",42.5.0,42.5.5,CRITICAL,CWE-89 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",42.6.0,42.6.1,CRITICAL,CWE-89 -CVE-2024-1597,2024-02-21T23:33:43Z,"org.postgresql:postgresql vulnerable to SQL Injection via line comment generation","org.postgresql:postgresql",42.7.0,42.7.2,CRITICAL,CWE-89 -CVE-2024-1635,2024-02-20T00:30:36Z,"Undertow Uncontrolled Resource Consumption Vulnerability","io.undertow:undertow-core",0,2.2.31.Final,HIGH,CWE-400 -CVE-2024-1635,2024-02-20T00:30:36Z,"Undertow Uncontrolled Resource Consumption Vulnerability","io.undertow:undertow-core",2.3.0.Final,2.3.12.Final,HIGH,CWE-400 -CVE-2024-1722,2024-02-29T03:33:17Z,"Keycloak DoS via account lockout","org.keycloak:keycloak-core",0,24.0.0,LOW,CWE-645 -CVE-2024-1726,2024-04-25T18:30:39Z,"Quarkus: security checks in resteasy reactive may trigger a denial of service","io.quarkus.resteasy.reactive:resteasy-reactive",0,3.2.11.Final,MODERATE,CWE-281 -CVE-2024-1726,2024-04-25T18:30:39Z,"Quarkus: security checks in resteasy reactive may trigger a denial of service","io.quarkus.resteasy.reactive:resteasy-reactive",3.3.0.CR1,3.7.4,MODERATE,CWE-281 -CVE-2024-1726,2024-04-25T18:30:39Z,"Quarkus: security checks in resteasy reactive may trigger a denial of service","io.quarkus.resteasy.reactive:resteasy-reactive",3.8.0.CR1,3.8.0,MODERATE,CWE-281 -CVE-2024-1735,2024-02-26T20:04:37Z,"Armeria SAML authentication bypass due to missing validation on unsigned SAML messages","com.linecorp.armeria:armeria-saml",0,1.27.2,CRITICAL,CWE-304 -CVE-2024-1979,2024-03-13T12:31:06Z,"In Quarkus, git credentials could be inadvertently published","io.quarkus:quarkus-kubernetes-deployment",0,3.7.3,LOW,CWE-200 -CVE-2024-20925,2024-02-17T03:30:29Z,"Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project",org.openjfx:javafx-media,0,17.0.10,LOW, -CVE-2024-20925,2024-02-17T03:30:29Z,"Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project",org.openjfx:javafx-media,18,21.0.2,LOW, -CVE-2024-21490,2024-02-10T06:30:19Z,"angular vulnerable to super-linear runtime due to backtracking","org.webjars.bower:angular",1.3.0,,HIGH,CWE-1333 -CVE-2024-21490,2024-02-10T06:30:19Z,"angular vulnerable to super-linear runtime due to backtracking",org.webjars.npm:angular,1.3.0,,HIGH,CWE-1333 -CVE-2024-21534,2024-10-11T15:30:32Z,"JSONPath Plus Remote Code Execution (RCE) Vulnerability","org.webjars.npm:jsonpath-plus",0,,CRITICAL,CWE-94 -CVE-2024-21634,2024-01-03T22:04:08Z,"Ion Java StackOverflow vulnerability","software.amazon.ion:ion-java",0,,HIGH,CWE-770 -CVE-2024-21634,2024-01-03T22:04:08Z,"Ion Java StackOverflow vulnerability",com.amazon.ion:ion-java,0,1.10.5,HIGH,CWE-770 -CVE-2024-21648,2024-01-08T16:25:58Z,"XWiki has no right protection on rollback action","org.xwiki.platform:xwiki-platform",15.0-rc-1,15.5.3,HIGH,CWE-274 -CVE-2024-21648,2024-01-08T16:25:58Z,"XWiki has no right protection on rollback action","org.xwiki.platform:xwiki-platform",15.6-rc-1,15.8-rc-1,HIGH,CWE-274 -CVE-2024-21648,2024-01-08T16:25:58Z,"XWiki has no right protection on rollback action","org.xwiki.platform:xwiki-platform-oldcore",1.0,14.10.17,HIGH,CWE-274 -CVE-2024-21650,2024-01-08T16:33:14Z,"XWiki Remote Code Execution Vulnerability via User Registration","org.xwiki.platform:xwiki-platform-administration-ui",15.0-rc-1,15.5.3,CRITICAL,CWE-94;CWE-95 -CVE-2024-21650,2024-01-08T16:33:14Z,"XWiki Remote Code Execution Vulnerability via User Registration","org.xwiki.platform:xwiki-platform-administration-ui",15.6-rc-1,15.8-rc-1,CRITICAL,CWE-94;CWE-95 -CVE-2024-21650,2024-01-08T16:33:14Z,"XWiki Remote Code Execution Vulnerability via User Registration","org.xwiki.platform:xwiki-platform-administration-ui",2.2,14.10.17,CRITICAL,CWE-94;CWE-95 -CVE-2024-21651,2024-01-08T16:39:47Z,"XWiki vulnerable to Denial of Service attack through attachments","org.xwiki.platform:xwiki-platform-distribution-war",14.10,14.10.18,HIGH,CWE-400 -CVE-2024-21651,2024-01-08T16:39:47Z,"XWiki vulnerable to Denial of Service attack through attachments","org.xwiki.platform:xwiki-platform-distribution-war",15.0-rc-1,15.5.3,HIGH,CWE-400 -CVE-2024-21651,2024-01-08T16:39:47Z,"XWiki vulnerable to Denial of Service attack through attachments","org.xwiki.platform:xwiki-platform-distribution-war",15.6-rc-1,15.8-rc-1,HIGH,CWE-400 -CVE-2024-21733,2024-01-19T12:30:18Z,"Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information","org.apache.tomcat.embed:tomcat-embed-core",8.5.7,8.5.64,MODERATE,CWE-209 -CVE-2024-21733,2024-01-19T12:30:18Z,"Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information","org.apache.tomcat:tomcat-coyote",9.0.0-M11,9.0.44,MODERATE,CWE-209 -CVE-2024-21742,2024-02-27T18:31:02Z,"Apache James MIME4J improper input validation vulnerability","org.apache.james:apache-mime4j-core",0,0.8.10,MODERATE,CWE-20 -CVE-2024-2215,2024-03-06T18:30:39Z,"Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability","org.jenkins-ci.plugins:docker-build-step",0,,MODERATE,CWE-352 -CVE-2024-2216,2024-03-06T18:30:39Z,"Jenkins docker-build-step Plugin missing permission check","org.jenkins-ci.plugins:docker-build-step",0,,MODERATE,CWE-862 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http2:http2-common",10.0.0,10.0.20,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http2:http2-common",11.0.0,11.0.20,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http2:http2-common",9.3.0,9.4.54,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http2:jetty-http2-common",12.0.0,12.0.6,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http3:http3-common",10.0.8,10.0.20,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http3:http3-common",11.0.8,11.0.20,HIGH,CWE-400 -CVE-2024-22201,2024-02-26T20:13:46Z,"Connection leaking on idle timeout when TCP congested","org.eclipse.jetty.http3:jetty-http3-common",12.0.0,12.0.6,HIGH,CWE-400 -CVE-2024-22233,2024-01-22T15:30:23Z,"Spring Framework server Web DoS Vulnerability","org.springframework:spring-core",6.0.15,6.0.16,HIGH, -CVE-2024-22233,2024-01-22T15:30:23Z,"Spring Framework server Web DoS Vulnerability","org.springframework:spring-core",6.1.2,6.1.3,HIGH, -CVE-2024-22234,2024-02-20T09:30:30Z,"Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated","org.springframework.security:spring-security-core",6.1.0,6.1.7,HIGH,CWE-284 -CVE-2024-22234,2024-02-20T09:30:30Z,"Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated","org.springframework.security:spring-security-core",6.2.0,6.2.2,HIGH,CWE-284 -CVE-2024-22236,2024-01-31T09:30:18Z,"Spring Cloud Contract vulnerable to local information disclosure","org.springframework.cloud:spring-cloud-contract-shade",3.1.0,3.1.10,LOW,CWE-732 -CVE-2024-22236,2024-01-31T09:30:18Z,"Spring Cloud Contract vulnerable to local information disclosure","org.springframework.cloud:spring-cloud-contract-shade",4.0.0,4.0.5,LOW,CWE-732 -CVE-2024-22236,2024-01-31T09:30:18Z,"Spring Cloud Contract vulnerable to local information disclosure","org.springframework.cloud:spring-cloud-contract-shade",4.1.0,4.1.1,LOW,CWE-732 -CVE-2024-22243,2024-02-23T06:30:31Z,"Spring Web vulnerable to Open Redirect or Server Side Request Forgery","org.springframework:spring-web",0,,HIGH,CWE-601 -CVE-2024-22243,2024-02-23T06:30:31Z,"Spring Web vulnerable to Open Redirect or Server Side Request Forgery","org.springframework:spring-web",5.3.0,5.3.32,HIGH,CWE-601 -CVE-2024-22243,2024-02-23T06:30:31Z,"Spring Web vulnerable to Open Redirect or Server Side Request Forgery","org.springframework:spring-web",6.0.0,6.0.17,HIGH,CWE-601 -CVE-2024-22243,2024-02-23T06:30:31Z,"Spring Web vulnerable to Open Redirect or Server Side Request Forgery","org.springframework:spring-web",6.1.0,6.1.4,HIGH,CWE-601 -CVE-2024-22257,2024-03-18T15:30:51Z,"Erroneous authentication pass in Spring Security","org.springframework.security:spring-security-core",0,5.7.12,HIGH,CWE-287;CWE-862 -CVE-2024-22257,2024-03-18T15:30:51Z,"Erroneous authentication pass in Spring Security","org.springframework.security:spring-security-core",5.8.0,5.8.11,HIGH,CWE-287;CWE-862 -CVE-2024-22257,2024-03-18T15:30:51Z,"Erroneous authentication pass in Spring Security","org.springframework.security:spring-security-core",6.0.0,6.1.8,HIGH,CWE-287;CWE-862 -CVE-2024-22257,2024-03-18T15:30:51Z,"Erroneous authentication pass in Spring Security","org.springframework.security:spring-security-core",6.2.0,6.2.3,HIGH,CWE-287;CWE-862 -CVE-2024-22258,2024-03-20T15:32:28Z,"Improper Authentication in Spring Authorization Server","org.springframework.security:spring-security-oauth2-authorization-server",0,1.1.6,MODERATE,CWE-287;CWE-470 -CVE-2024-22258,2024-03-20T15:32:28Z,"Improper Authentication in Spring Authorization Server","org.springframework.security:spring-security-oauth2-authorization-server",1.2.0,1.2.3,MODERATE,CWE-287;CWE-470 -CVE-2024-22259,2024-03-16T06:30:27Z,"Spring Framework URL Parsing with Host Validation Vulnerability","org.springframework:spring-web",0,5.3.33,HIGH,CWE-601 -CVE-2024-22259,2024-03-16T06:30:27Z,"Spring Framework URL Parsing with Host Validation Vulnerability","org.springframework:spring-web",6.0.0,6.0.18,HIGH,CWE-601 -CVE-2024-22259,2024-03-16T06:30:27Z,"Spring Framework URL Parsing with Host Validation Vulnerability","org.springframework:spring-web",6.1.0,6.1.5,HIGH,CWE-601 -CVE-2024-22262,2024-04-16T06:30:28Z,"Spring Framework URL Parsing with Host Validation","org.springframework:spring-web",0,5.3.34,HIGH,CWE-601 -CVE-2024-22262,2024-04-16T06:30:28Z,"Spring Framework URL Parsing with Host Validation","org.springframework:spring-web",6.0.0,6.0.19,HIGH,CWE-601 -CVE-2024-22262,2024-04-16T06:30:28Z,"Spring Framework URL Parsing with Host Validation","org.springframework:spring-web",6.1.0,6.1.6,HIGH,CWE-601 -CVE-2024-22271,2024-07-09T15:30:53Z,"Spring Cloud Function Framework vulnerable to Denial of Service","org.springframework.cloud:spring-cloud-function-context",4.0.0,4.0.8,HIGH,CWE-20 -CVE-2024-22271,2024-07-09T15:30:53Z,"Spring Cloud Function Framework vulnerable to Denial of Service","org.springframework.cloud:spring-cloud-function-context",4.1.0,4.1.2,HIGH,CWE-20 -CVE-2024-22281,2024-08-21T00:30:29Z,"Apache Helix Front (UI) component contained a hard-coded secret",org.apache.helix:helix,0,,HIGH,CWE-668 -CVE-2024-22369,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel SQL","org.apache.camel:camel-sql",3.0.0,3.21.4,HIGH,CWE-502 -CVE-2024-22369,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel SQL","org.apache.camel:camel-sql",3.22.0,3.22.1,HIGH,CWE-502 -CVE-2024-22369,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel SQL","org.apache.camel:camel-sql",4.0.0,4.0.4,HIGH,CWE-502 -CVE-2024-22369,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel SQL","org.apache.camel:camel-sql",4.1.0,4.4.0,HIGH,CWE-502 -CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",3.0.0,3.21.4,LOW,CWE-200;CWE-922 -CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",3.22.0,3.22.1,LOW,CWE-200;CWE-922 -CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",4.0.0,4.0.4,LOW,CWE-200;CWE-922 -CVE-2024-22371,2024-02-26T18:30:30Z,"Apache Camel data exposure vulnerability","org.apache.camel:camel-core",4.1.0,4.4.0,LOW,CWE-200;CWE-922 -CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",1.0.0,1.8.1,CRITICAL,CWE-502 -CVE-2024-22399,2024-09-16T14:37:28Z,"Apache Seata Deserialization of Untrusted Data vulnerability","org.apache.seata:seata-core",2.0.0,2.1.0,CRITICAL,CWE-502 -CVE-2024-22490,2024-01-23T18:31:11Z,"Cross-site Scripting in beetl-bbs",com.ibeetl:beetl,0,,MODERATE,CWE-79 -CVE-2024-22491,2024-01-16T21:31:22Z,"Stored Cross Site Scripting in beetl-bbs",com.ibeetl:beetl,0,,MODERATE,CWE-79 -CVE-2024-22492,2024-01-12T18:30:20Z,"Cross-site Scripting in JFinal",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2024-22493,2024-01-12T18:30:20Z,"Cross-site Scripting in JFinal",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2024-22496,2024-01-23T18:31:11Z,"Cross-site Scripting in JFinal",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2024-22497,2024-01-23T21:30:20Z,"Cross-site Scripting in JFinal",com.jfinal:jfinal,0,,MODERATE,CWE-79 -CVE-2024-22533,2024-02-02T03:30:32Z,"Beetl Server-Side Template Injection vulnerability",com.ibeetl:beetl-core,0,3.15.13.RELEASE,CRITICAL,CWE-94 -CVE-2024-22567,2024-02-05T21:30:31Z,"mingSoft MCMS File Upload vulnerability",net.mingsoft:ms-mcms,0,,HIGH,CWE-434 -CVE-2024-22588,2024-05-24T19:00:28Z,"Kwik does not discard unused encryption keys",tech.kwik:kwik,0,0.8,MODERATE,CWE-327;CWE-400 -CVE-2024-22871,2024-02-29T03:33:18Z,"Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service",org.clojure:clojure,1.12.0-alpha1,1.12.0-alpha9,HIGH,CWE-502 -CVE-2024-22871,2024-02-29T03:33:18Z,"Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service",org.clojure:clojure,1.7.0,1.11.2,HIGH,CWE-502 -CVE-2024-23114,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel CassandraQL","org.apache.camel:camel-cassandraql",3.0.0,3.21.4,HIGH,CWE-502 -CVE-2024-23114,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel CassandraQL","org.apache.camel:camel-cassandraql",3.22.0,3.22.1,HIGH,CWE-502 -CVE-2024-23114,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel CassandraQL","org.apache.camel:camel-cassandraql",4.0.0,4.0.4,HIGH,CWE-502 -CVE-2024-23114,2024-02-20T15:31:06Z,"Deserialization of Untrusted Data in Apache Camel CassandraQL","org.apache.camel:camel-cassandraql",4.1.0,4.4.0,HIGH,CWE-502 -CVE-2024-23320,2024-02-23T18:30:59Z,"Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users","org.apache.dolphinscheduler:dolphinscheduler-master",0,3.2.1,HIGH,CWE-20 -CVE-2024-23321,2024-07-22T12:30:35Z,"Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data","org.apache.rocketmq:rocketmq-all",4.5.2,5.3.0,MODERATE,CWE-200 -CVE-2024-23444,2024-07-31T18:32:01Z,"Elasticsearch stores private key on disk unencrypted","org.elasticsearch:elasticsearch",0,7.17.23,MODERATE,CWE-311 -CVE-2024-23444,2024-07-31T18:32:01Z,"Elasticsearch stores private key on disk unencrypted","org.elasticsearch:elasticsearch",8.0.0-alpha1,8.13.0,MODERATE,CWE-311 -CVE-2024-23449,2024-03-29T12:30:42Z,"Elasticsearch Uncaught Exception leading to crash","org.elasticsearch:elasticsearch",8.4.0,8.11.1,MODERATE,CWE-248 -CVE-2024-23450,2024-03-27T18:32:38Z,"Elasticsearch Uncontrolled Resource Consumption vulnerability","org.elasticsearch:elasticsearch",7.0.0,7.17.19,MODERATE,CWE-400 -CVE-2024-23450,2024-03-27T18:32:38Z,"Elasticsearch Uncontrolled Resource Consumption vulnerability","org.elasticsearch:elasticsearch",8.0.0,8.13.0,MODERATE,CWE-400 -CVE-2024-23451,2024-03-27T18:32:39Z,"Elasticsearch Incorrect Authorization vulnerability","org.elasticsearch:elasticsearch",8.10.0,8.13.0,MODERATE,CWE-863 -CVE-2024-23454,2024-09-25T09:30:46Z,"Apache Hadoop: Temporary File Local Information Disclosure","org.apache.hadoop:hadoop-common",0,3.4.0,LOW,CWE-269 -CVE-2024-23590,2024-11-04T12:32:56Z,"Apache Kylin Session Fixation vulnerability",org.apache.kylin:kylin,2.0.0,5.0.0,HIGH,CWE-384 -CVE-2024-23634,2024-03-20T15:01:48Z,"GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API","org.geoserver:gs-restconfig",0,2.23.5,MODERATE,CWE-20;CWE-73 -CVE-2024-23634,2024-03-20T15:01:48Z,"GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API","org.geoserver:gs-restconfig",2.24.0,2.24.2,MODERATE,CWE-20;CWE-73 -CVE-2024-23635,2024-02-02T18:10:04Z,"Malicious input can provoke XSS when preserving comments","org.owasp.antisamy:antisamy",0,1.7.5,MODERATE,CWE-79 -CVE-2024-23636,2024-01-23T20:10:20Z,"Remote Command Execution in SOFARPC","com.alipay.sofa:rpc-sofa-boot-starter",0,5.12.0,CRITICAL,CWE-502 -CVE-2024-23639,2024-02-09T15:19:15Z,"Micronaut management endpoints vulnerable to drive-by localhost attack","io.micronaut:micronaut-http-server",0,3.8.3,MODERATE,CWE-15;CWE-610;CWE-664 -CVE-2024-23639,2024-02-09T15:19:15Z,"Micronaut management endpoints vulnerable to drive-by localhost attack","io.micronaut:micronaut-http-server-netty",0,3.8.3,MODERATE,CWE-15;CWE-610;CWE-664 -CVE-2024-23639,2024-02-09T15:19:15Z,"Micronaut management endpoints vulnerable to drive-by localhost attack","io.micronaut:micronaut-http-server-tck",0,3.8.3,MODERATE,CWE-15;CWE-610;CWE-664 -CVE-2024-23640,2024-03-20T15:06:03Z,"GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-main,0,2.23.3,MODERATE,CWE-79 -CVE-2024-23640,2024-03-20T15:06:03Z,"GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-ows,0,2.23.3,MODERATE,CWE-79 -CVE-2024-23642,2024-03-20T15:08:29Z,"GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-wms,0,2.23.4,MODERATE,CWE-79 -CVE-2024-23642,2024-03-20T15:08:29Z,"GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-wms,2.24.0,2.24.1,MODERATE,CWE-79 -CVE-2024-23643,2024-03-20T15:13:29Z,"GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)","org.geoserver:gs-gwc-rest",0,2.23.2,MODERATE,CWE-79 -CVE-2024-23643,2024-03-20T15:13:29Z,"GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)","org.geoserver:gs-gwc-rest",2.24.0,2.24.1,MODERATE,CWE-79 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-websocket",10.1.0-M1,10.1.19,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-websocket",11.0.0-M1,11.0.0-M17,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-websocket",8.5.0,8.5.99,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat.embed:tomcat-embed-websocket",9.0.0-M1,9.0.86,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat:tomcat-websocket",10.1.0-M1,10.1.19,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat:tomcat-websocket",11.0.0-M1,11.0.0-M17,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat:tomcat-websocket",8.5.0,8.5.99,MODERATE,CWE-459 -CVE-2024-23672,2024-03-13T18:31:34Z,"Denial of Service via incomplete cleanup vulnerability in Apache Tomcat","org.apache.tomcat:tomcat-websocket",9.0.0-M1,9.0.86,MODERATE,CWE-459 -CVE-2024-23673,2024-02-06T12:30:30Z,"Apache Sling Servlets Resolver executes malicious code via path traversal","org.apache.sling:org.apache.sling.servlets.resolver",0,2.11.0,HIGH,CWE-22 -CVE-2024-23679,2024-01-19T21:30:36Z,"Session fixation in Enonic XP",com.enonic.xp:lib-auth,0,7.7.4,CRITICAL,CWE-384 -CVE-2024-23680,2024-01-19T21:30:36Z,"Improper Verification of Cryptographic Signature in aws-encryption-sdk-java","com.amazonaws:aws-encryption-sdk-java",0,1.9.0,MODERATE,CWE-347 -CVE-2024-23680,2024-01-19T21:30:36Z,"Improper Verification of Cryptographic Signature in aws-encryption-sdk-java","com.amazonaws:aws-encryption-sdk-java",2.0.0,2.2.0,MODERATE,CWE-347 -CVE-2024-23681,2024-01-19T21:30:36Z,"Sandbox escape in Artemis Java Test Sandbox","de.tum.in.ase:artemis-java-test-sandbox",0,1.11.2,HIGH,CWE-284;CWE-94 -CVE-2024-23682,2024-01-19T21:30:36Z,"Sandbox escape in Artemis Java Test Sandbox","de.tum.in.ase:artemis-java-test-sandbox",0,1.8.0,HIGH,CWE-501 -CVE-2024-23683,2024-01-19T21:30:36Z,"Sandbox escape in Artemis Java Test Sandbox","de.tum.in.ase:artemis-java-test-sandbox",0,1.7.6,HIGH, -CVE-2024-23684,2024-01-19T21:30:36Z,"Inefficient Algorithmic Complexity in com.upokecenter:cbor",com.upokecenter:cbor,4.0.0,4.5.1,HIGH,CWE-407 -CVE-2024-23685,2024-01-19T21:30:37Z,"Hard-coded credentials in org.folio:mod-remote-storage","org.folio:mod-remote-storage",0,1.7.2,MODERATE,CWE-798 -CVE-2024-23685,2024-01-19T21:30:37Z,"Hard-coded credentials in org.folio:mod-remote-storage","org.folio:mod-remote-storage",2.0.0,2.0.3,MODERATE,CWE-798 -CVE-2024-23686,2024-01-20T00:30:27Z,"Insertion of Sensitive Information into Log File in OWASP DependencyCheck","org.owasp:dependency-check-ant",9.0.0,9.0.6,MODERATE,CWE-532 -CVE-2024-23686,2024-01-20T00:30:27Z,"Insertion of Sensitive Information into Log File in OWASP DependencyCheck","org.owasp:dependency-check-cli",9.0.0,9.0.6,MODERATE,CWE-532 -CVE-2024-23686,2024-01-20T00:30:27Z,"Insertion of Sensitive Information into Log File in OWASP DependencyCheck","org.owasp:dependency-check-maven",9.0.0,9.0.6,MODERATE,CWE-532 -CVE-2024-23687,2024-01-20T00:30:27Z,"Hard-coded credentials in org.folio:mod-data-export-spring","org.folio:mod-data-export-spring",0,1.5.4,CRITICAL,CWE-798 -CVE-2024-23687,2024-01-20T00:30:27Z,"Hard-coded credentials in org.folio:mod-data-export-spring","org.folio:mod-data-export-spring",2.0.0,3.0.0,CRITICAL,CWE-798 -CVE-2024-23689,2024-01-19T21:30:36Z,"Exposure of sensitive information in ClickHouse","com.clickhouse:clickhouse-client",0,0.4.6,HIGH,CWE-209 -CVE-2024-23689,2024-01-19T21:30:36Z,"Exposure of sensitive information in ClickHouse","com.clickhouse:clickhouse-jdbc",0,0.4.6,HIGH,CWE-209 -CVE-2024-23689,2024-01-19T21:30:36Z,"Exposure of sensitive information in ClickHouse","com.clickhouse:clickhouse-r2dbc",0,0.4.6,HIGH,CWE-209 -CVE-2024-23818,2024-03-20T15:15:17Z,"GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-wms,0,2.23.3,MODERATE,CWE-79 -CVE-2024-23818,2024-03-20T15:15:17Z,"GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-wms,2.24.0,2.24.1,MODERATE,CWE-79 -CVE-2024-23819,2024-03-20T15:16:53Z,"GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)","org.geoserver.extension:gs-mapml",0,2.23.4,MODERATE,CWE-79 -CVE-2024-23819,2024-03-20T15:16:53Z,"GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)","org.geoserver.extension:gs-mapml",2.24.0,2.24.1,MODERATE,CWE-79 -CVE-2024-23821,2024-03-20T15:18:21Z,"GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-gwc,0,2.23.4,MODERATE,CWE-79 -CVE-2024-23821,2024-03-20T15:18:21Z,"GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)",org.geoserver:gs-gwc,2.24.0,2.24.1,MODERATE,CWE-79 -CVE-2024-23833,2024-02-12T15:08:48Z,"OpenRefine JDBC Attack Vulnerability",org.openrefine:database,0,3.7.8,HIGH,CWE-22;CWE-863 -CVE-2024-23897,2024-01-24T18:31:02Z,"Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE","org.jenkins-ci.main:jenkins-core",1.606,2.426.3,CRITICAL,CWE-22;CWE-27 -CVE-2024-23897,2024-01-24T18:31:02Z,"Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE","org.jenkins-ci.main:jenkins-core",2.427,2.440.1,CRITICAL,CWE-22;CWE-27 -CVE-2024-23897,2024-01-24T18:31:02Z,"Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE","org.jenkins-ci.main:jenkins-core",2.441,2.442,CRITICAL,CWE-22;CWE-27 -CVE-2024-23898,2024-01-24T18:31:02Z,"Cross-site WebSocket hijacking vulnerability in the Jenkins CLI","org.jenkins-ci.main:jenkins-core",2.217,2.426.3,HIGH,CWE-346 -CVE-2024-23898,2024-01-24T18:31:02Z,"Cross-site WebSocket hijacking vulnerability in the Jenkins CLI","org.jenkins-ci.main:jenkins-core",2.427,2.442,HIGH,CWE-346 -CVE-2024-23899,2024-01-24T18:31:02Z,"Arbitrary file read vulnerability in Git server Plugin can lead to RCE","org.jenkins-ci.plugins:git-server",0,99.101.v720e86326c09,HIGH, -CVE-2024-23900,2024-01-24T18:31:02Z,"Path traversal vulnerability in Jenkins Matrix Project Plugin","org.jenkins-ci.plugins:matrix-project",0,822.824.v14451b,MODERATE,CWE-22 -CVE-2024-23901,2024-01-24T18:31:02Z,"Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin","io.jenkins.plugins:gitlab-branch-source",0,688.v5fa,MODERATE,CWE-200 -CVE-2024-23902,2024-01-24T18:31:02Z,"CSRF vulnerability in Jenkins GitLab Branch Source Plugin","io.jenkins.plugins:gitlab-branch-source",0,688.v5fa,MODERATE,CWE-352 -CVE-2024-23903,2024-01-24T18:31:02Z,"Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin ","io.jenkins.plugins:gitlab-branch-source",0,688.v5fa,LOW,CWE-697 -CVE-2024-23904,2024-01-24T18:31:02Z,"Arbitrary file read vulnerability in Jenkins Log Command Plugin","org.jenkins-ci.plugins:log-command",0,,HIGH, -CVE-2024-23905,2024-01-24T18:31:02Z,"Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin","io.jenkins.plugins:redhat-dependency-analytics",0,0.9.0,HIGH,CWE-79 -CVE-2024-23944,2024-03-15T12:30:37Z,"Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling","org.apache.zookeeper:zookeeper",3.6.0,,MODERATE,CWE-200 -CVE-2024-23944,2024-03-15T12:30:37Z,"Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling","org.apache.zookeeper:zookeeper",3.8.0,3.8.4,MODERATE,CWE-200 -CVE-2024-23944,2024-03-15T12:30:37Z,"Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling","org.apache.zookeeper:zookeeper",3.9.0,3.9.2,MODERATE,CWE-200 -CVE-2024-24042,2024-03-19T09:30:32Z,"Path traversal in flaskcode Devan-Kerman ARRP",net.devtech:arrp,0,0.8.2,HIGH,CWE-22 -CVE-2024-24113,2024-02-08T15:30:27Z,"XXL-JOB vulnerable to Server-Side Request Forgery",com.xuxueli:xxl-job,0,,HIGH,CWE-918 -CVE-2024-2419,2024-04-17T17:31:12Z,"Keycloak path traversal vulnerability in the redirect validation","org.keycloak:keycloak-services",0,22.0.10,HIGH,CWE-346;CWE-601 -CVE-2024-2419,2024-04-17T17:31:12Z,"Keycloak path traversal vulnerability in the redirect validation","org.keycloak:keycloak-services",23.0.0,24.0.3,HIGH,CWE-346;CWE-601 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.19,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M17,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.99,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.86,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat:tomcat-coyote",10.1.0-M1,10.1.19,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat:tomcat-coyote",11.0.0-M1,11.0.0-M17,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat:tomcat-coyote",8.5.0,8.5.99,MODERATE,CWE-20 -CVE-2024-24549,2024-03-13T18:31:34Z,"Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.86,MODERATE,CWE-20 -CVE-2024-24565,2024-01-30T20:57:16Z,"CrateDB database has an arbitrary file read vulnerability",io.crate:crate,0,5.3.9,MODERATE,CWE-22 -CVE-2024-24565,2024-01-30T20:57:16Z,"CrateDB database has an arbitrary file read vulnerability",io.crate:crate,5.4.0,5.4.8,MODERATE,CWE-22 -CVE-2024-24565,2024-01-30T20:57:16Z,"CrateDB database has an arbitrary file read vulnerability",io.crate:crate,5.5.0,5.5.4,MODERATE,CWE-22 -CVE-2024-24565,2024-01-30T20:57:16Z,"CrateDB database has an arbitrary file read vulnerability",io.crate:crate,5.6.0,5.6.1,MODERATE,CWE-22 -CVE-2024-24683,2024-03-19T09:30:33Z,"Improper Input Validation vulnerability in Apache Hop Engine",org.apache.hop:hop,0,2.8.0,MODERATE,CWE-20 -CVE-2024-24749,2024-07-01T19:24:04Z,"Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat","org.geoserver.web:gs-web-app",0,2.23.5,HIGH,CWE-22 -CVE-2024-24749,2024-07-01T19:24:04Z,"Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat","org.geoserver.web:gs-web-app",2.24.0,2.24.3,HIGH,CWE-22 -CVE-2024-24749,2024-07-01T19:24:04Z,"Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat",org.geoserver:gs-gwc,0,2.23.5,HIGH,CWE-22 -CVE-2024-24749,2024-07-01T19:24:04Z,"Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat",org.geoserver:gs-gwc,2.24.0,2.24.3,HIGH,CWE-22 -CVE-2024-24823,2024-02-07T18:24:20Z,"Graylog session fixation vulnerability through cookie injection","org.graylog2:graylog2-server",4.3.0,5.1.11,MODERATE,CWE-384 -CVE-2024-24823,2024-02-07T18:24:20Z,"Graylog session fixation vulnerability through cookie injection","org.graylog2:graylog2-server",5.2.0-alpha.1,5.2.4,MODERATE,CWE-384 -CVE-2024-24824,2024-02-07T18:23:43Z,"Graylog vulnerable to instantiation of arbitrary classes triggered by API request","org.graylog2:graylog2-server",2.0.0,5.1.11,HIGH,CWE-284 -CVE-2024-24824,2024-02-07T18:23:43Z,"Graylog vulnerable to instantiation of arbitrary classes triggered by API request","org.graylog2:graylog2-server",5.2.0-alpha.1,5.2.4,HIGH,CWE-284 -CVE-2024-25125,2024-02-14T15:08:23Z,"Absolute path traversal vulnerability in digdag server",io.digdag:digdag-server,0,0.10.5.1,MODERATE,CWE-22 -CVE-2024-25143,2024-02-07T15:30:50Z,"Liferay Portal denial of service (memory consumption)","com.liferay.portal:release.portal.bom",7.2.0,7.3.7,HIGH,CWE-400;CWE-770 -CVE-2024-25144,2024-02-08T06:30:23Z,"Liferay Portal denial-of-service vulnerability","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp19,MODERATE,CWE-834;CWE-835 -CVE-2024-25144,2024-02-08T06:30:23Z,"Liferay Portal denial-of-service vulnerability","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u6,MODERATE,CWE-834;CWE-835 -CVE-2024-25144,2024-02-08T06:30:23Z,"Liferay Portal denial-of-service vulnerability","com.liferay.portal:release.dxp.bom",7.4.0,7.4.13.u27,MODERATE,CWE-834;CWE-835 -CVE-2024-25144,2024-02-08T06:30:23Z,"Liferay Portal denial-of-service vulnerability","com.liferay.portal:release.portal.bom",7.2.0,7.4.3.27,MODERATE,CWE-834;CWE-835 -CVE-2024-25145,2024-02-07T15:30:50Z,"Liferay Portal stored cross-site scripting (XSS) vulnerability","com.liferay.portal:release.dxp.bom",0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-25145,2024-02-07T15:30:50Z,"Liferay Portal stored cross-site scripting (XSS) vulnerability","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25145,2024-02-07T15:30:50Z,"Liferay Portal stored cross-site scripting (XSS) vulnerability","com.liferay.portal:release.dxp.bom",7.4.0,7.4.3.13u8,CRITICAL,CWE-79 -CVE-2024-25145,2024-02-07T15:30:50Z,"Liferay Portal stored cross-site scripting (XSS) vulnerability","com.liferay.portal:release.portal.bom",0,7.4.3.12,CRITICAL,CWE-79 -CVE-2024-25146,2024-02-08T06:30:23Z,"Liferay Portal allows attackers to discover the existence of sites","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp18,MODERATE,CWE-203;CWE-204 -CVE-2024-25146,2024-02-08T06:30:23Z,"Liferay Portal allows attackers to discover the existence of sites","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,MODERATE,CWE-203;CWE-204 -CVE-2024-25146,2024-02-08T06:30:23Z,"Liferay Portal allows attackers to discover the existence of sites","com.liferay.portal:release.portal.bom",7.2.0,7.4.2,MODERATE,CWE-203;CWE-204 -CVE-2024-25147,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp15,CRITICAL,CWE-79 -CVE-2024-25147,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25147,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-25148,2024-02-08T06:30:23Z,"Liferay Portal vulnerable to user impersonation","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp15,HIGH,CWE-200;CWE-201 -CVE-2024-25148,2024-02-08T06:30:23Z,"Liferay Portal vulnerable to user impersonation","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,HIGH,CWE-200;CWE-201 -CVE-2024-25148,2024-02-08T06:30:23Z,"Liferay Portal vulnerable to user impersonation","com.liferay.portal:release.portal.bom",7.2.0,7.4.2,HIGH,CWE-200;CWE-201 -CVE-2024-25151,2024-02-21T06:30:32Z,"Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp15,MODERATE,CWE-79 -CVE-2024-25151,2024-02-21T06:30:32Z,"Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,MODERATE,CWE-79 -CVE-2024-25151,2024-02-21T06:30:32Z,"Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing","com.liferay.portal:release.portal.bom",0,,MODERATE,CWE-79 -CVE-2024-25152,2024-02-21T03:30:37Z,"Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-25152,2024-02-21T03:30:37Z,"Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25152,2024-02-21T03:30:37Z,"Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-25420,2024-03-26T21:30:47Z,"Ignite Realtime Openfire privilege escalation vulnerability","org.igniterealtime.openfire:xmppserver",0,4.8.1,HIGH,CWE-273;CWE-863 -CVE-2024-25421,2024-03-26T21:30:47Z,"Ignite Realtime Openfire privilege escalation vulnerability","org.igniterealtime.openfire:xmppserver",0,4.8.1,HIGH,CWE-863 -CVE-2024-25601,2024-02-21T03:30:37Z,"Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-25601,2024-02-21T03:30:37Z,"Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25601,2024-02-21T03:30:37Z,"Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-25602,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-25602,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25602,2024-02-21T03:30:37Z,"Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-25603,2024-02-21T03:30:38Z,"Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-25603,2024-02-21T03:30:38Z,"Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.10.ep3,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-25603,2024-02-21T03:30:38Z,"Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u1,,CRITICAL,CWE-79 -CVE-2024-25603,2024-02-21T03:30:38Z,"Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-25606,2024-02-20T09:30:32Z,"Liferay Portal has an XXE vulnerability in Java2WsddTask._format","com.liferay.portal:com.liferay.util.java",0,14.0.0,HIGH,CWE-611 -CVE-2024-25606,2024-02-20T09:30:32Z,"Liferay Portal has an XXE vulnerability in Java2WsddTask._format","com.liferay.portal:release.dxp.bom",0,7.2.10.fp20,HIGH,CWE-611 -CVE-2024-25606,2024-02-20T09:30:32Z,"Liferay Portal has an XXE vulnerability in Java2WsddTask._format","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u12,HIGH,CWE-611 -CVE-2024-25606,2024-02-20T09:30:32Z,"Liferay Portal has an XXE vulnerability in Java2WsddTask._format","com.liferay.portal:release.dxp.bom",7.4.0,7.4.13.u4,HIGH,CWE-611 -CVE-2024-25606,2024-02-20T09:30:32Z,"Liferay Portal has an XXE vulnerability in Java2WsddTask._format","com.liferay.portal:release.portal.bom",0,7.4.3.8,HIGH,CWE-611 -CVE-2024-25607,2024-02-20T12:31:00Z,"Liferay Portal defaults to a low work factor for the default password hashing algorithm","com.liferay.portal:com.liferay.portal.kernel",0,38.0.0,HIGH,CWE-916 -CVE-2024-25607,2024-02-20T12:31:00Z,"Liferay Portal defaults to a low work factor for the default password hashing algorithm","com.liferay.portal:release.dxp.bom",0,7.2.10.fp17,HIGH,CWE-916 -CVE-2024-25607,2024-02-20T12:31:00Z,"Liferay Portal defaults to a low work factor for the default password hashing algorithm","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,HIGH,CWE-916 -CVE-2024-25607,2024-02-20T12:31:00Z,"Liferay Portal defaults to a low work factor for the default password hashing algorithm","com.liferay.portal:release.dxp.bom",7.4.0,7.4.13.u16,HIGH,CWE-916 -CVE-2024-25607,2024-02-20T12:31:00Z,"Liferay Portal defaults to a low work factor for the default password hashing algorithm","com.liferay.portal:release.portal.bom",0,7.4.3.14,HIGH,CWE-916 -CVE-2024-25610,2024-02-20T15:31:03Z,"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)","com.liferay.portal:com.liferay.portal.web",0,5.0.96,CRITICAL,CWE-1188 -CVE-2024-25610,2024-02-20T15:31:03Z,"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)","com.liferay.portal:release.dxp.bom",0,7.2.10.fp19,CRITICAL,CWE-1188 -CVE-2024-25610,2024-02-20T15:31:03Z,"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)","com.liferay.portal:release.dxp.bom",7.3.0,7.3.10.u4,CRITICAL,CWE-1188 -CVE-2024-25610,2024-02-20T15:31:03Z,"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)","com.liferay.portal:release.dxp.bom",7.4.0,7.4.13.u9,CRITICAL,CWE-1188 -CVE-2024-25610,2024-02-20T15:31:03Z,"Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)","com.liferay.portal:release.portal.bom",0,7.4.3.13,CRITICAL,CWE-1188 -CVE-2024-25638,2024-07-22T14:33:41Z,"DNSJava DNSSEC Bypass",dnsjava:dnsjava,0,3.6.0,HIGH,CWE-345;CWE-349 -CVE-2024-25710,2024-02-19T09:30:50Z,"Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file","org.apache.commons:commons-compress",1.3,1.26.0,HIGH,CWE-835 -CVE-2024-26138,2024-02-21T18:04:57Z,"XWiki extension license information is public, exposing instance id and license holder details","com.xwiki.licensing:application-licensing-licensor-ui",1.0,1.24.2,MODERATE,CWE-862 -CVE-2024-26140,2024-02-21T00:24:56Z,"Cross-site Scripting Vulnerability in Statement Browser",com.yetanalytics:lrs,0,1.2.17,MODERATE,CWE-79 -CVE-2024-26265,2024-02-20T15:31:03Z,"Liferay Portal vulnerable to Denial of Service","com.liferay.portal:release.portal.bom",0,7.4.3.16,MODERATE,CWE-400;CWE-770 -CVE-2024-26266,2024-02-21T03:30:38Z,"Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp17,CRITICAL,CWE-79 -CVE-2024-26266,2024-02-21T03:30:38Z,"Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.10.ep3,7.3.10.u4,CRITICAL,CWE-79 -CVE-2024-26266,2024-02-21T03:30:38Z,"Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u1,7.4.13.u10,CRITICAL,CWE-79 -CVE-2024-26266,2024-02-21T03:30:38Z,"Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting","com.liferay.portal:release.portal.bom",0,,CRITICAL,CWE-79 -CVE-2024-26269,2024-02-21T03:30:38Z,"Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.2.0,7.2.10.fp20,CRITICAL,CWE-79 -CVE-2024-26269,2024-02-21T03:30:38Z,"Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.3.10.ep3,7.3.10.u11,CRITICAL,CWE-79 -CVE-2024-26269,2024-02-21T03:30:38Z,"Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.dxp.bom",7.4.13.u1,7.4.13.u38,CRITICAL,CWE-79 -CVE-2024-26269,2024-02-21T03:30:38Z,"Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting","com.liferay.portal:release.portal.bom",7.2.0,,CRITICAL,CWE-79 -CVE-2024-26308,2024-02-19T09:30:52Z,"Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file","org.apache.commons:commons-compress",1.21,1.26.0,MODERATE,CWE-770 -CVE-2024-26579,2024-05-08T15:30:42Z,"Apache Inlong Deserialization of Untrusted Data vulnerability","org.apache.inlong:manager-pojo",1.7.0,1.12.0,HIGH,CWE-502 -CVE-2024-26580,2024-03-06T12:30:29Z,"Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability","org.apache.inlong:manager-common",1.8.0,1.11.0,CRITICAL,CWE-502 -CVE-2024-2700,2024-04-04T15:30:34Z,"quarkus-core leaks local environment variables from Quarkus namespace during application's build",io.quarkus:quarkus-core,0,3.2.12.Final,HIGH,CWE-526 -CVE-2024-2700,2024-04-04T15:30:34Z,"quarkus-core leaks local environment variables from Quarkus namespace during application's build",io.quarkus:quarkus-core,3.3.0.CR1,3.8.4,HIGH,CWE-526 -CVE-2024-2700,2024-04-04T15:30:34Z,"quarkus-core leaks local environment variables from Quarkus namespace during application's build",io.quarkus:quarkus-core,3.9.0.CR1,3.9.2,HIGH,CWE-526 -CVE-2024-27135,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution","org.apache.pulsar:pulsar-functions-worker",2.11.0,2.11.4,HIGH,CWE-20 -CVE-2024-27135,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution","org.apache.pulsar:pulsar-functions-worker",2.4.0,2.10.6,HIGH,CWE-20 -CVE-2024-27135,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution","org.apache.pulsar:pulsar-functions-worker",3.0.0,3.0.3,HIGH,CWE-20 -CVE-2024-27135,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution","org.apache.pulsar:pulsar-functions-worker",3.1.0,3.1.3,HIGH,CWE-20 -CVE-2024-27135,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution","org.apache.pulsar:pulsar-functions-worker",3.2.0,3.2.1,HIGH,CWE-20 -CVE-2024-27136,2024-06-24T09:30:53Z,"Cross site scripting in Apache JSPWiki","org.apache.jspwiki:jspwiki-main",0,2.12.2,MODERATE,CWE-79 -CVE-2024-27138,2024-03-01T18:30:23Z,"Apache Archiva Incorrect Authorization vulnerability","org.apache.archiva:archiva",0,,HIGH,CWE-863 -CVE-2024-27139,2024-03-01T18:30:23Z,"Apache Archiva Incorrect Authorization vulnerability","org.apache.archiva:archiva",2.0.0,,HIGH,CWE-863 -CVE-2024-27140,2024-03-01T18:30:23Z,"Apache Archiva Reflected Cross-site Scripting vulnerability","org.apache.archiva:archiva-common",2.0.0,,MODERATE,CWE-79 -CVE-2024-27181,2024-08-02T12:31:43Z,"Apache Linkis vulnerable to privilege escalation",org.apache.linkis:linkis,0,1.6.0,HIGH,CWE-269 -CVE-2024-27182,2024-08-02T12:31:43Z,"Apache Linkis arbitrary file deletion vulnerability",org.apache.linkis:linkis,0,1.6.0,HIGH,CWE-552 -CVE-2024-27309,2024-04-12T09:33:40Z,"Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode","org.apache.kafka:kafka-metadata",3.5.0,3.6.2,HIGH,CWE-863 -CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",2.11.0,2.11.4,HIGH,CWE-22 -CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",2.4.0,2.10.6,HIGH,CWE-22 -CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",3.0.0,3.0.3,HIGH,CWE-22 -CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",3.1.0,3.1.3,HIGH,CWE-22 -CVE-2024-27317,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification","org.apache.pulsar:pulsar-functions-worker",3.2.0,3.2.1,HIGH,CWE-22 -CVE-2024-27347,2024-04-22T15:30:41Z,"Apache HugeGraph-Hubble: SSRF in Hubble connection page","org.apache.hugegraph:hugegraph-hubble",1.0.0,1.3.0,MODERATE,CWE-918 -CVE-2024-27348,2024-04-22T15:30:41Z,"Apache HugeGraph-Server: Command execution in gremlin","org.apache.hugegraph:hugegraph-api",1.0.0,1.3.0,CRITICAL,CWE-284;CWE-77 -CVE-2024-27348,2024-04-22T15:30:41Z,"Apache HugeGraph-Server: Command execution in gremlin","org.apache.hugegraph:hugegraph-core",1.0.0,1.3.0,CRITICAL,CWE-284;CWE-77 -CVE-2024-27349,2024-04-22T15:30:41Z,"Apache HugeGraph-Server: Bypass whitelist in Auth mode","org.apache.hugegraph:hugegraph-api",1.0.0,1.3.0,HIGH,CWE-290 -CVE-2024-27439,2024-03-19T12:30:40Z,"Cross-Site Request Forgery in Apache Wicket",org.apache.wicket:wicket,10.0.0-M1,10.0.0,MODERATE,CWE-352 -CVE-2024-27439,2024-03-19T12:30:40Z,"Cross-Site Request Forgery in Apache Wicket",org.apache.wicket:wicket,9.1.0,9.17.0,MODERATE,CWE-352 -CVE-2024-27609,2024-04-01T00:30:43Z,"Bonita cross-site scripting vulnerability","org.bonitasoft.console:bonita-web-server",0,10.1.0.W11,MODERATE,CWE-79 -CVE-2024-27609,2024-04-01T00:30:43Z,"Bonita cross-site scripting vulnerability","org.bonitasoft.platform:platform-resources",0,10.1.0.W11,MODERATE,CWE-79 -CVE-2024-27894,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying","org.apache.pulsar:pulsar-functions-worker",2.11.0,2.11.4,HIGH,CWE-20 -CVE-2024-27894,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying","org.apache.pulsar:pulsar-functions-worker",2.4.0,2.10.6,HIGH,CWE-20 -CVE-2024-27894,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying","org.apache.pulsar:pulsar-functions-worker",3.0.0,3.0.3,HIGH,CWE-20 -CVE-2024-27894,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying","org.apache.pulsar:pulsar-functions-worker",3.1.0,3.1.3,HIGH,CWE-20 -CVE-2024-27894,2024-03-12T21:30:59Z,"Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying","org.apache.pulsar:pulsar-functions-worker",3.2.0,3.2.1,HIGH,CWE-20 -CVE-2024-28087,2024-05-15T18:30:35Z,"Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability","org.bonitasoft.engine:bonita-server",0,10.1.0.W11,MODERATE,CWE-284;CWE-639 -CVE-2024-28098,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authorization For Topic-Level Policy Management","org.apache.pulsar:pulsar-broker",2.11.0,2.11.4,MODERATE,CWE-863 -CVE-2024-28098,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authorization For Topic-Level Policy Management","org.apache.pulsar:pulsar-broker",2.7.1,2.10.6,MODERATE,CWE-863 -CVE-2024-28098,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authorization For Topic-Level Policy Management","org.apache.pulsar:pulsar-broker",3.0.0,3.0.3,MODERATE,CWE-863 -CVE-2024-28098,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authorization For Topic-Level Policy Management","org.apache.pulsar:pulsar-broker",3.1.0,3.1.3,MODERATE,CWE-863 -CVE-2024-28098,2024-03-12T21:30:59Z,"Apache Pulsar: Improper Authorization For Topic-Level Policy Management","org.apache.pulsar:pulsar-broker",3.2.0,3.2.1,MODERATE,CWE-863 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files","org.verapdf:core-arlington",0,1.25.127,HIGH,CWE-91 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files","org.verapdf:library-arlington",0,1.25.127,HIGH,CWE-91 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files","org.verapdf:library-jakarta",0,1.24.2,HIGH,CWE-91 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files",org.verapdf:core,0,1.24.2,HIGH,CWE-91 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files",org.verapdf:core-jakarta,0,1.24.2,HIGH,CWE-91 -CVE-2024-28109,2024-05-20T14:57:07Z,"veraPDF has potential XSLT injection vulnerability when using policy files",org.verapdf:library,0,1.24.2,HIGH,CWE-91 -CVE-2024-28125,2024-03-18T09:30:30Z,"FitNesse allows execution of arbitrary OS commands",org.fitnesse:fitnesse,0,,CRITICAL,CWE-77 -CVE-2024-28149,2024-03-06T18:30:38Z,"Jenkins HTML Publisher Plugin does not properly sanitize input","org.jenkins-ci.plugins:htmlpublisher",1.16,1.32.1,HIGH,CWE-79 -CVE-2024-28150,2024-03-06T18:30:38Z,"Jenkins HTML Publisher Plugin Stored XSS vulnerability","org.jenkins-ci.plugins:htmlpublisher",0,1.32.1,HIGH,CWE-79 -CVE-2024-28151,2024-03-06T18:30:38Z,"Jenkins HTML Publisher Plugin Path traversal vulnerability","org.jenkins-ci.plugins:htmlpublisher",0,1.32.1,MODERATE,CWE-22 -CVE-2024-28152,2024-03-06T18:30:38Z,"Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",0,871.v28d74e8b_4226,MODERATE,CWE-281 -CVE-2024-28153,2024-03-06T18:30:38Z,"Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability","org.jenkins-ci.plugins:dependency-check-jenkins-plugin",0,5.4.6,HIGH,CWE-79 -CVE-2024-28154,2024-03-06T18:30:38Z,"Jenkins MQ Notifier Plugin exposes sensitive information in build logs","com.sonymobile.jenkins.plugins.mq:mq-notifier",0,1.4.1,MODERATE, -CVE-2024-28155,2024-03-06T18:30:38Z,"Jenkins AppSpider Plugin missing permission checks","com.rapid7:jenkinsci-appspider-plugin",0,1.0.17,MODERATE, -CVE-2024-28156,2024-03-06T18:30:38Z,"Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins:build-monitor-plugin",0,,HIGH,CWE-79 -CVE-2024-28157,2024-03-06T18:30:38Z,"Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins:gitbucket",0,,HIGH,CWE-79 -CVE-2024-28158,2024-03-06T18:30:38Z,"Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery","org.jenkins-ci.plugins:svn-partial-release-mgr",0,,MODERATE,CWE-352 -CVE-2024-28159,2024-03-06T18:30:39Z,"Jenkins Subversion Partial Release Manager Plugin missing permission check","org.jenkins-ci.plugins:svn-partial-release-mgr",0,,MODERATE,CWE-862 -CVE-2024-28160,2024-03-06T18:30:39Z,"Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting","org.jenkins-ci.plugins:icescrum",0,,MODERATE,CWE-79 -CVE-2024-28161,2024-03-06T18:30:39Z,"Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default","org.jenkins-ci.plugins:delphix",3.0.1,3.0.2,MODERATE,CWE-295 -CVE-2024-28162,2024-03-06T18:30:39Z,"Jenkins Delphix Plugin has improper SSL/TLS certificate validation","org.jenkins-ci.plugins:delphix",3.0.1,3.1.1,MODERATE,CWE-295 -CVE-2024-28168,2024-10-09T12:30:52Z,"Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability","org.apache.xmlgraphics:fop-core",0,2.10,MODERATE,CWE-611 -CVE-2024-28213,2024-03-07T06:30:31Z,"nGrinder vulnerable to unsafe Java objects deserialization","org.ngrinder:ngrinder-core",0,3.5.9,CRITICAL,CWE-502 -CVE-2024-28253,2024-04-23T21:11:23Z,"OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)","org.open-metadata:openmetadata-service",0,1.3.1,CRITICAL,CWE-94 -CVE-2024-28752,2024-03-15T12:30:37Z,"SSRF vulnerability using the Aegis DataBinding in Apache CXF",org.apache.cxf:cxf-core,0,3.5.8,CRITICAL,CWE-918 -CVE-2024-28752,2024-03-15T12:30:37Z,"SSRF vulnerability using the Aegis DataBinding in Apache CXF",org.apache.cxf:cxf-core,3.6.0,3.6.3,CRITICAL,CWE-918 -CVE-2024-28752,2024-03-15T12:30:37Z,"SSRF vulnerability using the Aegis DataBinding in Apache CXF",org.apache.cxf:cxf-core,4.0.0,4.0.4,CRITICAL,CWE-918 -CVE-2024-28847,2024-04-24T17:06:00Z,"OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)","org.open-metadata:openmetadata-service",0,1.2.4,HIGH,CWE-94 -CVE-2024-28848,2024-04-24T17:06:02Z,"OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/` (`GHSL-2023-236`)","org.open-metadata:openmetadata-service",0,1.2.4,HIGH,CWE-94 -CVE-2024-29025,2024-03-25T19:40:50Z,"Netty's HttpPostRequestDecoder can OOM","io.netty:netty-codec-http",0,4.1.108.Final,MODERATE,CWE-770 -CVE-2024-29120,2024-07-17T15:30:52Z,"Apache StreamPark: Information leakage vulnerability","org.apache.streampark:streampark",2.0.0,2.1.4,MODERATE,CWE-212;CWE-922 -CVE-2024-29131,2024-03-21T09:31:14Z,"Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()","org.apache.commons:commons-configuration2",2.0,2.10.1,MODERATE,CWE-787 -CVE-2024-29133,2024-03-21T09:31:14Z,"Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree","org.apache.commons:commons-configuration2",2.0,2.10.1,MODERATE,CWE-787 -CVE-2024-29392,2024-05-22T18:30:40Z,"Silverpeas Core vulnerable to Cross Site Scripting","org.silverpeas:silverpeas-core",0,,MODERATE,CWE-79 -CVE-2024-29736,2024-07-19T09:32:06Z,"Apache CXF: SSRF vulnerability via WADL stylesheet parameter","org.apache.cxf:cxf-rt-rs-service-description",0,3.5.9,LOW,CWE-918 -CVE-2024-29736,2024-07-19T09:32:06Z,"Apache CXF: SSRF vulnerability via WADL stylesheet parameter","org.apache.cxf:cxf-rt-rs-service-description",3.6.0,3.6.4,LOW,CWE-918 -CVE-2024-29736,2024-07-19T09:32:06Z,"Apache CXF: SSRF vulnerability via WADL stylesheet parameter","org.apache.cxf:cxf-rt-rs-service-description",4.0.0,4.0.5,LOW,CWE-918 -CVE-2024-29831,2024-08-12T15:30:49Z,"Apache DolphinScheduler: RCE by arbitrary js execution","org.apache.dolphinscheduler:dolphinscheduler",0,3.2.2,HIGH,CWE-20 -CVE-2024-29834,2024-04-02T21:30:27Z,"Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints","org.apache.pulsar:pulsar-broker",2.11.0,,MODERATE,CWE-863 -CVE-2024-29834,2024-04-02T21:30:27Z,"Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints","org.apache.pulsar:pulsar-broker",2.7.1,,MODERATE,CWE-863 -CVE-2024-29834,2024-04-02T21:30:27Z,"Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints","org.apache.pulsar:pulsar-broker",3.0.0,3.0.4,MODERATE,CWE-863 -CVE-2024-29834,2024-04-02T21:30:27Z,"Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints","org.apache.pulsar:pulsar-broker",3.1.0,,MODERATE,CWE-863 -CVE-2024-29834,2024-04-02T21:30:27Z,"Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints","org.apache.pulsar:pulsar-broker",3.2.0,3.2.2,MODERATE,CWE-863 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bcprov-jdk14",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bcprov-jdk15on",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bcprov-jdk15to18",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bcprov-jdk18on",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bctls-jdk14",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bctls-jdk15to18",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","org.bouncycastle:bctls-jdk18on",0,1.78,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.",org.bouncycastle:bc-fips,0,1.0.2.5,MODERATE,CWE-125;CWE-400 -CVE-2024-29868,2024-06-24T12:30:38Z,"Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation","org.apache.streampipes:streampipes-resource-management",0.69.0,0.95.0,CRITICAL,CWE-338 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bcprov-jdk14",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bcprov-jdk15on",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bcprov-jdk15to18",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bcprov-jdk18on",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bctls-fips",0,1.0.19,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bctls-jdk14",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bctls-jdk15to18",0,1.78,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","org.bouncycastle:bctls-jdk18on",0,1.78,MODERATE,CWE-203 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bcprov-jdk14",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bcprov-jdk15to18",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bcprov-jdk18on",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bctls-jdk14",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bctls-jdk15to18",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","org.bouncycastle:bctls-jdk18on",1.73,1.78,MODERATE,CWE-835 -CVE-2024-30188,2024-08-12T15:30:49Z,"Apache DolphinScheduler: Resource File Read And Write Vulnerability","org.apache.dolphinscheduler:dolphinscheduler",3.1.0,3.2.2,HIGH,CWE-20 -CVE-2024-3046,2024-04-09T12:30:47Z,"Eclipse Kura LogServlet vulnerability","org.eclipse.kura:org.eclipse.kura.web2",2.0.600,,HIGH,CWE-303 -CVE-2024-30471,2024-07-17T09:30:49Z,"Apache StreamPipes potentially allows creation of multiple identical accounts","org.apache.streampipes:streampipes-parent",0,0.95.0,MODERATE,CWE-367 -CVE-2024-31033,2024-04-01T03:30:38Z,"Withdrawn: JJWT improperly generates signing keys","io.jsonwebtoken:jjwt-impl",0,,MODERATE,CWE-327 -CVE-2024-31141,2024-11-19T09:30:54Z,"Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider","org.apache.kafka:kafka-clients",2.3.0,3.7.1,MODERATE,CWE-269 -CVE-2024-31411,2024-07-17T12:31:11Z,"Apache StreamPipes has potential remote code execution (RCE) via file upload","org.apache.streampipes:streampipes-parent",0,0.95.0,HIGH,CWE-434 -CVE-2024-31464,2024-04-10T17:07:27Z,"XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.4,MODERATE,CWE-200 -CVE-2024-31464,2024-04-10T17:07:27Z,"XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.9-rc-1,MODERATE,CWE-200 -CVE-2024-31464,2024-04-10T17:07:27Z,"XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted","org.xwiki.platform:xwiki-platform-oldcore",5.0-rc-1,14.10.19,MODERATE,CWE-200 -CVE-2024-31465,2024-04-10T17:11:32Z,"XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet","org.xwiki.platform:xwiki-platform-search-ui",15.0-rc-1,15.5.4,CRITICAL,CWE-95 -CVE-2024-31465,2024-04-10T17:11:32Z,"XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet","org.xwiki.platform:xwiki-platform-search-ui",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-95 -CVE-2024-31465,2024-04-10T17:11:32Z,"XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet","org.xwiki.platform:xwiki-platform-search-ui",5.2-milestone-2,14.10.20,CRITICAL,CWE-95 -CVE-2024-31573,2024-05-01T16:40:01Z,"XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets",org.xmlunit:xmlunit-core,0,2.10.0,LOW, -CVE-2024-31860,2024-04-09T09:31:12Z,"Apache Zeppelin Path Traversal vulnerability","org.apache.zeppelin:zeppelin-server",0.9.0,0.11.0,MODERATE,CWE-20;CWE-22 -CVE-2024-31861,2024-04-11T09:30:56Z,"Code injection in Apache Zeppelin Shell","org.apache.zeppelin:zeppelin-shell",0.10.1,0.11.1,MODERATE,CWE-94 -CVE-2024-31862,2024-04-09T12:30:47Z,"Apache Zeppelin: Denial of service with invalid notebook name","org.apache.zeppelin:zeppelin-server",0.10.1,0.11.0,MODERATE,CWE-20 -CVE-2024-31863,2024-04-09T12:30:47Z,"Apache Zeppelin: Replacing other users notebook, bypassing any permissions","org.apache.zeppelin:zeppelin-server",0.10.1,0.11.0,MODERATE,CWE-290 -CVE-2024-31864,2024-04-09T18:30:22Z,"Apache Zeppelin remote code execution by adding malicious JDBC connection string","org.apache.zeppelin:zeppelin-jdbc",0,0.11.1,CRITICAL,CWE-94 -CVE-2024-31865,2024-04-09T18:30:22Z,"Apache Zeppelin: Cron arbitrary user impersonation with improper privileges","org.apache.zeppelin:zeppelin-server",0.8.2,0.11.1,MODERATE,CWE-20;CWE-862 -CVE-2024-31866,2024-04-09T18:30:22Z,"Improper escaping in Apache Zeppelin","org.apache.zeppelin:zeppelin-interpreter",0.8.2,0.11.1,CRITICAL,CWE-116 -CVE-2024-31867,2024-04-09T18:30:28Z,"Apache Zeppelin: LDAP search filter query Injection Vulnerability","org.apache.zeppelin:zeppelin-server",0.8.2,0.11.1,MODERATE,CWE-20;CWE-90 -CVE-2024-31868,2024-04-09T18:30:22Z,"Apache Zeppelin vulnerable to cross-site scripting in the helium module","org.apache.zeppelin:zeppelin-interpreter",0.8.2,0.11.1,MODERATE,CWE-116;CWE-79 -CVE-2024-31979,2024-07-17T09:30:49Z,"Apache StreamPipes has possibility of SSRF in pipeline element installation process","org.apache.streampipes:streampipes-parent",0,0.95.0,MODERATE,CWE-918 -CVE-2024-31981,2024-04-10T17:11:45Z,"XWiki Platform: Privilege escalation (PR) from user registration through PDFClass","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.4,CRITICAL,CWE-862 -CVE-2024-31981,2024-04-10T17:11:45Z,"XWiki Platform: Privilege escalation (PR) from user registration through PDFClass","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-862 -CVE-2024-31981,2024-04-10T17:11:45Z,"XWiki Platform: Privilege escalation (PR) from user registration through PDFClass","org.xwiki.platform:xwiki-platform-oldcore",3.0.1,14.10.20,CRITICAL,CWE-862 -CVE-2024-31982,2024-04-10T17:12:47Z,"XWiki Platform: Remote code execution as guest via DatabaseSearch","org.xwiki.platform:xwiki-platform-search-ui",15.0-rc-1,15.5.4,CRITICAL,CWE-95 -CVE-2024-31982,2024-04-10T17:12:47Z,"XWiki Platform: Remote code execution as guest via DatabaseSearch","org.xwiki.platform:xwiki-platform-search-ui",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-95 -CVE-2024-31982,2024-04-10T17:12:47Z,"XWiki Platform: Remote code execution as guest via DatabaseSearch","org.xwiki.platform:xwiki-platform-search-ui",2.4-milestone-1,14.10.20,CRITICAL,CWE-95 -CVE-2024-31983,2024-04-10T17:13:00Z,"XWiki Platform: Remote code execution from edit in multilingual wikis via translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",15.0-rc-1,15.5.4,CRITICAL,CWE-862 -CVE-2024-31983,2024-04-10T17:13:00Z,"XWiki Platform: Remote code execution from edit in multilingual wikis via translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-862 -CVE-2024-31983,2024-04-10T17:13:00Z,"XWiki Platform: Remote code execution from edit in multilingual wikis via translations","org.xwiki.platform:xwiki-platform-localization-source-wiki",4.3-milestone-2,14.10.20,CRITICAL,CWE-862 -CVE-2024-31984,2024-04-10T17:13:15Z,"XWiki Platform: Remote code execution through space title and Solr space facet","org.xwiki.platform:xwiki-platform-search-solr-ui",15.0-rc-1,15.5.4,CRITICAL,CWE-95 -CVE-2024-31984,2024-04-10T17:13:15Z,"XWiki Platform: Remote code execution through space title and Solr space facet","org.xwiki.platform:xwiki-platform-search-solr-ui",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-95 -CVE-2024-31984,2024-04-10T17:13:15Z,"XWiki Platform: Remote code execution through space title and Solr space facet","org.xwiki.platform:xwiki-platform-search-solr-ui",7.2-rc-1,14.10.20,CRITICAL,CWE-95 -CVE-2024-31985,2024-04-10T17:14:12Z,"XWiki Platform CSRF in the job scheduler","org.xwiki.platform:xwiki-platform-scheduler-ui",15.0-rc-1,15.5.4,MODERATE,CWE-352 -CVE-2024-31985,2024-04-10T17:14:12Z,"XWiki Platform CSRF in the job scheduler","org.xwiki.platform:xwiki-platform-scheduler-ui",15.6-rc-1,15.9,MODERATE,CWE-352 -CVE-2024-31985,2024-04-10T17:14:12Z,"XWiki Platform CSRF in the job scheduler","org.xwiki.platform:xwiki-platform-scheduler-ui",3.1,14.10.19,MODERATE,CWE-352 -CVE-2024-31986,2024-04-10T17:14:35Z,"XWiki Platform CSRF remote code execution through scheduler job's document reference","org.xwiki.platform:xwiki-platform-scheduler-ui",15.0-rc-1,15.5.4,CRITICAL,CWE-352;CWE-95 -CVE-2024-31986,2024-04-10T17:14:35Z,"XWiki Platform CSRF remote code execution through scheduler job's document reference","org.xwiki.platform:xwiki-platform-scheduler-ui",15.6-rc-1,15.9,CRITICAL,CWE-352;CWE-95 -CVE-2024-31986,2024-04-10T17:14:35Z,"XWiki Platform CSRF remote code execution through scheduler job's document reference","org.xwiki.platform:xwiki-platform-scheduler-ui",3.1,14.10.19,CRITICAL,CWE-352;CWE-95 -CVE-2024-31987,2024-04-10T17:14:47Z,"XWiki Platform remote code execution from account via custom skins support","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.4,CRITICAL,CWE-862 -CVE-2024-31987,2024-04-10T17:14:47Z,"XWiki Platform remote code execution from account via custom skins support","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10-rc-1,CRITICAL,CWE-862 -CVE-2024-31987,2024-04-10T17:14:47Z,"XWiki Platform remote code execution from account via custom skins support","org.xwiki.platform:xwiki-platform-oldcore",6.4-milestone-1,14.10.19,CRITICAL,CWE-862 -CVE-2024-31988,2024-04-10T17:14:59Z,"XWiki Platform CSRF remote code execution through the realtime HTML Converter API","org.xwiki.platform:xwiki-platform-realtime-ui",13.9-rc-1,14.10.19,CRITICAL,CWE-352 -CVE-2024-31988,2024-04-10T17:14:59Z,"XWiki Platform CSRF remote code execution through the realtime HTML Converter API","org.xwiki.platform:xwiki-platform-realtime-ui",15.0-rc-1,15.5.4,CRITICAL,CWE-352 -CVE-2024-31988,2024-04-10T17:14:59Z,"XWiki Platform CSRF remote code execution through the realtime HTML Converter API","org.xwiki.platform:xwiki-platform-realtime-ui",15.6-rc-1,15.9,CRITICAL,CWE-352 -CVE-2024-31996,2024-04-10T17:16:37Z,"XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution","org.xwiki.commons:xwiki-commons-velocity",15.0-rc-1,15.5.4,CRITICAL,CWE-95 -CVE-2024-31996,2024-04-10T17:16:37Z,"XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution","org.xwiki.commons:xwiki-commons-velocity",15.6-rc-1,15.9-rc-1,CRITICAL,CWE-95 -CVE-2024-31996,2024-04-10T17:16:37Z,"XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution","org.xwiki.commons:xwiki-commons-velocity",3.0.1,14.10.19,CRITICAL,CWE-95 -CVE-2024-31997,2024-04-10T17:16:53Z,"XWiki Platform remote code execution from account through UIExtension parameters","org.xwiki.platform:xwiki-platform-uiextension-api",0,14.10.19,CRITICAL,CWE-862 -CVE-2024-31997,2024-04-10T17:16:53Z,"XWiki Platform remote code execution from account through UIExtension parameters","org.xwiki.platform:xwiki-platform-uiextension-api",15.0-rc-1,15.5.4,CRITICAL,CWE-862 -CVE-2024-31997,2024-04-10T17:16:53Z,"XWiki Platform remote code execution from account through UIExtension parameters","org.xwiki.platform:xwiki-platform-uiextension-api",15.6-rc-1,15.9-rc-1,CRITICAL,CWE-862 -CVE-2024-32007,2024-07-19T09:32:06Z,"Apache CXF Denial of Service vulnerability in JOSE","org.apache.cxf:cxf-rt-rs-security-jose",0,3.5.9,MODERATE,CWE-20 -CVE-2024-32007,2024-07-19T09:32:06Z,"Apache CXF Denial of Service vulnerability in JOSE","org.apache.cxf:cxf-rt-rs-security-jose",3.6.0,3.6.4,MODERATE,CWE-20 -CVE-2024-32007,2024-07-19T09:32:06Z,"Apache CXF Denial of Service vulnerability in JOSE","org.apache.cxf:cxf-rt-rs-security-jose",4.0.0,4.0.5,MODERATE,CWE-20 -CVE-2024-32114,2024-05-02T09:30:48Z,"Apache ActiveMQ's default configuration doesn't secure the API web context","org.apache.activemq:apache-activemq",6.0.0,6.1.2,HIGH,CWE-1188 -CVE-2024-32656,2024-04-22T15:51:59Z,"Ant Media Server vulnerable to a local privilege escalation","io.antmedia:ant-media-server",2.6.0,2.9.0,HIGH,CWE-862 -CVE-2024-32888,2024-05-15T17:10:49Z,"Amazon JDBC Driver for Redshift SQL Injection via line comment generation","com.amazon.redshift:redshift-jdbc42",0,2.1.0.28,CRITICAL,CWE-89 -CVE-2024-3366,2024-04-06T12:30:56Z,"Xuxueli xxl-job template injection vulnerability",com.xuxueli:xxl-job-core,0,,LOW,CWE-74 -CVE-2024-33748,2024-05-07T18:30:33Z,"MS Basic Cross-site Scripting vulnerability",net.mingsoft:ms-basic,0,,MODERATE,CWE-79 -CVE-2024-34144,2024-05-02T15:30:35Z,"Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies","org.jenkins-ci.plugins:script-security",0,1336.vf33a,HIGH,CWE-693 -CVE-2024-34145,2024-05-02T15:30:35Z,"Jenkins Script Security Plugin sandbox bypass vulnerability","org.jenkins-ci.plugins:script-security",0,1336.vf33a,HIGH,CWE-290 -CVE-2024-34146,2024-05-02T15:30:35Z,"Jenkins Git server Plugin does not perform a permission check","org.jenkins-ci.plugins:git-server",0,117.veb,MODERATE,CWE-269 -CVE-2024-34147,2024-05-02T15:30:35Z,"Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext","org.jenkins-ci.plugins:telegrambot",0,,LOW,CWE-522 -CVE-2024-34148,2024-05-02T15:30:35Z,"Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721 ","org.jenkins-ci.plugins:partial-release-manager",0,,MODERATE,CWE-1321 -CVE-2024-34365,2024-05-14T18:30:50Z,"Apache Karaf Cave: Cave SSRF and arbitrary file access ",org.apache.karaf:cave,0,,CRITICAL,CWE-20;CWE-918 -CVE-2024-34447,2024-05-03T18:30:37Z,"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning","org.bouncycastle:bcprov-jdk12",1.61,1.78,LOW, -CVE-2024-34447,2024-05-03T18:30:37Z,"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning","org.bouncycastle:bcprov-jdk13",1.61,1.78,LOW, -CVE-2024-34447,2024-05-03T18:30:37Z,"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning","org.bouncycastle:bcprov-jdk14",1.61,1.78,LOW, -CVE-2024-34447,2024-05-03T18:30:37Z,"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning","org.bouncycastle:bcprov-jdk15to18",1.61,1.78,LOW, -CVE-2024-34447,2024-05-03T18:30:37Z,"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning","org.bouncycastle:bcprov-jdk18on",1.61,1.78,LOW, -CVE-2024-34517,2024-05-07T18:30:34Z,"Neo4j Cypher component mishandles IMMUTABLE privileges",org.neo4j:neo4j-cypher,5.0.0,5.19.0,MODERATE,CWE-269 -CVE-2024-3462,2024-05-14T18:30:52Z,"Ant Media Server does not properly authorize non-administrative API calls","io.antmedia:ant-media-server",0,,LOW,CWE-302 -CVE-2024-34696,2024-07-01T19:20:57Z," GeoServer's Server Status shows sensitive environmental variables and Java properties","org.geoserver.web:gs-web-app",2.10.0,2.24.4,MODERATE,CWE-200 -CVE-2024-34696,2024-07-01T19:20:57Z," GeoServer's Server Status shows sensitive environmental variables and Java properties","org.geoserver.web:gs-web-app",2.25.0,2.25.1,MODERATE,CWE-200 -CVE-2024-34696,2024-07-01T19:20:57Z," GeoServer's Server Status shows sensitive environmental variables and Java properties",org.geoserver:gs-main,2.10.0,2.24.4,MODERATE,CWE-200 -CVE-2024-34696,2024-07-01T19:20:57Z," GeoServer's Server Status shows sensitive environmental variables and Java properties",org.geoserver:gs-main,2.25.0,2.25.1,MODERATE,CWE-200 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat.embed:tomcat-embed-core",10.1.0-M1,10.1.25,HIGH,CWE-400;CWE-755 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M1,11.0.0-M21,HIGH,CWE-400;CWE-755 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat.embed:tomcat-embed-core",9.0.0-M1,9.0.90,HIGH,CWE-400;CWE-755 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat:tomcat-coyote",10.1.0-M1,10.1.25,HIGH,CWE-400;CWE-755 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat:tomcat-coyote",11.0.0-M1,11.0.0-M21,HIGH,CWE-400;CWE-755 -CVE-2024-34750,2024-07-03T21:39:44Z,"Apache Tomcat - Denial of Service","org.apache.tomcat:tomcat-coyote",9.0.0-M1,9.0.90,HIGH,CWE-400;CWE-755 -CVE-2024-35219,2024-05-28T15:47:57Z,"OpenAPI Generator Online - Arbitrary File Read/Delete","org.openapitools:openapi-generator-online",0,7.6.0,HIGH,CWE-22 -CVE-2024-35255,2024-06-11T18:30:50Z,"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability","com.microsoft.azure:msal4j",1.14.4-beta,1.15.1,MODERATE,CWE-362 -CVE-2024-35255,2024-06-11T18:30:50Z,"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability",com.azure:azure-identity,0,1.12.2,MODERATE,CWE-362 -CVE-2024-35371,2024-11-29T21:31:04Z,"Ant-Media-Server vulnerable to Improper Output Neutralization for Logs","io.antmedia:ant-media-server",0,2.9.0,HIGH,CWE-125 -CVE-2024-36042,2024-06-03T06:30:53Z,"Silverpeas authentication bypass","org.silverpeas.core:silverpeas-core",0,6.3.5,CRITICAL,CWE-288 -CVE-2024-36114,2024-06-02T22:30:02Z,"Decompressors can crash the JVM and leak memory content in Aircompressor",io.airlift:aircompressor,0,0.27,HIGH,CWE-125;CWE-787 -CVE-2024-36115,2024-08-02T21:12:54Z,"Reposilite artifacts vulnerable to Stored Cross-site Scripting","com.reposilite:reposilite-backend",3.3.0,3.5.12,HIGH,CWE-79 -CVE-2024-36116,2024-08-02T21:13:13Z,"Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)","com.reposilite:reposilite-backend",3.3.0,3.5.12,HIGH,CWE-22 -CVE-2024-36117,2024-08-05T21:29:27Z,"Duplicate Advisory: Reposilite Arbitrary File Read vulnerability","com.reposilite:reposilite-backend",3.3.0,3.5.12,HIGH,CWE-22 -CVE-2024-36121,2024-06-05T16:53:49Z,"BoringSSLAEADContext in Netty Repeats Nonces","io.netty.incubator:netty-incubator-codec-ohttp",0.0.3.Final,0.0.11.Final,MODERATE,CWE-190;CWE-200 -CVE-2024-36124,2024-06-04T17:38:31Z,"iq80 Snappy out-of-bounds read when uncompressing data, leading to JVM crash",org.iq80.snappy:snappy,0,0.5,MODERATE,CWE-125 -CVE-2024-36263,2024-06-12T15:31:45Z,"Apache Submarine Server Core has a SQL Injection Vulnerability","org.apache.submarine:submarine-server-core",0,,HIGH,CWE-89 -CVE-2024-36264,2024-06-12T15:31:44Z,"Apache Submarine Commons Utils has a hard-coded secret","org.apache.submarine:submarine-commons-utils",0,,MODERATE,CWE-287;CWE-798 -CVE-2024-36265,2024-06-12T15:31:45Z,"Apache Submarine Server Core Incorrect Authorization vulnerability","org.apache.submarine:submarine-server-core",0,,CRITICAL,CWE-863 -CVE-2024-36268,2024-08-02T12:31:43Z,"Apache Inlong Code Injection vulnerability","org.apache.inlong:tubemq-core",1.10.0,1.13.0,HIGH,CWE-94 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver","org.geoserver.web:gs-web-app",0,2.23.6,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver","org.geoserver.web:gs-web-app",2.24.0,2.24.4,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver","org.geoserver.web:gs-web-app",2.25.0,2.25.2,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wfs,0,2.23.6,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wfs,2.24.0,2.24.4,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wfs,2.25.0,2.25.2,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wms,0,2.23.6,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wms,2.24.0,2.24.4,CRITICAL,CWE-94;CWE-95 -CVE-2024-36401,2024-07-01T20:34:50Z,"Remote Code Execution (RCE) vulnerability in geoserver",org.geoserver:gs-wms,2.25.0,2.25.2,CRITICAL,CWE-94;CWE-95 -CVE-2024-36522,2024-07-12T15:31:26Z,"Apache Wicket: Remote code execution via XSLT injection","org.apache.wicket:wicket-util",10.0.0-M1,10.1.0,HIGH,CWE-74 -CVE-2024-36522,2024-07-12T15:31:26Z,"Apache Wicket: Remote code execution via XSLT injection","org.apache.wicket:wicket-util",8.0.0,8.16.0,HIGH,CWE-74 -CVE-2024-36522,2024-07-12T15:31:26Z,"Apache Wicket: Remote code execution via XSLT injection","org.apache.wicket:wicket-util",9.0.0,9.18.0,HIGH,CWE-74 -CVE-2024-3653,2024-07-09T00:31:40Z,"Undertow Missing Release of Memory after Effective Lifetime vulnerability","io.undertow:undertow-core",0,2.2.34.Final,MODERATE,CWE-401 -CVE-2024-3653,2024-07-09T00:31:40Z,"Undertow Missing Release of Memory after Effective Lifetime vulnerability","io.undertow:undertow-core",2.3.0.Alpha1,2.3.15.Final,MODERATE,CWE-401 -CVE-2024-36543,2024-06-17T21:31:10Z,"STRIMZI incorrect access control",io.strimzi:strimzi,0,,HIGH,CWE-306;CWE-400 -CVE-2024-3656,2024-06-11T20:22:40Z,"Keycloak's admin API allows low privilege users to use administrative functions","org.keycloak:keycloak-services",0,24.0.5,HIGH,CWE-200;CWE-269;CWE-284 -CVE-2024-37084,2024-07-25T12:32:00Z,"Remote code execution in Spring Cloud Data Flow","org.springframework.cloud:spring-cloud-skipper",0,2.11.4,CRITICAL,CWE-22;CWE-94 -CVE-2024-37280,2024-06-13T18:31:58Z,"Elasticsearch StackOverflow vulnerability","org.elasticsearch:elasticsearch",8.13.1,8.14.0,MODERATE,CWE-122;CWE-787 -CVE-2024-37309,2024-06-13T19:39:06Z,"CrateDB has a Client initialized Session-Renegotiation DoS",io.crate:crate,0,5.7.2,MODERATE,CWE-770 -CVE-2024-37389,2024-07-08T09:32:22Z,"Apache NiFi vulnerable to Cross-site Scripting","org.apache.nifi:nifi-web-ui",1.10.0,1.27.0,MODERATE,CWE-79 -CVE-2024-37389,2024-07-08T09:32:22Z,"Apache NiFi vulnerable to Cross-site Scripting","org.apache.nifi:nifi-web-ui",2.0.0-M1,2.0.0-M4,MODERATE,CWE-79 -CVE-2024-37898,2024-07-31T15:20:02Z,"XWiki Platform vulnerable to document deletion and overwrite from edit","org.xwiki.platform:xwiki-platform-oldcore",13.10.4,14.10.21,MODERATE,CWE-862 -CVE-2024-37898,2024-07-31T15:20:02Z,"XWiki Platform vulnerable to document deletion and overwrite from edit","org.xwiki.platform:xwiki-platform-oldcore",14.2,14.10.21,MODERATE,CWE-862 -CVE-2024-37898,2024-07-31T15:20:02Z,"XWiki Platform vulnerable to document deletion and overwrite from edit","org.xwiki.platform:xwiki-platform-oldcore",15.0,15.5.5,MODERATE,CWE-862 -CVE-2024-37898,2024-07-31T15:20:02Z,"XWiki Platform vulnerable to document deletion and overwrite from edit","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10.6,MODERATE,CWE-862 -CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",13.10.3,14.10.21,CRITICAL,CWE-266;CWE-94 -CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",13.4.7,14.10.21,CRITICAL,CWE-266;CWE-94 -CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.5,CRITICAL,CWE-266;CWE-94 -CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10.6,CRITICAL,CWE-266;CWE-94 -CVE-2024-37899,2024-06-20T16:19:14Z,"XWiki Platform allows remote code execution from user account","org.xwiki.platform:xwiki-platform-oldcore",16.0.0-rc-1,16.0.0,CRITICAL,CWE-266;CWE-94 -CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.0-rc-1,15.5.5,HIGH,CWE-94;CWE-96 -CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",15.6-rc-1,15.10.6,HIGH,CWE-94;CWE-96 -CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",16.0.0-rc-1,16.0.0,HIGH,CWE-94;CWE-96 -CVE-2024-37900,2024-07-31T15:21:06Z,"XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader","org.xwiki.platform:xwiki-platform-web-war",4.2-milestone-3,14.10.21,HIGH,CWE-94;CWE-96 -CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",15.0-rc-1,15.5.5,CRITICAL,CWE-862;CWE-94;CWE-95 -CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",15.6-rc-1,15.10.2,CRITICAL,CWE-862;CWE-94;CWE-95 -CVE-2024-37901,2024-07-31T15:24:37Z,"XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet","org.xwiki.platform:xwiki-platform-search-ui",9.2-rc-1,14.10.21,CRITICAL,CWE-862;CWE-94;CWE-95 -CVE-2024-37902,2024-06-17T21:20:44Z,"DeepJavaLibrary API absolute path traversal",ai.djl:api,0.1.0,0.28.0,CRITICAL,CWE-22 -CVE-2024-3825,2024-04-17T15:30:43Z,"BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery","com.blazemeter.plugins:BlazeMeterJenkinsPlugin",0,4.22,MODERATE,CWE-352 -CVE-2024-38286,2024-11-07T09:30:42Z,"Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability","org.apache.tomcat:tomcat-util",10.1.0-M1,10.1.25,HIGH,CWE-770 -CVE-2024-38286,2024-11-07T09:30:42Z,"Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability","org.apache.tomcat:tomcat-util",11.0.0-M1,11.0.0-M21,HIGH,CWE-770 -CVE-2024-38286,2024-11-07T09:30:42Z,"Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability","org.apache.tomcat:tomcat-util",9.0.13,9.0.90,HIGH,CWE-770 -CVE-2024-38364,2024-06-25T17:07:32Z,"DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document","org.dspace:dspace-server-webapp",7.0,7.6.2,LOW,CWE-79 -CVE-2024-38369,2024-06-24T18:00:16Z,"XWiki programming rights may be inherited by inclusion","org.xwiki.platform:xwiki-platform-rendering-macro-include",0,15.0-rc-1,CRITICAL,CWE-863 -CVE-2024-38374,2024-06-24T20:44:48Z,"Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java","org.cyclonedx:cyclonedx-core-java",2.1.0,9.0.4,HIGH,CWE-611 -CVE-2024-38460,2024-06-16T15:30:44Z,"SonarQube logs sensitive information","org.sonarsource.sonarqube:sonar-web",0,9.9.4,MODERATE,CWE-532 -CVE-2024-38503,2024-07-22T12:30:37Z,"Apache Syncope Improper Input Validation vulnerability","org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui",2.1.0,3.0.8,HIGH,CWE-20;CWE-79 -CVE-2024-38503,2024-07-22T12:30:37Z,"Apache Syncope Improper Input Validation vulnerability","org.apache.syncope.client.idrepo:syncope-client-idrepo-console",2.1.0,3.0.8,HIGH,CWE-20;CWE-79 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader",2.7.0,2.7.22,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader",3.0.0,3.0.17,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader",3.1.0,3.1.13,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader",3.2.0,3.2.9,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader",3.3.0,3.3.3,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader-classic",2.7.0,2.7.22,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader-classic",3.0.0,3.0.17,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader-classic",3.1.0,3.1.13,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader-classic",3.2.0,3.2.9,HIGH,CWE-347 -CVE-2024-38807,2024-08-23T09:30:35Z,"Signature forgery in Spring Boot's Loader","org.springframework.boot:spring-boot-loader-classic",3.3.0,3.3.3,HIGH,CWE-347 -CVE-2024-38808,2024-08-20T09:30:28Z,"Spring Framework vulnerable to Denial of Service","org.springframework:spring-expression",0,5.3.39,MODERATE,CWE-770 -CVE-2024-38809,2024-09-24T18:34:43Z,"Spring Framework DoS via conditional HTTP request","org.springframework:spring-web",0,5.3.38,MODERATE,CWE-1333;CWE-400 -CVE-2024-38809,2024-09-24T18:34:43Z,"Spring Framework DoS via conditional HTTP request","org.springframework:spring-web",6.0.0,6.0.23,MODERATE,CWE-1333;CWE-400 -CVE-2024-38809,2024-09-24T18:34:43Z,"Spring Framework DoS via conditional HTTP request","org.springframework:spring-web",6.1.0,6.1.12,MODERATE,CWE-1333;CWE-400 -CVE-2024-38810,2024-08-20T06:31:36Z,"Spring Security Missing Authorization vulnerability","org.springframework.security:spring-security-core",6.3.0,6.3.2,MODERATE,CWE-287 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webflux",5.3.0,,HIGH,CWE-22 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webflux",6.0.0,,HIGH,CWE-22 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webflux",6.1.0,6.1.13,HIGH,CWE-22 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webmvc",5.3.0,,HIGH,CWE-22 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webmvc",6.0.0,,HIGH,CWE-22 -CVE-2024-38816,2024-09-13T06:30:42Z,"Path traversal vulnerability in functional web frameworks","org.springframework:spring-webmvc",6.1.0,6.1.13,HIGH,CWE-22 -CVE-2024-38820,2024-10-18T06:30:32Z,"Spring Framework DataBinder Case Sensitive Match Exception","org.springframework:spring-context",0,6.1.14,MODERATE,CWE-178 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",0,5.7.13,CRITICAL,CWE-285;CWE-770 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",5.8.0,5.8.15,CRITICAL,CWE-285;CWE-770 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",6.0.0,6.0.13,CRITICAL,CWE-285;CWE-770 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",6.1.0,6.1.11,CRITICAL,CWE-285;CWE-770 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",6.2.0,6.2.7,CRITICAL,CWE-285;CWE-770 -CVE-2024-38821,2024-10-28T09:30:53Z,"Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications","org.springframework.security:spring-security-web",6.3.0,6.3.4,CRITICAL,CWE-285;CWE-770 -CVE-2024-38827,2024-12-02T15:31:41Z,"Spring Framework has Authorization Bypass for Case Sensitive Comparisons","org.springframework:spring-beans",0,6.1.14,MODERATE,CWE-639 -CVE-2024-38827,2024-12-02T15:31:41Z,"Spring Framework has Authorization Bypass for Case Sensitive Comparisons","org.springframework:spring-context",0,6.1.14,MODERATE,CWE-639 -CVE-2024-38827,2024-12-02T15:31:41Z,"Spring Framework has Authorization Bypass for Case Sensitive Comparisons","org.springframework:spring-core",0,6.1.14,MODERATE,CWE-639 -CVE-2024-38827,2024-12-02T15:31:41Z,"Spring Framework has Authorization Bypass for Case Sensitive Comparisons","org.springframework:spring-expression",0,6.1.14,MODERATE,CWE-639 -CVE-2024-38827,2024-12-02T15:31:41Z,"Spring Framework has Authorization Bypass for Case Sensitive Comparisons","org.springframework:spring-jdbc",0,6.1.14,MODERATE,CWE-639 -CVE-2024-38828,2024-11-18T06:30:35Z,"Spring MVC controller vulnerable to a DoS attack","org.springframework:spring-webmvc",5.3.0,,MODERATE, -CVE-2024-38829,2024-12-04T21:30:52Z,"Spring LDAP data exposure vulnerability","org.springframework.ldap:spring-ldap-core",0,2.4.4,MODERATE,CWE-178 -CVE-2024-38829,2024-12-04T21:30:52Z,"Spring LDAP data exposure vulnerability","org.springframework.ldap:spring-ldap-core",3.0.0,3.2.8,MODERATE,CWE-178 -CVE-2024-39031,2024-07-09T21:30:39Z,"Silverpeas Core Cross-site Scripting vulnerability","org.silverpeas.core:silverpeas-core-rs",0,,MODERATE,CWE-79 -CVE-2024-39031,2024-07-09T21:30:39Z,"Silverpeas Core Cross-site Scripting vulnerability","org.silverpeas.core:silverpeas-core-seb",0,,MODERATE,CWE-79 -CVE-2024-39458,2024-06-26T18:30:28Z,"Exposure of secrets through system log in Jenkins Structs Plugin","org.jenkins-ci.plugins:structs",0,338.v848422169819,LOW,CWE-200;CWE-209 -CVE-2024-39459,2024-06-26T18:30:28Z,"Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin ","org.jenkins-ci.plugins:plain-credentials",0,183.va,MODERATE,CWE-319;CWE-922 -CVE-2024-39460,2024-06-26T18:30:28Z,"Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin ","org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source",0,887.va,MODERATE,CWE-532 -CVE-2024-39610,2024-11-15T06:30:33Z,"FitNesse Cross-site scripting",org.fitnesse:fitnesse,0,20241026,MODERATE,CWE-79 -CVE-2024-39676,2024-07-24T09:30:40Z,"Apache Pinot: Unauthorized endpoint exposed sensitive information","org.apache.pinot:pinot-controller",0.1,1.0.0,HIGH,CWE-200 -CVE-2024-39900,2024-07-18T15:22:02Z,"The OpenSearch reporting plugin improperly controls tenancy access to reporting resources","org.opensearch.plugin:opensearch-reports-scheduler",0,2.14.0.0,MODERATE,CWE-639 -CVE-2024-39901,2024-07-10T16:04:08Z,"OpenSearch Observability does not properly restrict access to private tenant resources","org.opensearch.plugin:opensearch-observability",0,2.14.0.0,LOW,CWE-285;CWE-639 -CVE-2024-39928,2024-09-25T03:30:35Z,"Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability","org.apache.linkis:linkis-engineplugin-spark",0,1.6.0,HIGH,CWE-326 -CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",0,19.11,HIGH,CWE-770 -CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",20.0,20.9,HIGH,CWE-770 -CVE-2024-40094,2024-07-30T09:31:50Z,"GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service","com.graphql-java:graphql-java",21.0,21.5,HIGH,CWE-770 -CVE-2024-4029,2024-05-02T15:30:35Z,"Wildfly vulnerable to denial of service","org.wildfly:wildfly-domain-http",0,,MODERATE,CWE-770 -CVE-2024-40642,2024-07-18T22:14:28Z,"Absent Input Validation in BinaryHttpParser","io.netty.incubator:netty-incubator-codec-bhttp",0,0.0.13.Final,HIGH,CWE-20 -CVE-2024-4109,2024-12-12T09:31:36Z,"undertow: information leakage via HTTP/2 request header reuse","io.undertow:undertow-core",0,,HIGH,CWE-200 -CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",3.6.0,3.6.4,MODERATE,CWE-401 -CVE-2024-41172,2024-07-19T09:32:06Z,"Apache CXF allows unrestricted memory consumption in CXF HTTP clients","org.apache.cxf:cxf-rt-transports-http",4.0.0,4.0.5,MODERATE,CWE-401 -CVE-2024-41667,2024-07-25T14:15:32Z,"OpenAM FreeMarker template injection","org.openidentityplatform.openam:openam-oauth2",0,15.0.4,HIGH,CWE-94 -CVE-2024-41909,2024-08-12T18:30:47Z,"Apache MINA SSHD: integrity check bypass","org.apache.sshd:sshd-common",0,2.12.0,HIGH,CWE-354 -CVE-2024-41947,2024-07-31T16:54:36Z,"XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution","org.xwiki.platform:xwiki-platform-web-templates",11.8-rc-1,15.10.8,CRITICAL,CWE-79;CWE-80 -CVE-2024-41947,2024-07-31T16:54:36Z,"XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution","org.xwiki.platform:xwiki-platform-web-templates",16.0.0-rc-1,16.3.0-rc-1,CRITICAL,CWE-79;CWE-80 -CVE-2024-41948,2024-07-31T18:48:40Z,"biscuit-java vulnerable to public key confusion in third party block",org.biscuitsec:biscuit,3.0.0,4.0.0,MODERATE,CWE-1259 -CVE-2024-42467,2024-08-09T18:21:07Z,"CometVisu Backend for openHAB affected by SSRF/XSS","org.openhab.ui.bundles:org.openhab.ui.cometvisu",0,4.2.1,HIGH,CWE-918 -CVE-2024-42468,2024-08-09T18:24:14Z,"CometVisu Backend for openHAB has a path traversal vulnerability","org.openhab.ui.bundles:org.openhab.ui.cometvisu",0,4.2.1,MODERATE,CWE-22 -CVE-2024-42469,2024-08-09T18:24:07Z,"CometVisu Backend for openHAB affected by RCE through path traversal","org.openhab.ui.bundles:org.openhab.ui.cometvisu",0,4.2.1,CRITICAL,CWE-22 -CVE-2024-42470,2024-08-09T18:21:22Z,"CometVisu Backend for openHAB has a sensitive information disclosure vulnerability","org.openhab.ui.bundles:org.openhab.ui.cometvisu",0,4.2.1,MODERATE,CWE-862 -CVE-2024-42499,2024-11-15T06:30:33Z,"FitNesse Path Traversal",org.fitnesse:fitnesse,0,20241026,MODERATE,CWE-22 -CVE-2024-42681,2024-08-15T18:31:51Z,"Improper Preservation of Permissions in xxl-job",com.xuxueli:xxl-job-core,0,,HIGH,CWE-276;CWE-277;CWE-281 -CVE-2024-42850,2024-08-16T21:32:36Z,"Silverpeas vulnerable to password complexity rule bypass","org.silverpeas.core:silverpeas-core",0,,LOW,CWE-521 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",0,2.452.4,HIGH,CWE-22;CWE-754 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.460,2.462.1,HIGH,CWE-22;CWE-754 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:jenkins-core",2.470,2.471,HIGH,CWE-22;CWE-754 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",0,3206.3208,HIGH,CWE-22;CWE-754 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3248,3248.3250,HIGH,CWE-22;CWE-754 -CVE-2024-43044,2024-08-07T15:30:42Z,"Jenkins Remoting library arbitrary file read vulnerability","org.jenkins-ci.main:remoting",3256,3256.3258,HIGH,CWE-22;CWE-754 -CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",0,2.452.4,MODERATE,CWE-285;CWE-862 -CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",2.460,2.462.1,MODERATE,CWE-285;CWE-862 -CVE-2024-43045,2024-08-07T15:30:42Z,"Jenkins does not perform a permission check in an HTTP endpoint","org.jenkins-ci.main:jenkins-core",2.470,2.471,MODERATE,CWE-285;CWE-862 -CVE-2024-43202,2024-08-20T09:30:28Z,"Apache Dolphinscheduler Code Injection vulnerability","org.apache.dolphinscheduler:dolphinscheduler-task-api",0,3.2.2,CRITICAL,CWE-94 -CVE-2024-43382,2024-10-30T14:37:53Z,"Snowflake JDBC Security Advisory","net.snowflake:snowflake-jdbc",3.2.6,3.20.0,MODERATE,CWE-311;CWE-326 -CVE-2024-43397,2024-08-20T18:36:40Z,"apollo-portal has potential unauthorized access issue","com.ctrip.framework.apollo:apollo",0,2.3.0,MODERATE,CWE-284 -CVE-2024-43400,2024-08-19T21:49:07Z,"XWiki Platform allows XSS through XClass name in string properties","org.xwiki.platform:xwiki-platform-oldcore",1.1.2,14.10.21,CRITICAL,CWE-79;CWE-96 -CVE-2024-43400,2024-08-19T21:49:07Z,"XWiki Platform allows XSS through XClass name in string properties","org.xwiki.platform:xwiki-platform-oldcore",15.0-rc-1,15.5.5,CRITICAL,CWE-79;CWE-96 -CVE-2024-43400,2024-08-19T21:49:07Z,"XWiki Platform allows XSS through XClass name in string properties","org.xwiki.platform:xwiki-platform-oldcore",15.6-rc-1,15.10.6,CRITICAL,CWE-79;CWE-96 -CVE-2024-43400,2024-08-19T21:49:07Z,"XWiki Platform allows XSS through XClass name in string properties","org.xwiki.platform:xwiki-platform-oldcore",16.0.0-rc-1,16.0.0,CRITICAL,CWE-79;CWE-96 -CVE-2024-43401,2024-08-19T21:49:15Z,"In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them","org.xwiki.platform:xwiki-platform-web-templates",0,15.10-rc-1,CRITICAL,CWE-269;CWE-862 -CVE-2024-44076,2024-08-19T03:30:48Z,"Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access","io.github.microcks:microcks-app",0,1.10.0,HIGH,CWE-269;CWE-863 -CVE-2024-45031,2024-10-24T15:31:08Z,"Apache Syncope: Stored XSS in Console and Enduser","org.apache.syncope.client:syncope-client-console",2.1.0,,MODERATE,CWE-20;CWE-79 -CVE-2024-45106,2024-12-03T12:31:11Z,"Apache Ozone: Improper authentication when generating S3 secrets",org.apache.ozone:ozone,1.4.0,1.4.1,HIGH,CWE-287;CWE-863 -CVE-2024-45216,2024-10-16T09:30:31Z,"Improper Authentication vulnerability in Apache Solr",org.apache.solr:solr,5.3.0,8.11.4,CRITICAL,CWE-287;CWE-863 -CVE-2024-45216,2024-10-16T09:30:31Z,"Improper Authentication vulnerability in Apache Solr",org.apache.solr:solr,9.0.0,9.7.0,CRITICAL,CWE-287;CWE-863 -CVE-2024-45217,2024-10-16T09:30:31Z,"Insecure Default Initialization of Resource vulnerability in Apache Solr",org.apache.solr:solr,6.6.0,8.11.4,HIGH,CWE-1188 -CVE-2024-45217,2024-10-16T09:30:31Z,"Insecure Default Initialization of Resource vulnerability in Apache Solr",org.apache.solr:solr,9.0.0,9.7.0,HIGH,CWE-1188 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may",0,6.3.23,HIGH,CWE-611 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.dstu3",0,6.3.23,HIGH,CWE-611 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r4",0,6.3.23,HIGH,CWE-611 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r4b",0,6.3.23,HIGH,CWE-611 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r5",0,6.3.23,HIGH,CWE-611 -CVE-2024-45294,2024-09-06T19:45:27Z,"XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.utilities",0,6.3.23,HIGH,CWE-611 -CVE-2024-4536,2024-05-07T15:30:36Z,"Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure","org.eclipse.edc:connector-core",0.2.1,0.6.3,MODERATE,CWE-201 -CVE-2024-45384,2024-09-17T21:30:32Z,"druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability","org.apache.druid.extensions:druid-pac4j",0.18.0,30.0.1,LOW,CWE-347 -CVE-2024-4540,2024-06-10T18:36:56Z,"Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)","org.keycloak:keycloak-services",0,24.0.5,HIGH,CWE-200;CWE-922 -CVE-2024-45477,2024-10-29T09:30:51Z,"Apache NiFi Cross-site Scripting vulnerability","org.apache.nifi:nifi-web-ui",1.10.0,1.28.0,MODERATE,CWE-79 -CVE-2024-45477,2024-10-29T09:30:51Z,"Apache NiFi Cross-site Scripting vulnerability","org.apache.nifi:nifi-web-ui",2.0.0-M1,2.0.0-M4,MODERATE,CWE-79 -CVE-2024-45537,2024-09-17T21:30:32Z,"Apache Druid: Users can provide MySQL JDBC properties not on allow list",org.apache.druid:druid,0,30.0.1,LOW,CWE-20 -CVE-2024-45591,2024-09-10T15:53:27Z,"XWiki Platform document history including authors of any page exposed to unauthorized actors","org.xwiki.platform:xwiki-platform-rest-server",1.8.0,15.10.9,MODERATE,CWE-359;CWE-862 -CVE-2024-45591,2024-09-10T15:53:27Z,"XWiki Platform document history including authors of any page exposed to unauthorized actors","org.xwiki.platform:xwiki-platform-rest-server",16.0.0-rc-1,16.3.0-rc-1,MODERATE,CWE-359;CWE-862 -CVE-2024-45772,2024-09-30T09:30:47Z,"Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.","org.apache.lucene:lucene-replicator",4.4.0,9.12.0,MODERATE,CWE-502 -CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",0,22.0.12,MODERATE,CWE-307;CWE-837 -CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",23.0.0,24.0.7,MODERATE,CWE-307;CWE-837 -CVE-2024-4629,2024-09-17T22:29:01Z,"Keycloak Services has a potential bypass of brute force protection","org.keycloak:keycloak-services",25.0.0,25.0.4,MODERATE,CWE-307;CWE-837 -CVE-2024-46942,2024-09-16T14:37:28Z,"OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries","org.opendaylight.mdsal:mdsal-artifacts",0,,HIGH,CWE-285 -CVE-2024-46943,2024-09-16T14:37:28Z,"OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability","org.opendaylight.aaa:aaa-artifacts",0,,MODERATE,CWE-285;CWE-287;CWE-520 -CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,14.10.21,HIGH,CWE-648 -CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.5.5,HIGH,CWE-648 -CVE-2024-46978,2024-09-18T14:26:16Z,"org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions","org.xwiki.platform:xwiki-platform-notifications-ui",15.6-rc-1,15.10.1,HIGH,CWE-648 -CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",13.2-rc-1,14.10.21,MODERATE,CWE-200;CWE-359 -CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",15.0-rc-1,15.5.5,MODERATE,CWE-200;CWE-359 -CVE-2024-46979,2024-09-18T14:26:20Z,"org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users","org.xwiki.platform:xwiki-platform-notifications-ui",15.6-rc-1,15.10.1,MODERATE,CWE-200;CWE-359 -CVE-2024-46983,2024-09-19T14:49:20Z,"SOFA Hessian Remote Command Execution (RCE) Vulnerability",com.alipay.sofa:hessian,0,3.5.5,HIGH,CWE-502;CWE-74 -CVE-2024-46984,2024-09-19T14:49:40Z,"Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack","de.gematik.refv.commons:commons",0,2.5.1,HIGH,CWE-611 -CVE-2024-46985,2024-09-23T20:27:22Z,"DataEase has an XML External Entity Reference vulnerability",io.dataease:common,0,2.10.1,HIGH,CWE-611 -CVE-2024-46997,2024-09-23T20:27:11Z,"DataEase's H2 datasource has a remote command execution risk",io.dataease:common,0,2.10.1,CRITICAL,CWE-74 -CVE-2024-4701,2024-05-09T21:35:23Z,"Genie Path Traversal vulnerability via File Uploads","com.netflix.genie:genie-web",0,4.3.18,CRITICAL,CWE-22 -CVE-2024-47072,2024-11-07T21:51:17Z,"XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream","com.thoughtworks.xstream:xstream",0,1.4.21,HIGH,CWE-121;CWE-502 -CVE-2024-47197,2024-09-26T09:31:42Z,"Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials","org.apache.maven.plugins:maven-archetype-plugin",3.2.1,3.3.0,LOW,CWE-200;CWE-922 -CVE-2024-47535,2024-11-12T19:53:17Z,"Denial of Service attack on windows app using netty",io.netty:netty-common,0,4.1.115,MODERATE,CWE-400 -CVE-2024-47554,2024-10-03T12:30:48Z,"Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader",commons-io:commons-io,2.0,2.14.0,HIGH,CWE-400 -CVE-2024-47561,2024-10-03T12:30:48Z,"Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)",org.apache.avro:avro,0,1.11.4,CRITICAL,CWE-502 -CVE-2024-47803,2024-10-02T18:31:32Z,"Jenkins exposes multi-line secrets through error messages","org.jenkins-ci.main:jenkins-core",0,2.462.3,MODERATE,CWE-209 -CVE-2024-47803,2024-10-02T18:31:32Z,"Jenkins exposes multi-line secrets through error messages","org.jenkins-ci.main:jenkins-core",2.466,2.479,MODERATE,CWE-209 -CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",0,2.462.3,MODERATE,CWE-843;CWE-863 -CVE-2024-47804,2024-10-02T18:31:32Z,"Jenkins item creation restriction bypass vulnerability","org.jenkins-ci.main:jenkins-core",2.466,2.479,MODERATE,CWE-843;CWE-863 -CVE-2024-47805,2024-10-02T18:31:32Z,"Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission","org.jenkins-ci.plugins:credentials",0,1371.1373.v4eb,MODERATE,CWE-200;CWE-522 -CVE-2024-47805,2024-10-02T18:31:32Z,"Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission","org.jenkins-ci.plugins:credentials",1372,1381.v2c3a,MODERATE,CWE-200;CWE-522 -CVE-2024-47806,2024-10-02T18:31:32Z,"Jenkins OpenId Connect Authentication Plugin lacks audience claim validation","org.jenkins-ci.plugins:oic-auth",0,4.355.v3a,CRITICAL,CWE-287 -CVE-2024-47807,2024-10-02T18:31:32Z,"Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation","org.jenkins-ci.plugins:oic-auth",0,4.355.v3a,CRITICAL,CWE-287 -CVE-2024-47855,2024-10-04T06:30:45Z,"JSON-lib mishandles an unbalanced comment string","org.kordamp.json:json-lib-core",0,3.1.0,MODERATE, -CVE-2024-47876,2024-10-15T14:04:27Z,"SAK-50571 Sakai Kernel users created with type roleview can login as a normal user","org.sakaiproject.kernel:sakai-kernel-impl",23.0,23.3,HIGH,CWE-285 -CVE-2024-47878,2024-10-24T17:54:25Z,"OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)","org.openrefine:extensions",0,3.8.3,HIGH,CWE-79 -CVE-2024-47879,2024-10-24T17:58:53Z,"OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)",org.openrefine:main,0,3.8.3,HIGH,CWE-352;CWE-94 -CVE-2024-47880,2024-10-24T18:00:06Z,"OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand","org.openrefine:openrefine",0,3.8.3,HIGH,CWE-348;CWE-79 -CVE-2024-47881,2024-10-24T18:11:20Z,"OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)",org.openrefine:database,3.4-beta,3.8.3,HIGH, -CVE-2024-47882,2024-10-24T18:13:04Z,"OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project","org.openrefine:openrefine",0,3.8.3,MODERATE,CWE-79;CWE-81 -CVE-2024-47883,2024-10-24T18:16:43Z,"Butterfly has path/URL confusion in resource handling leading to multiple weaknesses","org.openrefine.dependencies:butterfly",0,1.2.6,CRITICAL,CWE-22;CWE-36;CWE-918 -CVE-2024-48307,2024-10-31T03:30:45Z,"JeecgBoot SQL Injection vulnerability","org.jeecgframework.boot:jeecg-boot-parent",0,,HIGH,CWE-89 -CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","com.querydsl:querydsl-apt",0,,HIGH,CWE-89 -CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","com.querydsl:querydsl-jpa",0,,HIGH,CWE-89 -CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","io.github.openfeign.querydsl:querydsl-apt",0,,HIGH,CWE-89 -CVE-2024-49203,2024-11-27T19:00:53Z,"Querydsl vulnerable to HQL injection trough orderBy","io.github.openfeign.querydsl:querydsl-jpa",0,,HIGH,CWE-89 -CVE-2024-49580,2024-10-17T15:31:08Z,"JetBrains Ktor information disclosure","io.ktor:ktor-client-core-jvm",0,2.3.13,MODERATE,CWE-524 -CVE-2024-49760,2024-10-24T18:32:40Z,"OpenRefine has a path traversal in LoadLanguageCommand","org.openrefine:openrefine",0,3.8.3,HIGH,CWE-22 -CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",net.sf.mpxj:mpxj,8.3.5,13.5.1,MODERATE,CWE-22 -CVE-2024-51127,2024-11-04T18:31:23Z,"hornetq vulnerable to file overwrite, sensitive information disclosure","org.hornetq:hornetq-core-client",0,,HIGH,CWE-200 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.convertors",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.dstu2",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.dstu3",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.r4",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.r4b",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.r5",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.utilities",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51132,2024-11-05T18:32:11Z,"HAPI FHIR XML External Entity (XXE) vulnerability","ca.uhn.hapi.fhir:org.hl7.fhir.validation",0,6.4.0,HIGH,CWE-601;CWE-611 -CVE-2024-51135,2024-11-11T21:31:48Z,"powertac-server XML External Entity vulnerability","org.powertac:server-interface",0,,HIGH,CWE-79 -CVE-2024-5165,2024-05-23T12:31:02Z,"Eclipse Ditto vulnerable to Cross-site Scripting",org.eclipse.ditto:ditto,3.0.0,3.4.5,MODERATE,CWE-79 -CVE-2024-5165,2024-05-23T12:31:02Z,"Eclipse Ditto vulnerable to Cross-site Scripting",org.eclipse.ditto:ditto,3.5.0,3.5.6,MODERATE,CWE-79 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may",0,6.4.0,HIGH,CWE-611 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.dstu3",0,6.4.0,HIGH,CWE-611 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r4",0,6.4.0,HIGH,CWE-611 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r4b",0,6.4.0,HIGH,CWE-611 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.r5",0,6.4.0,HIGH,CWE-611 -CVE-2024-52007,2024-11-08T18:49:15Z,"XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`","ca.uhn.hapi.fhir:org.hl7.fhir.utilities",0,6.4.0,HIGH,CWE-611 -CVE-2024-52316,2024-11-18T12:30:43Z,"Apache Tomcat - Authentication Bypass","org.apache.tomcat:tomcat-catalina",0,9.0.96,CRITICAL,CWE-391 -CVE-2024-52316,2024-11-18T12:30:43Z,"Apache Tomcat - Authentication Bypass","org.apache.tomcat:tomcat-catalina",10.1.0-M1,10.1.30,CRITICAL,CWE-391 -CVE-2024-52316,2024-11-18T12:30:43Z,"Apache Tomcat - Authentication Bypass","org.apache.tomcat:tomcat-catalina",11.0.0-M1,11.0.1,CRITICAL,CWE-391 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat.embed:tomcat-embed-core",10.1.27,10.1.31,MODERATE,CWE-326 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat.embed:tomcat-embed-core",11.0.0-M23,11.0.0,MODERATE,CWE-326 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat.embed:tomcat-embed-core",9.0.92,9.0.96,MODERATE,CWE-326 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat:tomcat-coyote",10.1.27,10.1.31,MODERATE,CWE-326 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat:tomcat-coyote",11.0.0-M23,11.0.0,MODERATE,CWE-326 -CVE-2024-52317,2024-11-18T12:30:43Z,"Apache Tomcat Request and/or response mix-up","org.apache.tomcat:tomcat-coyote",9.0.92,9.0.96,MODERATE,CWE-326 -CVE-2024-52318,2024-11-18T15:33:20Z,"Apache Tomcat - XSS in generated JSPs","org.apache.tomcat:tomcat-jasper",10.1.31,10.1.32,MODERATE,CWE-326 -CVE-2024-52318,2024-11-18T15:33:20Z,"Apache Tomcat - XSS in generated JSPs","org.apache.tomcat:tomcat-jasper",11.0.0,11.0.1,MODERATE,CWE-326 -CVE-2024-52318,2024-11-18T15:33:20Z,"Apache Tomcat - XSS in generated JSPs","org.apache.tomcat:tomcat-jasper",9.0.96,9.0.97,MODERATE,CWE-326 -CVE-2024-52506,2024-11-18T20:02:26Z,"Graylog concurrent PDF report rendering can leak other users' reports","org.graylog:graylog-parent",6.1.0,6.1.2,HIGH,CWE-200 -CVE-2024-52549,2024-11-13T21:30:38Z,"Missing permission check in Jenkins Script Security Plugin ","org.jenkins-ci.plugins:script-security",0,1368.vb,MODERATE,CWE-306;CWE-862 -CVE-2024-52550,2024-11-13T21:30:38Z,"Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin ","org.jenkins-ci.plugins.workflow:workflow-cps",0,3993.v3e20a,HIGH,CWE-285;CWE-354 -CVE-2024-52551,2024-11-13T21:30:38Z,"Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin ","org.jenkinsci.plugins:pipeline-model-parent",0,2.2218.v56d0cda,HIGH,CWE-276;CWE-285 -CVE-2024-52552,2024-11-13T21:30:38Z,"Stored XSS vulnerability in Jenkins Authorize Project Plugin ","org.jenkins-ci.plugins:authorize-project",0,1.8.0,HIGH,CWE-79 -CVE-2024-52553,2024-11-13T21:30:38Z,"Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin","org.jenkins-ci.plugins:oic-auth",0,4.421.v5422614eb,HIGH,CWE-384;CWE-613 -CVE-2024-52554,2024-11-13T21:30:38Z,"Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin ","io.jenkins.plugins:shared-library-version-override",0,19.v3a,HIGH,CWE-862 -CVE-2024-5273,2024-05-24T18:52:08Z,"Jenkins Report Info Plugin Path Traversal vulnerability","org.jenkins-ci.plugins:report-info",0,,LOW,CWE-22 -CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",11.4,13.10,MODERATE,CWE-770 -CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",14.0,14.3,MODERATE,CWE-770 -CVE-2024-52797,2024-11-20T22:46:53Z,"Searching Opencast may cause a denial of service","org.opencastproject:opencast-elasticsearch-impl",15.0,,MODERATE,CWE-770 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability","org.verapdf:core-arlington",0,,LOW,CWE-611 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability","org.verapdf:verapdf-library-arlington",0,,LOW,CWE-611 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability","org.verapdf:verapdf-library-jakarta",0,,LOW,CWE-611 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability","org.verapdf:verapdf.library",0,,LOW,CWE-611 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability",org.verapdf:core,0,,LOW,CWE-611 -CVE-2024-52800,2024-12-02T17:15:24Z,"veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability",org.verapdf:core-jakarta,0,,LOW,CWE-611 -CVE-2024-53267,2024-11-26T16:38:18Z,"sigstore-java has vulnerability with bundle verification","dev.sigstore:sigstore-java",1.0.0,1.1.0,MODERATE,CWE-345;CWE-347 -CVE-2024-53677,2024-12-11T18:30:42Z,"Apache Struts file upload logic is flawed","org.apache.struts:struts2-core",0,6.4.0,CRITICAL,CWE-22;CWE-434 -CVE-2024-53990,2024-12-02T20:04:43Z,"AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s","org.asynchttpclient:async-http-client",2.1.0,3.0.1,CRITICAL,CWE-287 -CVE-2024-54003,2024-11-27T18:34:04Z,"Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability","io.jenkins.plugins:simple-queue",0,1.4.5,HIGH,CWE-79 -CVE-2024-54004,2024-11-27T18:34:04Z,"Jenkins Filesystem List Parameter Plugin has Path Traversal vulnerability","aendter.jenkins.plugins:filesystem-list-parameter-plugin",0,0.0.15,MODERATE,CWE-22 -CVE-2024-54140,2024-12-05T22:22:49Z,"sigstore-java has a vulnerability with bundle verification","dev.sigstore:sigstore-java",0,1.2.0,LOW,CWE-20 -CVE-2024-5520,2024-05-30T19:49:04Z,"OpenCMS Cross-Site Scripting vulnerability",org.opencms:opencms-core,16.0,17.0,MODERATE,CWE-79 -CVE-2024-55662,2024-12-12T19:23:04Z,"XWiki allows remote code execution through the extension sheet","org.xwiki.platform:xwiki-platform-repository-server-ui",16.0.0-rc-1,16.3.0,CRITICAL,CWE-863;CWE-96 -CVE-2024-55662,2024-12-12T19:23:04Z,"XWiki allows remote code execution through the extension sheet","org.xwiki.platform:xwiki-platform-repository-server-ui",3.3-milestone-1,15.10.9,CRITICAL,CWE-863;CWE-96 -CVE-2024-55663,2024-12-12T19:22:12Z,"XWiki Platform has an SQL injection in getdocuments.vm with sort parameter","org.xwiki.platform:xwiki-platform-distribution-war",11.10.6,13.10.5,HIGH,CWE-116 -CVE-2024-55663,2024-12-12T19:22:12Z,"XWiki Platform has an SQL injection in getdocuments.vm with sort parameter","org.xwiki.platform:xwiki-platform-distribution-war",14.0-rc-1,14.3-rc-1,HIGH,CWE-116 -CVE-2024-55875,2024-12-12T19:22:01Z,"http4k has a potential XXE (XML External Entity Injection) vulnerability","org.http4k:http4k-format-xml",0,4.50.0.0,CRITICAL,CWE-200;CWE-611;CWE-918 -CVE-2024-55875,2024-12-12T19:22:01Z,"http4k has a potential XXE (XML External Entity Injection) vulnerability","org.http4k:http4k-format-xml",5.0.0.0,5.41.0.0,CRITICAL,CWE-200;CWE-611;CWE-918 -CVE-2024-55876,2024-12-12T19:21:16Z,"XWiki's scheduler in subwiki allows scheduling operations for any main wiki user","org.xwiki.platform:xwiki-platform-scheduler-ui",1.2-milestone-2,15.10.9,MODERATE,CWE-862 -CVE-2024-55876,2024-12-12T19:21:16Z,"XWiki's scheduler in subwiki allows scheduling operations for any main wiki user","org.xwiki.platform:xwiki-platform-scheduler-ui",16.0.0-rc-1,16.3.0,MODERATE,CWE-862 -CVE-2024-55877,2024-12-12T19:21:06Z,"XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList","org.xwiki.platform:xwiki-platform-help-ui",16.0.0-rc-1,16.4.1,CRITICAL,CWE-96 -CVE-2024-55877,2024-12-12T19:21:06Z,"XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList","org.xwiki.platform:xwiki-platform-help-ui",16.5.0-rc-1,16.5.0,CRITICAL,CWE-96 -CVE-2024-55877,2024-12-12T19:21:06Z,"XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList","org.xwiki.platform:xwiki-platform-help-ui",9.7-rc-1,15.10.11,CRITICAL,CWE-96 -CVE-2024-55879,2024-12-12T19:20:56Z,"XWiki allows RCE from script right in configurable sections","org.xwiki.platform:xwiki-platform-administration-ui",16.0.0-rc-1,16.3.0,CRITICAL,CWE-862 -CVE-2024-55879,2024-12-12T19:20:56Z,"XWiki allows RCE from script right in configurable sections","org.xwiki.platform:xwiki-platform-administration-ui",2.3,15.10.9,CRITICAL,CWE-862 -CVE-2024-55887,2024-12-13T20:35:57Z,"Ucum-java has an XXE vulnerability in XML parsing",org.fhir:ucum,0,1.0.9,HIGH,CWE-611 -CVE-2024-5967,2024-06-21T15:52:38Z,"Keycloak leaks configured LDAP bind credentials through the Keycloak admin console","org.keycloak:keycloak-ldap-federation",0,22.0.12,LOW,CWE-276 -CVE-2024-5967,2024-06-21T15:52:38Z,"Keycloak leaks configured LDAP bind credentials through the Keycloak admin console","org.keycloak:keycloak-ldap-federation",23.0.0,24.0.6,LOW,CWE-276 -CVE-2024-5967,2024-06-21T15:52:38Z,"Keycloak leaks configured LDAP bind credentials through the Keycloak admin console","org.keycloak:keycloak-ldap-federation",25.0.0,25.0.1,LOW,CWE-276 -CVE-2024-5971,2024-07-08T21:31:40Z,"Undertow Denial of Service vulnerability","io.undertow:undertow-core",0,2.2.34.Final,HIGH,CWE-674 -CVE-2024-5971,2024-07-08T21:31:40Z,"Undertow Denial of Service vulnerability","io.undertow:undertow-core",2.3.0.Alpha1,2.3.15.Final,HIGH,CWE-674 -CVE-2024-6162,2024-06-20T15:31:19Z,"Undertow's url-encoded request path information can be broken on ajp-listener","io.undertow:undertow-core",0,2.3.14.Final,HIGH,CWE-400 -CVE-2024-6162,2024-06-20T15:31:19Z,"Undertow's url-encoded request path information can be broken on ajp-listener","io.undertow:undertow-core",2.3.0.Alpha1,2.3.14.Final,HIGH,CWE-400 -CVE-2024-6484,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability","org.webjars.npm:bootstrap",2.0.0,,MODERATE,CWE-79 -CVE-2024-6484,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",org.webjars:bootstrap,2.0.0,,MODERATE,CWE-79 -CVE-2024-6531,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability","org.webjars.npm:bootstrap",4.0.0,5.0.0,MODERATE,CWE-79 -CVE-2024-6531,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",org.webjars:bootstrap,4.0.0,5.0.0,MODERATE,CWE-79 -CVE-2024-6762,2024-10-14T21:07:29Z,"Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks","org.eclipse.jetty:jetty-servlets",10.0.0,10.0.18,LOW,CWE-400;CWE-770 -CVE-2024-6762,2024-10-14T21:07:29Z,"Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks","org.eclipse.jetty:jetty-servlets",11.0.0,11.0.18,LOW,CWE-400;CWE-770 -CVE-2024-6762,2024-10-14T21:07:29Z,"Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks","org.eclipse.jetty:jetty-servlets",12.0.0,12.0.4,LOW,CWE-400;CWE-770 -CVE-2024-6763,2024-10-14T21:11:43Z,"Eclipse Jetty URI parsing of invalid authority","org.eclipse.jetty:jetty-http",7.0.0,12.0.12,MODERATE,CWE-1286 -CVE-2024-6960,2024-07-21T12:30:48Z,"H2O vulnerable to Deserialization of Untrusted Data",ai.h2o:h2o-core,0,,HIGH,CWE-502 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-java",0,3.25.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-java",4.0.0.rc.1,4.27.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-java",4.28.0.rc.1,4.28.2,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-javalite",0,3.25.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-javalite",4.0.0.rc.1,4.27.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-javalite",4.28.0.rc.1,4.28.2,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",0,3.25.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",4.0.0.rc.1,4.27.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin",4.28.0.rc.1,4.28.2,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",0,3.25.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",4.0.0.rc.1,4.27.5,HIGH,CWE-20 -CVE-2024-7254,2024-09-19T16:06:03Z,"protobuf-java has potential Denial of Service issue","com.google.protobuf:protobuf-kotlin-lite",4.28.0.rc.1,4.28.2,HIGH,CWE-20 -CVE-2024-7260,2024-09-09T21:31:22Z,"Keycloak Open Redirect vulnerability","org.keycloak:keycloak-core",0,24.0.7,MODERATE,CWE-601 -CVE-2024-7318,2024-09-09T21:31:22Z,"Keycloak Uses a Key Past its Expiration Date","org.keycloak:keycloak-core",0,24.0.7,MODERATE,CWE-324 -CVE-2024-7341,2024-09-09T21:31:22Z,"Keycloak Session Fixation vulnerability","org.keycloak:keycloak-services",0,22.0.12,HIGH,CWE-384 -CVE-2024-7341,2024-09-09T21:31:22Z,"Keycloak Session Fixation vulnerability","org.keycloak:keycloak-services",23.0.0,24.0.7,HIGH,CWE-384 -CVE-2024-7341,2024-09-09T21:31:22Z,"Keycloak Session Fixation vulnerability","org.keycloak:keycloak-services",25.0.0,25.0.5,HIGH,CWE-384 -CVE-2024-7885,2024-08-21T15:30:54Z,"Undertow vulnerable to Race Condition","io.undertow:undertow-core",0,2.2.36.Final,HIGH,CWE-362 -CVE-2024-7885,2024-08-21T15:30:54Z,"Undertow vulnerable to Race Condition","io.undertow:undertow-core",2.3.0.Alpha1,2.3.17.Final,HIGH,CWE-362 -CVE-2024-8184,2024-10-14T21:08:38Z,"Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks","org.eclipse.jetty:jetty-server",10.0.0,10.0.24,MODERATE,CWE-400;CWE-770 -CVE-2024-8184,2024-10-14T21:08:38Z,"Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks","org.eclipse.jetty:jetty-server",11.0.0,11.0.24,MODERATE,CWE-400;CWE-770 -CVE-2024-8184,2024-10-14T21:08:38Z,"Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks","org.eclipse.jetty:jetty-server",12.0.0,12.0.9,MODERATE,CWE-400;CWE-770 -CVE-2024-8184,2024-10-14T21:08:38Z,"Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks","org.eclipse.jetty:jetty-server",9.3.12,9.4.56,MODERATE,CWE-400;CWE-770 -CVE-2024-8285,2024-08-31T00:31:05Z,"Missing hostname validation in Kroxylicious","io.kroxylicious:kroxylicious-runtime",0,0.8.0,MODERATE,CWE-295;CWE-297 -CVE-2024-8391,2024-09-04T18:30:58Z,"Vertx gRPC server does not limit the maximum message size","io.vertx:vertx-grpc-client",4.3.0,4.5.10,MODERATE,CWE-770 -CVE-2024-8391,2024-09-04T18:30:58Z,"Vertx gRPC server does not limit the maximum message size","io.vertx:vertx-grpc-server",4.3.0,4.5.10,MODERATE,CWE-770 -CVE-2024-8642,2024-09-11T15:31:12Z,"Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit","org.eclipse.edc:transfer-data-plane",0.5.0,0.9.0,MODERATE,CWE-287;CWE-303 -CVE-2024-8646,2024-09-11T15:31:12Z,"Eclipse Glassfish URL redirection vulnerability","org.glassfish.main.web:web-core",0,7.0.10,MODERATE,CWE-601 -CVE-2024-8698,2024-09-19T18:30:52Z,"Keycloak SAML signature validation flaw","org.keycloak:keycloak-saml-core",0,25.0.6,MODERATE,CWE-347 -CVE-2024-8883,2024-09-19T18:30:52Z,"Keycloak Open Redirect vulnerability","org.keycloak:keycloak-services",0,25.0.6,HIGH,CWE-601 -CVE-2024-9329,2024-09-30T09:30:47Z,"Eclipse Glassfish improperly handles http parameters","org.glassfish.main.admin:rest-service",0,7.0.17,MODERATE,CWE-233;CWE-601 -CVE-2024-9621,2024-10-08T18:33:14Z,"Quarkus CXF logs passwords and other secrets","io.quarkiverse.cxf:quarkus-cxf",0,3.15.2,MODERATE,CWE-532 -CVE-2024-9622,2024-10-08T18:33:14Z,"HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4","org.jboss.resteasy:resteasy-netty4-cdi",0,,MODERATE,CWE-444 -CVE-2024-9666,2024-11-25T19:39:12Z,"Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",0,,MODERATE,CWE-444 -CVE-2024-9666,2024-11-25T19:39:12Z,"Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-444 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee10:jetty-ee10-servlets",12.0.0,12.0.3,MODERATE,CWE-400 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee8:jetty-ee8-servlets",12.0.0,12.0.3,MODERATE,CWE-400 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty.ee9:jetty-ee9-servlets",12.0.0,12.0.3,MODERATE,CWE-400 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty:jetty-servlets",10.0.0,10.0.18,MODERATE,CWE-400 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty:jetty-servlets",11.0.0,11.0.18,MODERATE,CWE-400 -CVE-2024-9823,2024-10-14T15:30:46Z,"Eclipse Jetty has a denial of service vulnerability on DosFilter","org.eclipse.jetty:jetty-servlets",9.0.0,9.4.54,MODERATE,CWE-400 -GHSA-227w-wv4j-67h4,2022-02-09T22:30:30Z,"Class Loading Vulnerability in Artemis","de.tum.in.ase:artemis-java-test-sandbox",0,1.8.0,HIGH,CWE-501;CWE-653 -GHSA-2gh6-wc3m-g37f,2024-09-17T19:29:24Z,"hermes-management is vulnerable to RCE due to Apache commons-jxpath","pl.allegro.tech.hermes:hermes-management",0,2.2.9,CRITICAL,CWE-1395 -GHSA-2pwh-52h7-7j84,2021-04-16T19:52:49Z,"JavaScript execution via malicious molfiles (XSS)","de.ipb-halle:molecularfaces",0,0.3.0,MODERATE,CWE-79 -GHSA-35fr-h7jr-hh86,2019-12-06T18:55:47Z,"Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria","com.linecorp.armeria:armeria",0.85.0,0.97.0,MODERATE,CWE-113;CWE-74 -GHSA-3h5r-928v-mxhh,2021-04-19T14:49:13Z,"Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11",com.vaadin:vaadin-bom,10.0.0,10.0.8,LOW,CWE-754 -GHSA-3h5r-928v-mxhh,2021-04-19T14:49:13Z,"Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11",com.vaadin:vaadin-bom,11.0.0,11.0.3,LOW,CWE-754 -GHSA-3mq5-fq9h-gj7j,2022-09-17T00:00:41Z,"Duplicate Advisory: Denial of Service due to parser crash","com.thoughtworks.xstream:xstream",0,,LOW, -GHSA-3pg4-qwc8-426r,2024-10-24T18:30:00Z,"OpenRefine leaks Google API credentials in releases","org.openrefine:openrefine",0,3.8.3,HIGH,CWE-522 -GHSA-3qpm-h9ch-px3c,2022-01-06T18:31:23Z,"Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library","org.powernukkit:powernukkit",0,1.5.2.1,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-3w6p-8f82-gw8r,2021-12-17T20:42:38Z,"Using JMSAppender in log4j configuration may lead to deserialization of untrusted data","ru.yandex.clickhouse:clickhouse-jdbc-bridge",0,2.0.7,HIGH,CWE-502 -GHSA-4m5p-5w5w-3jcf,2022-10-12T20:13:46Z,"com.enonic.xp:lib-auth vulnerable to Session Fixation",com.enonic.xp:lib-auth,0,7.7.4,CRITICAL,CWE-384 -GHSA-4vc8-pg5c-vg4x,2024-06-12T19:41:05Z,"Keycloak's improper input validation allows using email as username","org.keycloak:keycloak-services",0,24.0.1,LOW,CWE-670 -GHSA-4vrx-8phj-x3mg,2024-06-03T18:30:50Z,"Duplicate Advisory: Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)","org.keycloak:keycloak-services",0,24.0.5,HIGH,CWE-200 -GHSA-54r5-wr8x-x5v3,2022-12-20T00:30:27Z,"Duplicate Advisory: Apiman has insufficient checks for read permissions","io.apiman:apiman-manager-api-rest-impl",1.5.7,3.0.0.Final,HIGH,CWE-276;CWE-280 -GHSA-55xh-53m6-936r,2021-06-01T21:17:36Z,"Improper Verification of Cryptographic Signature in aws-encryption-sdk-java","com.amazonaws:aws-encryption-sdk-java",0,1.9.0,MODERATE,CWE-347 -GHSA-55xh-53m6-936r,2021-06-01T21:17:36Z,"Improper Verification of Cryptographic Signature in aws-encryption-sdk-java","com.amazonaws:aws-encryption-sdk-java",2.0.0,2.2.0,MODERATE,CWE-347 -GHSA-58qw-p7qm-5rvh,2023-07-10T21:52:39Z,"Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations","org.eclipse.jetty:jetty-xml",0,9.4.52.v20230823,LOW,CWE-611 -GHSA-58qw-p7qm-5rvh,2023-07-10T21:52:39Z,"Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations","org.eclipse.jetty:jetty-xml",10.0.0-alpha0,10.0.16,LOW,CWE-611 -GHSA-58qw-p7qm-5rvh,2023-07-10T21:52:39Z,"Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations","org.eclipse.jetty:jetty-xml",11.0.0-alpha0,11.0.16,LOW,CWE-611 -GHSA-58qw-p7qm-5rvh,2023-07-10T21:52:39Z,"Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations","org.eclipse.jetty:jetty-xml",12.0.0.alpha0,12.0.0,LOW,CWE-611 -GHSA-5968-qw33-h47j,2023-12-15T00:31:03Z,"Duplicate Advisory: Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri","org.keycloak:keycloak-services",0,23.0.3,MODERATE,CWE-75 -GHSA-5c6q-f783-h888,2022-09-30T00:00:20Z,"Duplicate Advisory: AWS Redshift JDBC Driver fails to validate class type during object instantiation","com.amazon.redshift:redshift-jdbc42",0,2.1.0.8,HIGH,CWE-704 -GHSA-5rxp-2rhr-qwqv,2024-10-14T20:55:49Z,"Session fixation in Elytron SAML adapters","org.keycloak:keycloak-services",0,22.0.12,HIGH,CWE-384 -GHSA-5rxp-2rhr-qwqv,2024-10-14T20:55:49Z,"Session fixation in Elytron SAML adapters","org.keycloak:keycloak-services",23.0.0,24.0.7,HIGH,CWE-384 -GHSA-5rxp-2rhr-qwqv,2024-10-14T20:55:49Z,"Session fixation in Elytron SAML adapters","org.keycloak:keycloak-services",25.0.0,25.0.5,HIGH,CWE-384 -GHSA-5vjc-qx43-r747,2022-03-18T23:57:52Z,"Stored Cross-site Scripting in folder-auth plugin","io.jenkins.plugins:folder-auth",0,1.4,MODERATE,CWE-79 -GHSA-5x5q-8cgm-2hjq,2023-03-31T22:44:09Z,"Karate has vulnerable dependency on json-smart package (CVE-2023-1370)","com.intuit.karate:karate-core",1.3.1,1.4.0,HIGH,CWE-674 -GHSA-673j-qm5f-xpv8,2022-02-16T00:08:18Z,"pgjdbc Arbitrary File Write Vulnerability","org.postgresql:postgresql",42.1.0,42.3.3,MODERATE, -GHSA-6g3j-p5g6-992f,2023-12-01T19:23:32Z,"OpenSearch StackOverflow vulnerability","org.opensearch:opensearch",0,1.3.14,MODERATE, -GHSA-6g3j-p5g6-992f,2023-12-01T19:23:32Z,"OpenSearch StackOverflow vulnerability","org.opensearch:opensearch",2.0.0,2.11.1,MODERATE, -GHSA-6hgr-2g6q-3rmc,2021-04-22T16:11:26Z,"Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19",com.vaadin:flow-client,5.0.0,6.0.5,MODERATE,CWE-287 -GHSA-6vrw-mpj8-3j59,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",0,24.0.9,LOW,CWE-73 -GHSA-6vrw-mpj8-3j59,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Path Traversal Vulnerability Due to External Control of File Name or Path","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,LOW,CWE-73 -GHSA-72fp-w44g-625q,2023-11-09T16:02:51Z,"Signing DynamoDB Sets when using the AWS Database Encryption SDK.","software.amazon.cryptography:aws-database-encryption-sdk-dynamodb",3.0.0,3.1.1,LOW, -GHSA-755v-r4x4-qf7m,2022-11-29T23:55:23Z,"Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown","org.keycloak:keycloak-core",0,20.0.0,MODERATE,CWE-80 -GHSA-76f4-fw33-6j2v,2021-04-19T14:48:26Z,"Potential sensitive data exposure in applications using Vaadin 15",com.vaadin:vaadin-bom,15.0.0,15.0.5,LOW,CWE-200 -GHSA-7c2q-5qmr-v76q,2023-10-27T21:55:44Z,"DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998",org.owasp.esapi:esapi,0,2.5.2.0,HIGH, -GHSA-7qfm-6m33-rgg9,2021-08-13T15:21:59Z,"XML External Entity Reference","com.epam.reportportal:service-api",0,4.3.12,HIGH,CWE-611 -GHSA-7qfm-6m33-rgg9,2021-08-13T15:21:59Z,"XML External Entity Reference","com.epam.reportportal:service-api",5.0.0,5.1.1,HIGH,CWE-611 -GHSA-82j3-hf72-7x93,2024-11-04T23:23:08Z,"Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)","com.reposilite:reposilite-backend",3.3.0,3.5.12,HIGH,CWE-22 -GHSA-82mf-mmh7-hxp5,2021-04-19T14:48:15Z,"Directory traversal in development mode handler in Vaadin 14 and 15-17",com.vaadin:vaadin-bom,14.0.0,14.4.3,MODERATE,CWE-20 -GHSA-82mf-mmh7-hxp5,2021-04-19T14:48:15Z,"Directory traversal in development mode handler in Vaadin 14 and 15-17",com.vaadin:vaadin-bom,15.0.0,18.0.0,MODERATE,CWE-20 -GHSA-86q5-qcjc-7pv4,2023-10-03T21:54:06Z,"Presto JDBC Server-Side Request Forgery by nextUri","com.facebook.presto:presto-jdbc",0,,HIGH,CWE-918 -GHSA-883x-6fch-6wjx,2022-01-21T23:39:19Z,"Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares","de.tum.in.ase:artemis-java-test-sandbox",0,1.7.6,HIGH, -GHSA-8hxh-r6f7-jf45,2020-10-16T17:03:43Z,"Memory exhaustion in http4s-async-http-client with large or malicious compressed responses","org.http4s:http4s-async-http-client_2.12",0,0.21.8,LOW,CWE-400 -GHSA-8hxh-r6f7-jf45,2020-10-16T17:03:43Z,"Memory exhaustion in http4s-async-http-client with large or malicious compressed responses","org.http4s:http4s-async-http-client_2.13",0,0.21.8,LOW,CWE-400 -GHSA-8vfw-v2jv-9hwc,2021-06-28T16:52:45Z,"Reflected cross-site scripting in development mode handler in Vaadin",com.vaadin:flow-server,2.0.0,2.6.2,LOW,CWE-172 -GHSA-8vfw-v2jv-9hwc,2021-06-28T16:52:45Z,"Reflected cross-site scripting in development mode handler in Vaadin",com.vaadin:flow-server,3.0.0,6.0.10,LOW,CWE-172 -GHSA-8wm9-24qg-m5qj,2024-09-03T21:31:12Z,"Duplicate Advisory: Keycloak has a brute force login protection bypass","org.keycloak:keycloak-services",0,24.0.4,MODERATE,CWE-837 -GHSA-8wx3-324g-w4qq,2023-10-17T14:24:48Z,"OpenSearch uncontrolled resource consumption","org.opensearch.plugin:opensearch-security",0,1.3.14.0,HIGH,CWE-400 -GHSA-8wx3-324g-w4qq,2023-10-17T14:24:48Z,"OpenSearch uncontrolled resource consumption","org.opensearch.plugin:opensearch-security",2.0.0.0,2.11.0.0,HIGH,CWE-400 -GHSA-94g7-hpv8-h9qm,2021-12-14T21:46:35Z,"Remote code injection in Log4j","com.splunk.logging:splunk-library-javalogging",0,1.11.1,CRITICAL, -GHSA-98hq-4wmw-98w9,2023-02-10T23:52:13Z,"Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox","de.tum.in.ase:artemis-java-test-sandbox",0,1.11.2,HIGH,CWE-284 -GHSA-9h6g-6mxg-vvp4,2021-04-19T14:47:18Z,"Timing side channel vulnerability in endpoint request handler in Vaadin 15-19",com.vaadin:vaadin-bom,15.0.0,18.0.7,MODERATE,CWE-208 -GHSA-9h6g-6mxg-vvp4,2021-04-19T14:47:18Z,"Timing side channel vulnerability in endpoint request handler in Vaadin 15-19",com.vaadin:vaadin-bom,19.0.0,19.0.1,MODERATE,CWE-208 -GHSA-9vm7-v8wj-3fqw,2024-01-23T14:43:50Z,"keycloak-core: open redirect via ""form_post.jwt"" JARM response mode","org.keycloak:keycloak-core",0,23.0.4,MODERATE,CWE-601 -GHSA-9vx8-f5c4-862x,2023-02-24T17:39:18Z,"XML External Entity (XXE) vulnerability in apoc.import.graphml",org.neo4j.procedure:apoc,0,4.4.0.14,MODERATE,CWE-611 -GHSA-9vx8-f5c4-862x,2023-02-24T17:39:18Z,"XML External Entity (XXE) vulnerability in apoc.import.graphml",org.neo4j.procedure:apoc,5.0.0,5.5.0,MODERATE,CWE-611 -GHSA-9wx7-jrvc-28mm,2021-11-08T21:51:18Z,"Signature verification vulnerability in Stark Bank ecdsa libraries",com.starkbank:ecdsa-java,1.0.0,1.0.1,HIGH,CWE-347 -GHSA-c57f-4vp2-jqhm,2021-05-06T15:27:04Z,"Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19",com.vaadin:flow-server,2.0.9,2.5.3,MODERATE,CWE-379 -GHSA-c57f-4vp2-jqhm,2021-05-06T15:27:04Z,"Insecure temporary directory usage in frontend build functionality of Vaadin 14 and 15-19",com.vaadin:flow-server,3.0.0,6.0.6,MODERATE,CWE-379 -GHSA-c6c4-7x48-4cqp,2021-04-19T14:47:47Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:vaadin-bom,10.0.0,10.0.17,MODERATE,CWE-208 -GHSA-c6c4-7x48-4cqp,2021-04-19T14:47:47Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:vaadin-bom,11.0.0,14.4.7,MODERATE,CWE-208 -GHSA-c6c4-7x48-4cqp,2021-04-19T14:47:47Z,"Timing side channel vulnerability in UIDL request handler in Vaadin 10, 11-14, and 15-18",com.vaadin:vaadin-bom,15.0.0,18.0.6,MODERATE,CWE-208 -GHSA-c892-cwq6-qrqf,2023-05-26T18:30:21Z,"Duplicate Advisory: Keycloak vulnerable to untrusted certificate validation","org.keycloak:keycloak-core",0,,MODERATE,CWE-295 -GHSA-c8m9-mh38-97p9,2021-02-24T19:40:41Z,"XML external entity (XXE) vulnerability",org.jpmml:pmml-model,0,1.4.3,HIGH, -GHSA-cc4w-3cff-j8fw,2023-11-09T09:30:26Z,"Duplicate Advisory: Eclipse IDE XXE in eclipse.platform","org.eclipse.platform:eclipse.platform",0,4.29,MODERATE,CWE-611 -GHSA-cq42-vhv7-xr7p,2024-06-12T19:42:21Z,"Keycloak Denial of Service via account lockout","org.keycloak:keycloak-services",0,24.0.0,LOW,CWE-640 -GHSA-crh4-294p-vcfq,2021-04-19T14:53:20Z,"Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17","com.vaadin:vaadin-text-field-flow",2.0.4,2.3.3,HIGH,CWE-400 -GHSA-crh4-294p-vcfq,2021-04-19T14:53:20Z,"Regular expression denial of service (ReDoS) in EmailField component in Vaadin 14 and 15-17","com.vaadin:vaadin-text-field-flow",3.0.0,4.0.3,HIGH,CWE-400 -GHSA-crjg-w57m-rqqf,2024-07-22T17:30:19Z,"DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks",dnsjava:dnsjava,3.5.0,3.6.0,HIGH,CWE-770 -GHSA-crjg-w57m-rqqf,2024-07-22T17:30:19Z,"DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks",org.jitsi:dnssecjava,0,,HIGH,CWE-770 -GHSA-f36p-42jv-8rh2,2022-09-30T04:53:37Z,"Lithium vulnerable to Cross Site Scripting in provided Swagger-UI",com.wire.bots:lithium,0,,HIGH,CWE-79 -GHSA-f36p-42jv-8rh2,2022-09-30T04:53:37Z,"Lithium vulnerable to Cross Site Scripting in provided Swagger-UI",com.wire:lithium,0,3.4.2,HIGH,CWE-79 -GHSA-fj2w-wfgv-mwq6,2022-01-21T23:21:48Z,"Denial of service in CBOR library",com.upokecenter:cbor,4.0.0,4.5.1,HIGH,CWE-407 -GHSA-fjh6-p566-wr6q,2022-07-21T22:35:12Z,"skylot jadx affected by Incorrect Behavior Order in vulnerable dependency","io.github.skylot:jadx-core",0,1.4.3,MODERATE,CWE-696 -GHSA-fr26-qjc8-mvjx,2021-10-13T18:56:12Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:flow-server,1.0.0,1.0.15,MODERATE, -GHSA-fr26-qjc8-mvjx,2021-10-13T18:56:12Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:flow-server,1.1.0,2.6.2,MODERATE, -GHSA-fr26-qjc8-mvjx,2021-10-13T18:56:12Z,"Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19",com.vaadin:flow-server,3.0.0,6.0.10,MODERATE, -GHSA-g8ph-74m6-8m7r,2023-05-12T20:18:51Z,"ClickHouse vulnerable to client certificate password exposure in client exception","com.clickhouse:clickhouse-client",0,0.4.6,MODERATE, -GHSA-g8ph-74m6-8m7r,2023-05-12T20:18:51Z,"ClickHouse vulnerable to client certificate password exposure in client exception","com.clickhouse:clickhouse-jdbc",0,0.4.6,MODERATE, -GHSA-g8ph-74m6-8m7r,2023-05-12T20:18:51Z,"ClickHouse vulnerable to client certificate password exposure in client exception","com.clickhouse:clickhouse-r2dbc",0,0.4.6,MODERATE, -GHSA-g8q2-24jh-5hpc,2018-07-27T14:47:52Z,"High severity vulnerability that affects jquery-ui","org.webjars.npm:jquery-ui",0,1.12.0,HIGH, -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security.xsuaa:spring-xsuaa",0,2.17.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security.xsuaa:spring-xsuaa",3.0.0,3.3.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:java-security",0,2.17.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:java-security",3.0.0,3.3.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:spring-security",0,2.17.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gcgw-q47m-prvj,2023-12-12T03:31:45Z,"Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library ","com.sap.cloud.security:spring-security",3.0.0,3.3.0,CRITICAL,CWE-269;CWE-639;CWE-749 -GHSA-gmrm-8fx4-66x7,2024-06-18T12:30:42Z,"Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials","org.keycloak:keycloak-core",0,,LOW,CWE-276 -GHSA-h6wq-jw7q-grxv,2021-02-24T19:38:21Z,"Elliptic Curve Key Disclosure",org.bitbucket.b_c:jose4j,0.3.6,0.5.5,HIGH, -GHSA-hvp5-5x4f-33fq,2024-04-22T15:56:04Z,"JADX file override vulnerability","io.github.skylot:jadx-core",0,1.5.0,LOW,CWE-22 -GHSA-hw7r-qrhp-5pff,2021-08-30T16:16:46Z,"Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20",com.vaadin:vaadin-bom,12.0.0,14.6.8,MODERATE, -GHSA-hw7r-qrhp-5pff,2021-08-30T16:16:46Z,"Unauthorized property update in CheckboxGroup component in Vaadin 12-14 and 15-20",com.vaadin:vaadin-bom,15.0.0,20.0.6,MODERATE, -GHSA-hwvm-vfw8-93mw,2021-12-16T18:53:32Z,"Vulnerable dependency in XTDB connector","org.odpi.egeria:egeria-connector-xtdb",0,3.5,MODERATE, -GHSA-hx5q-v6pj-533r,2024-02-26T20:04:50Z,"SAML authentication bypass due to missing validation on unsigned SAML messages","com.linecorp.centraldogma:centraldogma-server-auth-saml",0,0.64.3,CRITICAL,CWE-1395 -GHSA-j23j-q57m-63v3,2021-10-13T18:54:50Z,"Denial of service in DataCommunicator class in Vaadin 8",com.vaadin:vaadin-server,8.0.0,8.14.1,MODERATE,CWE-400 -GHSA-j3x3-r585-4qhg,2024-11-25T09:30:58Z,"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",0,24.0.9,MODERATE,CWE-1333 -GHSA-j3x3-r585-4qhg,2024-11-25T09:30:58Z,"Duplicate Advisory: org.keycloak:keycloak-services has Inefficient Regular Expression Complexity","org.keycloak:keycloak-services",25.0.0,26.0.6,MODERATE,CWE-1333 -GHSA-j7c3-96rf-jrrp,2021-12-16T21:01:51Z,"Critical vulnerability in log4j may affect generated PEAR projects","de.averbis.textanalysis:pear-archetype",2.0.0,2.0.1,CRITICAL, -GHSA-j9wr-49vq-rm5g,2021-04-19T14:46:49Z,"Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19",com.vaadin:vaadin-bom,12.0.0,14.4.10,HIGH,CWE-402 -GHSA-j9wr-49vq-rm5g,2021-04-19T14:46:49Z,"Server classes and resources exposure in OSGi applications using Vaadin 12-14 and 19",com.vaadin:vaadin-bom,19.0.0,19.0.1,HIGH,CWE-402 -GHSA-jcgg-mg9g-p9wf,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",0,24.0.9,MODERATE,CWE-798 -GHSA-jcgg-mg9g-p9wf,2024-11-25T09:30:58Z,"Duplicate Advisory: Keycloak Build Process Exposes Sensitive Data","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-798 -GHSA-jfmf-w293-8xr8,2021-10-13T18:55:52Z,"Regular expression Denial of Service (ReDoS) in EmailValidator class in V7 compatibility module in Vaadin 8",com.vaadin:vaadin-bom,8.0.0,8.13.0,HIGH, -GHSA-jgvc-jfgh-rjvv,2023-04-27T23:52:54Z,"Chosen Ciphertext Attack in Jose4j",org.bitbucket.b_c:jose4j,0,0.9.3,MODERATE,CWE-327 -GHSA-jqj4-r483-4gvr,2021-04-19T14:48:51Z,"Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13",com.vaadin:vaadin-bom,10.0.0,10.0.14,MODERATE,CWE-81 -GHSA-jqj4-r483-4gvr,2021-04-19T14:48:51Z,"Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13",com.vaadin:vaadin-bom,11.0.0,13.0.6,MODERATE,CWE-81 -GHSA-m8v7-469p-5x89,2023-07-25T14:44:27Z,"Hard-coded System User Credentials in Folio Data Export Spring module ","org.folio:mod-remote-storage",0,1.7.2,MODERATE, -GHSA-m8v7-469p-5x89,2023-07-25T14:44:27Z,"Hard-coded System User Credentials in Folio Data Export Spring module ","org.folio:mod-remote-storage",2.0.0,2.0.3,MODERATE, -GHSA-m98g-63qj-fp8j,2022-04-28T21:01:28Z,"Reflected XSS on clients-registrations endpoint","org.keycloak:keycloak-parent",10.0.0,18.0.0,MODERATE,CWE-79 -GHSA-mf4f-j588-5xm8,2021-12-14T21:07:14Z,"Apache Log4j Remote Code Execution","org.opencastproject:opencast-common",0,9.10,CRITICAL, -GHSA-mf4f-j588-5xm8,2021-12-14T21:07:14Z,"Apache Log4j Remote Code Execution","org.opencastproject:opencast-common",10.0,10.6,CRITICAL, -GHSA-mhgm-52vg-pvvc,2023-02-16T14:12:04Z,"Privilege escalation in Strongbox","com.schibsted.security:strongbox-sdk",0,0.5.0,MODERATE,CWE-269 -GHSA-mm44-wc5p-wqhq,2020-07-07T16:45:24Z,"Denial of service due to reference expansion in versions earlier than 4.0",com.upokecenter:cbor,0,4.0.0,HIGH, -GHSA-mmwx-rj87-vfgr,2024-07-22T14:46:59Z,"DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources",dnsjava:dnsjava,3.5.0,3.6.0,HIGH,CWE-400 -GHSA-mmwx-rj87-vfgr,2024-07-22T14:46:59Z,"DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources",org.jitsi:dnssecjava,0,,HIGH,CWE-400 -GHSA-mpcw-3j5p-p99x,2024-10-24T18:27:50Z,"Butterfly's parseJSON, getJSON functions eval malicious input, leading to remote code execution (RCE)","org.openrefine.dependencies:butterfly",0,1.2.6,MODERATE,CWE-185;CWE-95 -GHSA-mwm4-5qwr-g9pf,2022-04-28T21:00:31Z,"Keycloak is vulnerable to IDN homograph attack","org.keycloak:keycloak-services",0,18.0.0,LOW,CWE-284 -GHSA-pcx7-8hxg-j823,2024-11-25T09:30:59Z,"Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",0,24.0.9,MODERATE,CWE-444 -GHSA-pcx7-8hxg-j823,2024-11-25T09:30:59Z,"Duplicate Advisory: Keycloak proxy header handling Denial-of-Service (DoS) vulnerability","org.keycloak:keycloak-quarkus-server",25.0.0,26.0.6,MODERATE,CWE-444 -GHSA-q2fj-6h62-59m2,2022-12-30T22:13:59Z,"Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue","io.apiman:apiman-distro-vertx",0,3.0.0.Final,HIGH, -GHSA-q2fj-6h62-59m2,2022-12-30T22:13:59Z,"Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue","io.apiman:apiman-gateway-platforms-vertx",0,3.0.0.Final,HIGH, -GHSA-q2gp-gph3-88x9,2022-08-06T00:00:42Z,"Keycloak allows arbitrary Javascript to be uploaded for SAML protocol mapper even if UPLOAD_SCRIPTS feature disabled","org.keycloak:keycloak-saml-core",0,,HIGH, -GHSA-q3vw-4jx3-rrr2,2020-09-23T17:20:09Z,"personnummer/java vulnerable to Improper Input Validation","dev.personnummer:personnummer",0,3.3.0,LOW, -GHSA-q4h9-7rxj-7gx2,2024-12-02T20:03:03Z,"Netty vulnerability included in redis lettuce",io.lettuce:lettuce-core,0,6.5.1.RELEASE,MODERATE,CWE-400 -GHSA-q594-2475-8v9f,2021-02-24T19:33:17Z,"Unencrypted passwords","org.apache.nifi:nifi-standard-processors",0,0.4.0,LOW, -GHSA-q76j-58cx-wp5v,2020-11-13T17:28:49Z,"Vulnerability in RPKI manifest validation","net.ripe.rpki:rpki-validator-3",0,3.2-2020.10.28.23.06,HIGH,CWE-20 -GHSA-q95j-488q-5q3p,2023-01-09T20:05:31Z,"Apiman Manager API affected by Jackson denial of service vulnerability","io.apiman:apiman-manager-api-impl",0,3.0.0.Final,MODERATE,CWE-787 -GHSA-qfv2-3p2f-vg48,2024-02-02T06:30:32Z,"Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage","com.linecorp.centraldogma:centraldogma-server",0,0.64.0,MODERATE, -GHSA-qqhq-8r2c-c3f5,2023-12-15T23:43:30Z,"nvdApiKey is logged in debug mode","org.owasp:dependency-check-ant",9.0.0,9.0.6,LOW,CWE-532 -GHSA-qqhq-8r2c-c3f5,2023-12-15T23:43:30Z,"nvdApiKey is logged in debug mode","org.owasp:dependency-check-cli",9.0.0,9.0.6,LOW,CWE-532 -GHSA-qqhq-8r2c-c3f5,2023-12-15T23:43:30Z,"nvdApiKey is logged in debug mode","org.owasp:dependency-check-maven",9.0.0,9.0.6,LOW,CWE-532 -GHSA-r53m-pfr5-7v87,2019-04-18T14:50:19Z,"Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed:tomcat-embed-core",8.5.0,8.5.38,MODERATE, -GHSA-r53m-pfr5-7v87,2019-04-18T14:50:19Z,"Moderate severity vulnerability that affects org.apache.tomcat.embed:tomcat-embed-core","org.apache.tomcat.embed:tomcat-embed-core",9.0.0.M1,9.0.16,MODERATE, -GHSA-r68h-jhhj-9jvm,2023-11-27T17:25:46Z,"Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year",org.owasp.esapi:esapi,0,2.6.0.0,MODERATE, -GHSA-rm7j-f5g5-27vv,2023-10-12T18:30:28Z,"Duplicate Advisory: Denial of Service in JSON-Java",org.json:json,0,20231013,HIGH,CWE-770 -GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""","com.hazelcast.jet:hazelcast-jet",4.1,4.5.3,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""",com.hazelcast:hazelcast,4.0.0,4.0.5,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""",com.hazelcast:hazelcast,4.1.1,4.1.8,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""",com.hazelcast:hazelcast,4.2,4.2.4,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-v57x-gxfj-484q,2022-01-21T23:25:04Z,"Security Advisory for ""Log4Shell""",com.hazelcast:hazelcast,5.0,5.0.2,CRITICAL,CWE-20;CWE-400;CWE-502 -GHSA-vf78-3q9f-92g3,2023-07-25T13:53:42Z,"Hard-coded System User Credentials in Folio Data Export Spring module ","org.folio:mod-data-export-spring",0,1.5.4,CRITICAL, -GHSA-vf78-3q9f-92g3,2023-07-25T13:53:42Z,"Hard-coded System User Credentials in Folio Data Export Spring module ","org.folio:mod-data-export-spring",2.0.0,2.0.2,CRITICAL, -GHSA-vhvq-jh34-3fc8,2023-01-13T06:30:22Z,"Duplicate Advisory: Keycloak allows impersonation and lockout due to email trust not being handled correctly","org.keycloak:keycloak-core",0,,MODERATE,CWE-287;CWE-841 -GHSA-w3hj-wr2q-x83g,2021-04-06T17:22:17Z,"Discovery uses the same AES/GCM Nonce throughout the session","tech.pegasys.discovery:discovery",0,0.4.5,LOW,CWE-323 -GHSA-w736-hf9p-qqh3,2021-02-08T17:43:36Z,"Key Caching behavior in the DynamoDB Encryption Client.","com.amazonaws:aws-dynamodb-encryption-java",0,1.15.0,LOW,CWE-862 -GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Results in Open Redirect","org.keycloak:keycloak-services",0,22.0.13,MODERATE,CWE-601 -GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Results in Open Redirect","org.keycloak:keycloak-services",23.0.0,24.0.8,MODERATE,CWE-601 -GHSA-w8gr-xwp4-r9f7,2024-10-14T20:55:22Z,"Vulnerable Redirect URI Validation Results in Open Redirect","org.keycloak:keycloak-services",25.0.0,25.0.6,MODERATE,CWE-601 -GHSA-w8v7-c7pm-7wfr,2022-09-02T00:01:02Z,"Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)","org.keycloak:keycloak-core",0,,MODERATE,CWE-79 -GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","com.querydsl:querydsl-apt",0,,CRITICAL,CWE-89 -GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","com.querydsl:querydsl-jpa",0,,CRITICAL,CWE-89 -GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-apt",0,,CRITICAL,CWE-89 -GHSA-wpvf-5mc3-hv6m,2024-11-20T21:30:50Z,"Duplicate Advisory: Querydsl SQL/HQL injection","io.github.openfeign.querydsl:querydsl-jpa",0,,CRITICAL,CWE-89 -GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.7.0,2.7.9.4,HIGH, -GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.8.0,2.8.11.2,HIGH, -GHSA-wrr7-33fx-rcvj,2020-06-15T18:44:56Z,"Deserialization of Untrusted Data in jackson-databind","com.fasterxml.jackson.core:jackson-databind",2.9.0,2.9.6,HIGH, -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",0,42.2.8,CRITICAL,CWE-89 -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",42.3.0,42.3.9,CRITICAL,CWE-89 -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",42.4.0,42.4.4,CRITICAL,CWE-89 -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",42.5.0,42.5.5,CRITICAL,CWE-89 -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",42.6.0,42.6.1,CRITICAL,CWE-89 -GHSA-xfg6-62px-cxc2,2024-02-19T15:30:38Z,"Duplicate Advisory: SQL injection in pgjdbc","org.postgresql:postgresql",42.7.0,42.7.2,CRITICAL,CWE-89 -GHSA-xgfv-xpx8-qhcr,2024-10-14T20:54:52Z,"Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak","org.keycloak:keycloak-saml-core",0,22.0.13,HIGH,CWE-347 -GHSA-xgfv-xpx8-qhcr,2024-10-14T20:54:52Z,"Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak","org.keycloak:keycloak-saml-core",23.0.0,24.0.8,HIGH,CWE-347 -GHSA-xgfv-xpx8-qhcr,2024-10-14T20:54:52Z,"Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak","org.keycloak:keycloak-saml-core",25.0.0,25.0.6,HIGH,CWE-347 -GHSA-xh97-72ww-2w58,2022-05-04T00:00:22Z,"Duplicate Advisory: Improper Verification of Cryptographic Signature in google-oauth-java-client","com.google.oauth-client:google-oauth-client",1.16.0-rc,1.33.3,HIGH,CWE-347 -GHSA-xm7x-f3w2-4hjm,2023-10-03T21:54:02Z,"Presto JDBC Server-Side Request Forgery by redirect","com.facebook.presto:presto-jdbc",0,,HIGH,CWE-918 -GHSA-xmmm-jw76-q7vg,2024-10-14T20:56:43Z,"One Time Passcode (OTP) is valid longer than expiration timeSeverity","org.keycloak:keycloak-core",0,24.0.7,MODERATE,CWE-324 -GHSA-xmmm-jw76-q7vg,2024-10-14T20:56:43Z,"One Time Passcode (OTP) is valid longer than expiration timeSeverity","org.keycloak:keycloak-core",25.0.0,25.0.4,MODERATE,CWE-324 -GHSA-xpw8-rcwv-8f8p,2023-10-10T22:22:54Z,"io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack","io.netty:netty-codec-http2",0,4.1.100.Final,HIGH,CWE-400 -GHSA-xr8x-pxm6-prjg,2023-01-23T22:04:47Z," MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`","org.hl7.fhir.publisher:org.hl7.fhir.publisher",0,1.2.30,CRITICAL, -GHSA-xxfh-x98p-j8fr,2021-12-10T20:15:37Z,"Remote code injection in Log4j (through pax-logging-log4j2)","org.ops4j.pax.logging:pax-logging-log4j2",0,1.11.10,CRITICAL, -GHSA-xxfh-x98p-j8fr,2021-12-10T20:15:37Z,"Remote code injection in Log4j (through pax-logging-log4j2)","org.ops4j.pax.logging:pax-logging-log4j2",2.0.0,2.0.11,CRITICAL, diff --git a/src/main/resources/advisories-nuget.csv b/src/main/resources/advisories-nuget.csv deleted file mode 100644 index b5b1269..0000000 --- a/src/main/resources/advisories-nuget.csv +++ /dev/null @@ -1,2348 +0,0 @@ -CVE-2006-0743,2022-05-01T06:42:27Z,"Apache log4net format string vulnerability causes DoS",log4net,0,1.2.10,MODERATE,CWE-134 -CVE-2007-0660,2022-05-01T17:46:11Z,"DotNetNuke Vulnerable to XSS in Pass-Through Values",DotNetNuke.Core,0,03.02.01,MODERATE,CWE-79 -CVE-2008-6540,2022-05-14T02:38:47Z,"DotNetNuke Default Machine Key Exposure",DotNetNuke.Core,0,4.8.2,MODERATE,CWE-453 -CVE-2009-4665,2022-05-02T03:56:59Z,"CuteSoft CuteEditor Path Traversal vulnerability",CuteEditor,0,6.6,MODERATE,CWE-22 -CVE-2010-1459,2022-05-02T06:22:59Z,"Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability",mono,0,2.6.4,MODERATE,CWE-79 -CVE-2010-5312,2017-10-24T18:33:38Z,"Cross-site Scripting in jquery-ui",jQuery.UI.Combined,1.7.0,1.10.0,MODERATE,CWE-79 -CVE-2011-4969,2022-05-14T01:09:51Z,"jQuery vulnerable to Cross-Site Scripting (XSS)",jQuery,0,1.6.3,MODERATE,CWE-79 -CVE-2012-6662,2017-10-24T18:33:37Z,"jquery-ui Tooltip widget vulnerable to XSS",jQuery.UI.Combined,0,1.10.0,MODERATE,CWE-79 -CVE-2012-6708,2020-09-01T16:41:46Z,"Cross-Site Scripting in jquery",jQuery,0,1.9.0,MODERATE,CWE-64;CWE-79 -CVE-2013-4649,2022-05-17T01:33:02Z,"DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter",DotNetNuke.Core,0,6.2.9,MODERATE,CWE-79 -CVE-2013-4649,2022-05-17T01:33:02Z,"DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter",DotNetNuke.Core,7.0,7.1.1,MODERATE,CWE-79 -CVE-2013-7335,2022-05-17T04:49:44Z,"DotNetNuke (DNN) Open redirect vulnerability ",DotNetNuke.Core,0,6.2.9,MODERATE,CWE-20;CWE-601 -CVE-2013-7335,2022-05-17T04:49:44Z,"DotNetNuke (DNN) Open redirect vulnerability ",DotNetNuke.Core,7.0,7.1.1,MODERATE,CWE-20;CWE-601 -CVE-2014-4172,2022-05-17T19:57:18Z,"Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability",DotNetCasClient,0,1.0.2,CRITICAL,CWE-74 -CVE-2015-1566,2018-10-16T19:33:25Z,"Moderate severity vulnerability that affects DotNetNuke.Core",DotNetNuke.Core,0,7.4.0,MODERATE,CWE-79 -CVE-2015-2794,2018-10-16T19:33:42Z,"The installation wizard in DotNetNuke (DNN) allows privilege escalation",DotNetNuke.Core,0,7.4.1,CRITICAL, -CVE-2015-5237,2022-05-13T01:06:54Z,"protobuf susceptible to buffer overflow",Google.Protobuf,0,3.4.0,HIGH,CWE-787 -CVE-2015-8813,2022-05-17T02:56:23Z,"Umbraco CMS vulnerable to CSRF",Umbraco.CMS,0,7.4.0,HIGH,CWE-918 -CVE-2015-8814,2022-05-17T02:56:23Z,"Umbraco CMS vulnerable to CSRF",Umbraco.CMS,0,7.4.0,HIGH,CWE-352 -CVE-2015-9251,2018-01-22T13:32:06Z,"Cross-Site Scripting (XSS) in jquery",jQuery,0,1.12.2,MODERATE,CWE-79 -CVE-2015-9251,2018-01-22T13:32:06Z,"Cross-Site Scripting (XSS) in jquery",jQuery,1.12.3,3.0.0,MODERATE,CWE-79 -CVE-2016-0024,2022-05-14T02:26:20Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0,HIGH,CWE-119 -CVE-2016-0186,2022-05-14T02:25:02Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-0191,2022-05-14T02:24:57Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-0193,2022-05-14T02:24:57Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-10707,2018-01-22T13:32:42Z,"Denial of Service in jquery",jQuery,3.0.0-rc.1,3.0.0,HIGH,CWE-400;CWE-674 -CVE-2016-10735,2019-01-17T13:57:27Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap,2.0.4,3.4.0,MODERATE,CWE-79 -CVE-2016-10735,2019-01-17T13:57:27Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap,4.0.0-beta,4.0.0-beta.2,MODERATE,CWE-79 -CVE-2016-10735,2019-01-17T13:57:27Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap.sass,4.0.0-beta,4.0.0-beta.2,MODERATE,CWE-79 -CVE-2016-3199,2022-05-14T02:24:35Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3202,2022-05-14T02:24:35Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3214,2022-05-14T02:24:33Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.3.0,HIGH,CWE-119 -CVE-2016-3248,2022-05-14T02:24:16Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,,HIGH,CWE-119 -CVE-2016-3259,2022-05-14T02:24:15Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3260,2022-05-14T02:24:15Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3265,2022-05-14T02:24:13Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3269,2022-05-14T02:24:13Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.0.0,HIGH,CWE-119 -CVE-2016-3296,2022-05-14T02:23:44Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,,HIGH,CWE-119 -CVE-2016-3350,2022-05-14T02:23:18Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-3377,2022-05-14T02:23:14Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-3382,2022-05-14T02:23:12Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-3386,2022-05-14T02:23:11Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-3389,2022-05-14T02:23:11Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-3390,2022-05-14T02:23:11Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-7103,2017-10-24T18:33:35Z,"jQuery-UI vulnerable to Cross-site Scripting in dialog closeText",jQuery.UI.Combined,0,1.12.0,MODERATE,CWE-79 -CVE-2016-7119,2018-10-16T19:34:10Z,"Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)",DotNetNuke.Core,0,8.0.1,MODERATE,CWE-79 -CVE-2016-7189,2022-05-14T02:22:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.1,HIGH,CWE-119 -CVE-2016-7190,2022-05-14T02:22:45Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,,HIGH,CWE-119 -CVE-2016-7194,2022-05-14T02:22:45Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,,HIGH,CWE-119 -CVE-2016-7200,2022-05-14T02:22:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119;CWE-787 -CVE-2016-7201,2022-05-14T02:22:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119;CWE-843 -CVE-2016-7202,2022-05-14T02:22:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2016-7203,2022-05-14T02:22:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2016-7208,2022-05-14T02:22:41Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2016-7240,2022-05-14T02:22:18Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2016-7242,2022-05-14T02:22:18Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2016-7243,2022-05-14T02:22:17Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.2.2,HIGH,CWE-119 -CVE-2017-0208,2022-05-17T02:32:54Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.4.3,MODERATE,CWE-200 -CVE-2017-0223,2022-05-17T02:35:05Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,CRITICAL,CWE-119 -CVE-2017-0224,2022-05-17T02:44:22Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,HIGH,CWE-119 -CVE-2017-0234,2022-05-17T02:35:00Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,HIGH,CWE-119 -CVE-2017-0235,2022-05-17T02:44:21Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,HIGH,CWE-119 -CVE-2017-0236,2022-05-17T02:34:59Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,HIGH,CWE-119 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Abstractions",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Abstractions",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.ApiExplorer",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.ApiExplorer",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Core",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Core",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Cors",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Cors",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.DataAnnotations",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.DataAnnotations",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Formatters.Json",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Formatters.Json",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Localization",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Localization",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Razor",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Razor",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Razor.Host",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.Razor.Host",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.TagHelpers",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.TagHelpers",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.ViewFeatures",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.ViewFeatures",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Net.Http.WinHttpHandler",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Net.Http.WinHttpHandler",4.3.0,4.5.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Net.WebSockets.Client",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Net.WebSockets.Client",4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Text.Encodings.Web",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests","System.Text.Encodings.Web",4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",Microsoft.AspNetCore.Mvc,1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",Microsoft.AspNetCore.Mvc,1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",System.Net.Http,4.1.1,4.1.2,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",System.Net.Http,4.3.1,4.3.2,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",System.Net.Security,4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0247,2018-10-16T19:58:05Z,"ASP.NET Core fails to properly validate web requests",System.Net.Security,4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Abstractions",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Abstractions",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.ApiExplorer",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.ApiExplorer",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Core",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Core",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Cors",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Cors",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.DataAnnotations",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.DataAnnotations",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Formatters.Json",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Formatters.Json",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Localization",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Localization",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Razor",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Razor",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Razor.Host",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.Razor.Host",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.TagHelpers",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.TagHelpers",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.ViewFeatures",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.ViewFeatures",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Net.Http.WinHttpHandler",4.0.0,4.0.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Net.Http.WinHttpHandler",4.3.0,4.3.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Net.WebSockets.Client",4.0.0,4.0.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Net.WebSockets.Client",4.3.0,4.3.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Text.Encodings.Web",4.0.0,4.0.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core","System.Text.Encodings.Web",4.3.0,4.3.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",Microsoft.AspNetCore.Mvc,1.0.0,1.0.4,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",Microsoft.AspNetCore.Mvc,1.1.0,1.1.3,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",System.Net.Http,4.1.1,4.1.2,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",System.Net.Http,4.3.1,4.3.2,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",System.Net.Security,4.0.0,4.0.1,MODERATE,CWE-295 -CVE-2017-0248,2018-10-16T19:58:52Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core",System.Net.Security,4.3.0,4.3.1,MODERATE,CWE-295 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Abstractions",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Abstractions",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ApiExplorer",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ApiExplorer",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Core",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Core",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Cors",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Cors",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.DataAnnotations",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.DataAnnotations",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Json",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Json",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Localization",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Localization",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor.Host",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor.Host",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.TagHelpers",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.TagHelpers",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ViewFeatures",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ViewFeatures",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.Http.WinHttpHandler",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.Http.WinHttpHandler",4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.WebSockets.Client",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.WebSockets.Client",4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Text.Encodings.Web",4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Text.Encodings.Web",4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",DisCatSharp,0,,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",Microsoft.AspNetCore.Mvc,1.0.0,1.0.4,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",Microsoft.AspNetCore.Mvc,1.1.0,1.1.3,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Http,4.1.1,4.1.2,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Http,4.3.1,4.3.2,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Security,4.0.0,4.0.1,HIGH,CWE-20 -CVE-2017-0249,2018-10-16T19:57:38Z,"High severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Security,4.3.0,4.3.1,HIGH,CWE-20 -CVE-2017-0252,2022-05-17T02:44:02Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.4.4,CRITICAL,CWE-119 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Abstractions",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Abstractions",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ApiExplorer",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ApiExplorer",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Core",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Core",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Cors",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Cors",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.DataAnnotations",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.DataAnnotations",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Json",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Json",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Formatters.Xml",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Localization",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Localization",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor.Host",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.Razor.Host",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.TagHelpers",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.TagHelpers",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ViewFeatures",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.ViewFeatures",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","Microsoft.AspNetCore.Mvc.WebApiCompatShim",1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.Http.WinHttpHandler",4.0.0,4.0.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.Http.WinHttpHandler",4.3.0,4.3.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.WebSockets.Client",4.0.0,4.0.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Net.WebSockets.Client",4.3.0,4.3.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Text.Encodings.Web",4.0.0,4.0.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc","System.Text.Encodings.Web",4.3.0,4.3.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",Microsoft.AspNetCore.Mvc,1.0.0,1.0.4,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",Microsoft.AspNetCore.Mvc,1.1.0,1.1.3,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Http,4.1.1,4.1.2,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Http,4.3.1,4.3.2,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Security,4.0.0,4.0.1,MODERATE,CWE-20 -CVE-2017-0256,2018-10-16T19:57:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc",System.Net.Security,4.3.0,4.3.1,MODERATE,CWE-20 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,0,1.0.1,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.1.0,1.1.10,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.2.0,1.2.8,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.3.0,1.3.2,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.4.0,1.4.14,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.5.0,1.5.3,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.6.0,1.6.2,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.7.0,1.7.1,CRITICAL,CWE-918 -CVE-2017-0907,2018-10-16T17:35:04Z,"Critical severity vulnerability that affects recurly-api-client",recurly-api-client,1.8.0,1.8.1,CRITICAL,CWE-918 -CVE-2017-0929,2018-10-16T17:18:12Z,"High severity vulnerability that affects DotNetNuke.Core",DotNetNuke.Core,0,9.2.0,HIGH,CWE-918 -CVE-2017-11767,2022-05-13T01:42:32Z,"ChakraCore vulnerable to privilege escalation",Microsoft.ChakraCore,0,1.6.2,CRITICAL,CWE-119 -CVE-2017-11770,2022-04-12T00:07:34Z,"Improper Certificate Validation","System.Security.Cryptography.X509Certificates",4.0.0,4.1.2,HIGH,CWE-295 -CVE-2017-11770,2022-04-12T00:07:34Z,"Improper Certificate Validation",Microsoft.NETCore.App,1.0.0,2.0.3,HIGH,CWE-295 -CVE-2017-11792,2022-05-17T00:32:12Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11796,2022-05-17T00:32:03Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11797,2022-05-17T00:32:27Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-200 -CVE-2017-11801,2022-05-17T00:32:27Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-200 -CVE-2017-11805,2022-05-17T00:32:03Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11806,2022-05-17T00:32:03Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11807,2022-05-17T00:32:03Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11821,2022-05-17T00:32:12Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.3,HIGH,CWE-119 -CVE-2017-11862,2022-05-17T00:19:55Z,"Chakra Core vulnerable to privilege escalation due to type confusion",Microsoft.ChakraCore,0,1.7.4,HIGH,CWE-119 -CVE-2017-11870,2022-05-17T00:19:55Z,"Chakra Core vulnerable to privilege escalation when writing to JavaScript null scope objects",Microsoft.ChakraCore,0,1.7.4,HIGH,CWE-119 -CVE-2017-11871,2022-05-17T00:19:54Z,"Chakra Core vulnerable to privilege escalation due to reading an invalid pointer",Microsoft.ChakraCore,0,1.7.4,HIGH,CWE-119 -CVE-2017-11879,2022-05-14T03:47:22Z,"Open redirect in ASP.NET Core","Microsoft.AspNetCore.Mvc.Core",2.0.0,2.0.1,HIGH,CWE-601 -CVE-2017-11879,2022-05-14T03:47:22Z,"Open redirect in ASP.NET Core",Microsoft.AspNetCore.All,2.0.0,2.0.3,HIGH,CWE-601 -CVE-2017-11883,2022-05-13T01:42:35Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.Server.HttpSys",2.0.0,2.0.2,HIGH, -CVE-2017-11883,2022-05-13T01:42:35Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.Server.WebListener",1.0.0,1.0.6,HIGH, -CVE-2017-11883,2022-05-13T01:42:35Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.Server.WebListener",1.1.0,1.1.4,HIGH, -CVE-2017-11883,2022-05-13T01:42:35Z,"Denial of service in ASP.NET Core","Microsoft.Net.Http.Server",1.0.0,1.0.6,HIGH, -CVE-2017-11883,2022-05-13T01:42:35Z,"Denial of service in ASP.NET Core","Microsoft.Net.Http.Server",1.1.0,1.1.4,HIGH, -CVE-2017-11889,2022-05-14T04:03:59Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11893,2022-05-14T01:06:50Z,"ChakraCore vulnerable to remote code execution",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11905,2022-05-14T04:04:14Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11908,2022-05-17T00:11:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11909,2022-05-14T01:06:51Z,"ChakraCore vulnerable to remote code execution",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11910,2022-05-17T00:11:59Z,"ChakraCore vulnerable to remote code execution due to insufficient InlineCache check",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11911,2022-05-14T01:06:51Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11914,2022-05-14T01:06:51Z,"ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-11916,2022-05-17T00:11:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.7.5,HIGH,CWE-119 -CVE-2017-15279,2022-05-17T00:30:20Z,"Umbraco CMS vulnerable to stored XSS",UmbracoCMS.Web,0,7.7.3,MODERATE,CWE-79 -CVE-2017-15280,2022-05-17T00:30:20Z,"Umbraco CMS XXE Vulnerability",UmbracoCms.Web,0,7.7.3,MODERATE,CWE-611 -CVE-2017-8585,2022-05-17T00:19:03Z,"Improper Input Validation in Microsoft.NETCore.App",Microsoft.NETCore.App,1.0.0,1.0.7,HIGH,CWE-20 -CVE-2017-8585,2022-05-17T00:19:03Z,"Improper Input Validation in Microsoft.NETCore.App",Microsoft.NETCore.App,1.1.0,1.1.4,HIGH,CWE-20 -CVE-2017-8658,2022-05-17T01:57:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.6.1,CRITICAL,CWE-119 -CVE-2017-8659,2022-05-17T02:13:52Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.6.1,MODERATE,CWE-200 -CVE-2017-8700,2022-05-13T01:47:40Z,"Cross-origin Resource Sharing bypass in ASP.NET Core","Microsoft.AspNetCore.Mvc.Core",1.0.0,1.0.6,HIGH, -CVE-2017-8700,2022-05-13T01:47:40Z,"Cross-origin Resource Sharing bypass in ASP.NET Core","Microsoft.AspNetCore.Mvc.Core",1.1.0,1.1.6,HIGH, -CVE-2017-8700,2022-05-13T01:47:40Z,"Cross-origin Resource Sharing bypass in ASP.NET Core","Microsoft.AspNetCore.Mvc.Cors",1.0.0,1.0.6,HIGH, -CVE-2017-8700,2022-05-13T01:47:40Z,"Cross-origin Resource Sharing bypass in ASP.NET Core","Microsoft.AspNetCore.Mvc.Cors",1.1.0,1.1.6,HIGH, -CVE-2017-9246,2022-05-17T02:35:57Z,"New Relic .NET Agent contains SQL Injection",NewRelic.Agent,0,6.3.123.0,CRITICAL,CWE-89 -CVE-2017-9785,2022-05-17T02:26:07Z,"Deserialization of Untrusted Data in NancyFX Nancy",Nancy,0,1.4.4,CRITICAL,CWE-502 -CVE-2017-9785,2022-05-17T02:26:07Z,"Deserialization of Untrusted Data in NancyFX Nancy",Nancy,2.0.0-alpha,2.0.0,CRITICAL,CWE-502 -CVE-2017-9822,2018-10-16T19:34:22Z,"DNN (aka DotNetNuke) has Remote Code Execution via a cookie",DotNetNuke.Core,0,9.1.1,HIGH,CWE-20 -CVE-2018-0764,2018-10-16T17:34:00Z,"Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents","System.Security.Cryptography.Xml",0,4.4.2,HIGH, -CVE-2018-0765,2018-10-16T19:54:06Z,"Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents","System.Security.Cryptography.Xml",0,4.4.2,HIGH,CWE-611 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","Microsoft.NETCore.UniversalWindowsPlatform",5.2.0,5.2.4,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","Microsoft.NETCore.UniversalWindowsPlatform",5.3.0,5.3.5,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","Microsoft.NETCore.UniversalWindowsPlatform",5.4.0,5.4.2,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","Microsoft.NETCore.UniversalWindowsPlatform",6.0.0,6.0.6,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.1.0,4.1.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.0.1,4.0.2,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.1.0,4.1.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.1.0,4.1.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.0.1,4.0.2,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.1.0,4.1.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.3.0,4.3.1,HIGH,CWE-295 -CVE-2018-0786,2018-10-16T19:59:05Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.4.0,4.4.1,HIGH,CWE-295 -CVE-2018-0787,2018-10-16T19:56:59Z,"ASP.NET Core allow an elevation of privilege","Microsoft.AspNetCore.HttpOverrides",2.0.0,2.0.2,HIGH,CWE-640 -CVE-2018-0787,2018-10-16T19:56:59Z,"ASP.NET Core allow an elevation of privilege","Microsoft.AspNetCore.Server.Kestrel.Core",2.0.0,2.0.2,HIGH,CWE-640 -CVE-2018-0818,2022-05-13T01:48:24Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.0,HIGH, -CVE-2018-0834,2022-05-13T01:18:32Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0835,2022-05-13T01:18:31Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0836,2022-05-13T01:18:32Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0837,2022-05-13T01:18:32Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0838,2022-05-13T01:18:33Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0856,2022-05-13T01:18:34Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0857,2022-05-13T01:18:33Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0858,2022-05-13T01:18:34Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0859,2022-05-13T01:18:33Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0860,2022-05-13T01:18:33Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.1,HIGH,CWE-787 -CVE-2018-0872,2022-05-13T01:18:35Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0873,2022-05-13T01:18:35Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0874,2022-05-13T01:18:35Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0875,2022-05-13T01:07:06Z,".NET Core Denial of Service Vulnerability",Microsoft.NETCore.Jit,0,1.0.12,HIGH, -CVE-2018-0875,2022-05-13T01:07:06Z,".NET Core Denial of Service Vulnerability",Microsoft.NETCore.Jit,1.1.0,1.1.7,HIGH, -CVE-2018-0875,2022-05-13T01:07:06Z,".NET Core Denial of Service Vulnerability",Microsoft.NETCore.Jit,2.0.0,2.0.6,HIGH, -CVE-2018-0925,2022-05-13T01:18:37Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0930,2022-05-13T01:18:37Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0931,2022-05-13T01:18:37Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0933,2022-05-13T01:18:37Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0934,2022-05-13T01:18:38Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0936,2022-05-13T01:18:38Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0937,2022-05-13T01:18:38Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.2,HIGH,CWE-787 -CVE-2018-0939,2022-05-13T01:18:38Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.8.2,MODERATE,CWE-787 -CVE-2018-0943,2022-05-13T01:18:37Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-0945,2022-05-13T01:18:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-0946,2022-05-13T01:18:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-0954,2022-05-13T01:18:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-0979,2022-05-13T01:18:41Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-0980,2022-05-13T01:18:41Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-0990,2022-05-13T01:18:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-0993,2022-05-13T01:18:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-0994,2022-05-13T01:18:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-0995,2022-05-13T01:18:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-1000120,2022-05-14T00:58:02Z,"curl FTP path confusion leads to NIL byte out of bounds write",curl,7.12.3,,CRITICAL,CWE-787 -CVE-2018-1000210,2018-10-16T17:01:10Z,"High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed",YamlDotNet,0,5.0.0,HIGH,CWE-502;CWE-639 -CVE-2018-1000210,2018-10-16T17:01:10Z,"High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed",YamlDotNet.Signed,0,5.0.0,HIGH,CWE-502;CWE-639 -CVE-2018-1002205,2018-10-16T17:16:40Z,"High severity vulnerability that affects DotNetZip",DotNetZip,0,1.11.0,HIGH,CWE-22 -CVE-2018-1002206,2019-09-11T22:59:57Z,"Directory Traversal in SharpCompress",SharpCompress,0,0.21.0,MODERATE,CWE-22 -CVE-2018-1002208,2022-05-13T01:35:03Z,"Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib",SharpZipLib,0,1.0.0-rc1,MODERATE,CWE-22 -CVE-2018-1019,2022-05-13T01:18:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.3,HIGH,CWE-787 -CVE-2018-1022,2022-05-13T01:18:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-12086,2018-10-16T19:51:31Z,"High severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua","OPCFoundation.NetStandard.Opc.Ua",0,1.4.353.15,HIGH,CWE-787 -CVE-2018-12087,2018-10-16T19:51:18Z,"Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua","OPCFoundation.NetStandard.Opc.Ua",0,1.4.353.15,MODERATE,CWE-295 -CVE-2018-1285,2021-01-29T19:47:23Z,"XML External Entity attack in log4net",log4net,0,2.0.10,CRITICAL,CWE-611 -CVE-2018-14040,2022-05-13T01:07:54Z,"Bootstrap vulnerable to Cross-Site Scripting (XSS)",bootstrap,2.3.0,3.4.0,MODERATE,CWE-79 -CVE-2018-14040,2022-05-13T01:07:54Z,"Bootstrap vulnerable to Cross-Site Scripting (XSS)",bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14040,2022-05-13T01:07:54Z,"Bootstrap vulnerable to Cross-Site Scripting (XSS)",bootstrap.sass,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14041,2018-09-13T15:49:56Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14041,2018-09-13T15:49:56Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap.sass,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14042,2018-09-13T15:50:32Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap,2.3.0,3.4.0,MODERATE,CWE-79 -CVE-2018-14042,2018-09-13T15:50:32Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14042,2018-09-13T15:50:32Z,"Bootstrap Cross-site Scripting vulnerability",bootstrap.sass,4.0.0,4.1.2,MODERATE,CWE-79 -CVE-2018-14486,2022-05-14T01:17:48Z,"DNN XSS Vulnerability",DotNetNuke.Core,0,,MODERATE,CWE-79 -CVE-2018-14550,2021-03-22T16:57:07Z,"Out-of-bounds write in libpng",libpng,0,1.6.37,HIGH,CWE-787 -CVE-2018-15121,2022-05-14T02:01:18Z,"Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery",Auth0-ASPNET-Owin,0,,HIGH,CWE-352 -CVE-2018-15121,2022-05-14T02:01:18Z,"Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery",auth0-aspnet,0,,HIGH,CWE-352 -CVE-2018-15811,2019-07-05T21:08:36Z,"Inadequate Encryption Strength in DotNetNuke",DotNetNuke.Core,9.2.0,9.2.2,HIGH,CWE-326 -CVE-2018-15812,2019-07-05T21:08:24Z,"Insufficient Entropy in DotNetNuke",DotNetNuke.Core,9.2.0,9.2.2,HIGH,CWE-331 -CVE-2018-17060,2022-05-13T01:19:22Z,"Improper Access Control in Telerik Extensions",TelerikMvcExtensions,0,,MODERATE,CWE-284 -CVE-2018-17107,2023-06-12T20:30:27Z,"tgstation-server cached user logins in legacy server",TGServiceInterface,3.2.1.0,3.2.5.0,HIGH, -CVE-2018-17256,2022-05-14T01:44:31Z,"Umbraco CMS vulnerable to stored XSS",umbraco,0,,MODERATE,CWE-79 -CVE-2018-18325,2019-07-05T21:08:16Z,"Inadequate Encryption Strength in DotNetNuke",DotNetNuke.Core,0,9.3.0,HIGH,CWE-326 -CVE-2018-18326,2019-07-05T21:08:20Z,"Insufficient Entropy in DotNetNuke",DotNetNuke.Core,0,9.3.0,HIGH,CWE-331 -CVE-2018-20676,2019-01-17T13:57:34Z,"XSS vulnerability that affects bootstrap",bootstrap,0,3.4.0,MODERATE,CWE-79 -CVE-2018-20677,2019-01-17T13:57:56Z,"bootstrap Cross-site Scripting vulnerability",bootstrap,0,3.4.0,MODERATE,CWE-79 -CVE-2018-7559,2018-10-16T19:58:42Z,"OPC UA applications can allow a remote attacker to determine a Server's private key ","OPCFoundation.NetStandard.Opc.Ua",0,1.3.352.12,MODERATE, -CVE-2018-8130,2022-05-13T01:20:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-8133,2022-05-13T01:20:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-843 -CVE-2018-8137,2022-05-13T01:20:39Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-8139,2022-05-13T01:20:40Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-125 -CVE-2018-8145,2022-05-13T01:53:32Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-200 -CVE-2018-8171,2018-10-16T19:56:50Z,"Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated","Microsoft.AspNetCore.Identity",1.0.0,1.0.6,HIGH,CWE-287 -CVE-2018-8171,2018-10-16T19:56:50Z,"Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated","Microsoft.AspNetCore.Identity",1.1.0,1.1.6,HIGH,CWE-287 -CVE-2018-8171,2018-10-16T19:56:50Z,"Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated","Microsoft.AspNetCore.Identity",2.0.0,2.0.4,HIGH,CWE-287 -CVE-2018-8171,2018-10-16T19:56:50Z,"Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated","Microsoft.AspNetCore.Identity",2.1.0,2.1.2,HIGH,CWE-287 -CVE-2018-8177,2022-05-13T01:20:41Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.4,HIGH,CWE-787 -CVE-2018-8227,2022-05-13T01:20:43Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.5,HIGH,CWE-787 -CVE-2018-8229,2022-05-13T01:20:42Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.5,HIGH,CWE-843 -CVE-2018-8243,2022-05-13T01:20:43Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.8.5,HIGH,CWE-787 -CVE-2018-8266,2022-05-13T01:20:43Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8269,2018-10-16T19:58:31Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.DataProtection.AzureStorage",2.1.0,2.1.13,HIGH, -CVE-2018-8269,2018-10-16T19:58:31Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.DataProtection.AzureStorage",2.2.0,2.2.7,HIGH, -CVE-2018-8269,2018-10-16T19:58:31Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.All,2.1.0,2.1.13,HIGH, -CVE-2018-8269,2018-10-16T19:58:31Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.All,2.2.0,2.2.7,HIGH, -CVE-2018-8269,2018-10-16T19:58:31Z,"Denial of service in ASP.NET Core",Microsoft.Data.OData,0,5.8.4,HIGH, -CVE-2018-8276,2022-05-13T01:53:37Z,"ChakraCore Security Bypass",Microsoft.ChakraCore,0,1.10.1,MODERATE, -CVE-2018-8280,2022-05-13T01:20:44Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8283,2022-05-13T01:20:44Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8286,2022-05-13T01:20:45Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8287,2022-05-13T01:20:45Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8288,2022-05-13T01:20:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8290,2022-05-13T01:20:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8291,2022-05-13T01:20:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-843 -CVE-2018-8292,2021-04-21T19:16:06Z,".NET Core Information Disclosure",System.Net.Http,0,4.3.4,HIGH,CWE-200 -CVE-2018-8294,2022-05-13T01:20:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8298,2022-05-13T01:20:46Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-843 -CVE-2018-8315,2022-05-14T02:03:04Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.11.1,MODERATE,CWE-200 -CVE-2018-8354,2022-05-13T01:20:48Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8355,2022-05-13T01:20:48Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.0.0,4.1.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.Private.ServiceModel",4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.0.0,4.0.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Duplex",4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.0.0,4.1.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.NetTcp",4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.0.0,4.1.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Primitives",4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.0.0,4.0.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components","System.ServiceModel.Security",4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.0.0,4.1.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.3.0,4.3.3,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.4.0,4.4.4,MODERATE,CWE-295 -CVE-2018-8356,2022-05-14T03:00:10Z,"Improper Certificate Validation in Microsoft .NET Framework components",System.ServiceModel.Http,4.5.0,4.5.3,MODERATE,CWE-295 -CVE-2018-8359,2022-05-13T01:20:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8367,2022-05-13T01:20:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8371,2022-05-13T01:20:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.1,HIGH,CWE-787 -CVE-2018-8372,2022-05-13T01:20:49Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8380,2022-05-13T01:20:50Z,"ChakraCore remote code execution vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8381,2022-05-13T01:20:50Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8384,2022-05-13T01:20:51Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-843 -CVE-2018-8385,2022-05-13T01:20:51Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8390,2022-05-13T01:20:51Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.10.2,HIGH,CWE-787 -CVE-2018-8391,2022-05-13T01:20:52Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8409,2018-10-16T19:56:38Z,"Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests",Microsoft.AspNetCore.All,2.1.0,2.1.4,HIGH, -CVE-2018-8409,2018-10-16T19:56:38Z,"Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests",Microsoft.AspNetCore.App,2.1.0,2.1.4,HIGH, -CVE-2018-8409,2018-10-16T19:56:38Z,"Denial of service vulnerability exists when System.IO.Pipelines improperly handles requests",System.IO.Pipelines,4.5.0,4.5.1,HIGH, -CVE-2018-8416,2022-05-13T01:20:52Z,"Tampering vulnerability in .NET Core",Microsoft.NETCore.App,2.1.0,2.1.7,MODERATE, -CVE-2018-8452,2022-05-13T01:53:42Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.11.1,MODERATE,CWE-200 -CVE-2018-8456,2022-05-13T01:20:53Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8459,2022-05-13T01:20:53Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8465,2022-05-13T01:20:54Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8466,2022-05-13T01:20:55Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8467,2022-05-13T01:20:55Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.1,HIGH,CWE-787 -CVE-2018-8500,2022-05-13T01:20:55Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,CRITICAL,CWE-787 -CVE-2018-8503,2022-05-13T01:20:56Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,HIGH,CWE-787 -CVE-2018-8505,2022-05-13T01:20:56Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,HIGH,CWE-787 -CVE-2018-8510,2022-05-13T01:20:56Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,HIGH,CWE-787 -CVE-2018-8511,2022-05-13T01:20:57Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,HIGH,CWE-787 -CVE-2018-8513,2022-05-13T01:20:57Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.2,HIGH,CWE-787 -CVE-2018-8541,2022-05-13T01:20:57Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8542,2022-05-13T01:20:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8543,2022-05-13T01:20:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8551,2022-05-13T01:20:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8555,2022-05-13T01:20:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8556,2022-05-13T01:20:59Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8557,2022-05-13T01:20:59Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8583,2022-05-13T01:21:01Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8588,2022-05-13T01:21:01Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8617,2022-05-13T01:21:02Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.3,HIGH,CWE-787 -CVE-2018-8618,2022-05-13T01:21:02Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.4,HIGH,CWE-787 -CVE-2018-8624,2022-05-13T01:21:03Z,"ChakraCore Remote code execution Vulnerability",Microsoft.ChakraCore,0,1.11.4,HIGH,CWE-787 -CVE-2018-8629,2022-05-13T01:21:03Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.4,HIGH,CWE-787 -CVE-2019-0539,2022-05-13T01:21:15Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.5,HIGH,CWE-787 -CVE-2019-0545,2022-05-14T01:41:10Z,"Exposure of Sensitive Information in System.Net.Http",Microsoft.NETCore.App,2.1.0,2.1.7,HIGH,CWE-200 -CVE-2019-0545,2022-05-14T01:41:10Z,"Exposure of Sensitive Information in System.Net.Http",Microsoft.NETCore.App,2.2.0,2.2.1,HIGH,CWE-200 -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.Server.Kestrel.Core",2.1.0,2.1.7,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.WebSockets",2.1.0,2.1.7,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.WebSockets",2.2.0,2.2.1,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core","System.Net.WebSockets.WebSocketProtocol",4.5.0,4.5.3,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.All,2.1.0,2.1.7,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.All,2.2.0,2.2.1,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.App,2.1.0,2.1.7,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.App,2.2.0,2.2.1,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.NETCore.App,2.1.0,2.1.7,HIGH, -CVE-2019-0564,2022-05-14T01:41:32Z,"Denial of service in ASP.NET Core",Microsoft.NETCore.App,2.2.0,2.2.1,HIGH, -CVE-2019-0567,2022-05-13T01:21:17Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.5,HIGH,CWE-787 -CVE-2019-0568,2022-05-13T01:21:17Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.5,HIGH,CWE-787 -CVE-2019-0592,2019-04-09T19:43:56Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0609,2019-04-09T19:43:59Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0611,2019-04-09T19:43:54Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0639,2019-04-09T19:44:03Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-190 -CVE-2019-0648,2022-05-13T01:21:25Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.11.6,MODERATE, -CVE-2019-0649,2022-05-13T01:21:26Z,"Chakra JIT server Privilege Escalation ",Microsoft.ChakraCore,0,1.11.6,HIGH, -CVE-2019-0657,2022-05-14T01:28:01Z,"Improper Input Validation in .Net Framework API's",Microsoft.NETCore.App,2.1.0,2.1.8,MODERATE,CWE-20 -CVE-2019-0657,2022-05-14T01:28:01Z,"Improper Input Validation in .Net Framework API's",Microsoft.NETCore.App,2.2.0,2.2.2,MODERATE,CWE-20 -CVE-2019-0657,2022-05-14T01:28:01Z,"Improper Input Validation in .Net Framework API's",System.Private.Uri,4.3.0,4.3.2,MODERATE,CWE-20 -CVE-2019-0746,2019-04-09T19:43:38Z,"Microsoft.ChakraCore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor ",Microsoft.ChakraCore,0,1.11.7,MODERATE,CWE-200 -CVE-2019-0769,2019-04-09T19:43:46Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0771,2019-04-09T19:43:29Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0773,2019-04-09T19:43:32Z,"High severity vulnerability that affects Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.7,HIGH,CWE-787 -CVE-2019-0806,2022-05-13T01:21:36Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0810,2022-05-13T01:21:36Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0812,2022-05-13T01:21:36Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0820,2021-08-04T21:03:46Z,"Regular Expression Denial of Service in System.Text.RegularExpressions","System.Text.RegularExpressions",4.3.0,4.3.1,HIGH,CWE-1333;CWE-400 -CVE-2019-0829,2022-05-13T01:21:37Z,"ChakraCore Memory Corruption Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0860,2022-05-13T01:21:40Z,"ChakraCore Memory Corruption Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0861,2022-05-13T01:21:41Z,"ChakraCore Memory Corruption Vulnerability",Microsoft.ChakraCore,0,1.11.8,HIGH,CWE-787 -CVE-2019-0911,2021-03-29T21:00:00Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0912,2021-03-29T20:59:59Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0913,2021-03-29T21:00:05Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0914,2021-03-29T21:00:02Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0915,2021-03-29T21:00:03Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0916,2021-03-29T21:00:09Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0917,2021-03-29T21:00:06Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0922,2021-03-29T21:00:11Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0923,2021-03-29T21:00:08Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0924,2021-03-29T21:00:12Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0925,2021-03-29T20:57:39Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0927,2021-03-29T20:58:59Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0933,2021-03-29T20:59:01Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0937,2021-03-29T20:59:03Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.9,HIGH,CWE-787 -CVE-2019-0976,2022-05-24T22:28:08Z,"NuGet Package Manager Tampering Vulnerability",NuGet.Commands,5.0.0,5.0.2,MODERATE,CWE-732 -CVE-2019-0980,2022-05-24T16:45:53Z,"Denial of service in ASP.NET Core",System.Private.Uri,4.3.0,4.3.2,HIGH, -CVE-2019-0981,2022-05-24T16:45:54Z,"Denial of service in ASP.NET Core",System.Private.Uri,4.3.0,4.3.2,HIGH, -CVE-2019-0982,2022-05-24T16:45:54Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.SignalR.Protocols.MessagePack",1.0.0,1.0.11,HIGH, -CVE-2019-0982,2022-05-24T16:45:54Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.SignalR.Protocols.MessagePack",1.1.0,1.1.5,HIGH, -CVE-2019-0989,2021-03-29T20:59:04Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-0991,2021-03-29T20:57:42Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-0992,2021-03-29T20:59:07Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-0993,2021-03-29T20:57:51Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1002,2022-05-24T22:00:06Z,"ChakraCore RCE via Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1003,2021-03-29T20:59:06Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1010113,2019-07-26T16:10:06Z,"Cross-site scripting in CLEditor",CLEditor,0,,MODERATE,CWE-79 -CVE-2019-1010199,2022-05-24T22:00:16Z,"Cross site scripting attack in ServiceStack Framework",ServiceStack,4.5.14,5.2.0,MODERATE,CWE-79 -CVE-2019-1024,2022-05-24T22:00:06Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1051,2022-05-24T22:00:06Z,"ChakraCore RCE via Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1052,2022-05-24T22:00:06Z,"ChakraCore RCE via Out-of-bounds write",Microsoft.ChakraCore,0,1.11.10,HIGH,CWE-787 -CVE-2019-1062,2021-03-29T20:59:09Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.11,HIGH,CWE-787 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core","Microsoft.AspNetCore.Server.HttpSys",2.1.0,2.1.12,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core","Microsoft.AspNetCore.Server.HttpSys",2.2.0,2.2.6,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core","Microsoft.AspNetCore.Server.IIS",2.2.0,2.2.6,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core",Microsoft.AspNetCore.All,2.1.0,2.1.12,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core",Microsoft.AspNetCore.All,2.2.0,2.2.6,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core",Microsoft.AspNetCore.App,2.1.0,2.1.12,MODERATE,CWE-601 -CVE-2019-1075,2022-05-24T16:50:19Z,"Open redirect in ASP.NET Core",Microsoft.AspNetCore.App,2.2.0,2.2.6,MODERATE,CWE-601 -CVE-2019-1092,2021-03-29T20:59:11Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.11,HIGH,CWE-787 -CVE-2019-1103,2021-03-29T20:59:12Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.11,HIGH,CWE-787 -CVE-2019-1106,2021-03-29T20:59:15Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.11,HIGH,CWE-787 -CVE-2019-1107,2021-03-29T20:57:35Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.11,HIGH,CWE-787 -CVE-2019-1131,2021-03-29T20:57:46Z,"Out-of-bounds write in Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-11358,2019-04-26T16:29:11Z,"XSS in jQuery as used in Drupal, Backdrop CMS, and other products",jQuery,1.1.4,3.4.0,MODERATE,CWE-1321;CWE-79 -CVE-2019-1138,2021-03-29T20:56:11Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.13,HIGH,CWE-787 -CVE-2019-1139,2021-03-29T20:57:53Z,"Out-of-bounds write in Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-1140,2021-03-29T20:57:49Z,"Out-of-bounds write in Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-11401,2022-05-24T16:44:03Z,"SiteServer CMS RCE via unsafe file upload",sscms,0,6.12,HIGH,CWE-434 -CVE-2019-1141,2021-03-29T20:57:56Z,"Out-of-bounds write in Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-1167,2019-07-17T19:14:18Z,"System.Management.Automation subject to bypass via script debugging","System.Management.Automation",6.1.0,6.1.5,MODERATE, -CVE-2019-1167,2019-07-17T19:14:18Z,"System.Management.Automation subject to bypass via script debugging","System.Management.Automation",6.2.0,6.2.2,MODERATE, -CVE-2019-1195,2021-03-29T20:57:59Z,"Out-of-bounds write in Microsoft.ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-1196,2021-03-29T20:58:01Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-1197,2021-03-29T20:56:15Z,"Out-of-bounds write ",Microsoft.ChakraCore,0,1.11.12,HIGH,CWE-787 -CVE-2019-1217,2021-03-29T20:56:08Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.13,HIGH,CWE-787 -CVE-2019-1237,2021-03-29T20:56:04Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.13,HIGH,CWE-787 -CVE-2019-12562,2019-11-18T17:16:06Z,"Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke",DotNetNuke.Core,0,9.4.0,MODERATE,CWE-79 -CVE-2019-1258,2019-08-16T14:03:35Z,"Vulnerability in Azure Active Directory Authentication Library","microsoft.identitymodel.clients.activedirectory",5.0.0,5.2.0,HIGH, -CVE-2019-1298,2021-03-29T20:56:01Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.13,HIGH,CWE-787 -CVE-2019-1300,2021-03-29T20:55:57Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.13,HIGH,CWE-787 -CVE-2019-1301,2019-09-13T13:25:47Z,"High severity vulnerability that affects System.Management.Automation","System.Management.Automation",0,6.1.6,HIGH, -CVE-2019-1301,2019-09-13T13:25:47Z,"High severity vulnerability that affects System.Management.Automation","System.Management.Automation",6.2.0,6.2.3,HIGH, -CVE-2019-1302,2022-05-24T22:00:33Z,"Elevation of privilege in ASP.NET Core","Microsoft.AspNetCore.SpaServices",2.1.0,2.1.13,MODERATE, -CVE-2019-1302,2022-05-24T22:00:33Z,"Elevation of privilege in ASP.NET Core","Microsoft.AspNetCore.SpaServices",2.2.0,2.2.7,MODERATE, -CVE-2019-1307,2021-03-29T20:55:46Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.14,HIGH,CWE-787 -CVE-2019-1308,2021-03-29T20:55:52Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.14,HIGH,CWE-787 -CVE-2019-1335,2021-03-29T20:55:40Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.14,HIGH,CWE-787 -CVE-2019-1366,2021-03-29T20:55:36Z,"Out-of-bounds write",Microsoft.ChakraCore,0,1.11.14,HIGH,CWE-787 -CVE-2019-14262,2019-08-23T00:04:56Z,"Uncontrolled Resource Consumption in MetadataExtractor",MetadataExtractor,0,2.2.0,HIGH,CWE-400 -CVE-2019-15151,2021-03-29T20:48:45Z,"Double Free in Adplug",adplug,0,2.3.3,CRITICAL,CWE-415 -CVE-2019-16929,2019-10-24T20:56:12Z,"Improper Authentication in Auth0.AuthenticationApi",Auth0.AuthenticationApi,5.8.0,6.5.4,HIGH,CWE-287 -CVE-2019-20627,2022-05-24T17:12:10Z,"AutoUpdater.NET allows XXE",Autoupdater.NET.Official,0,1.5.8,CRITICAL,CWE-611 -CVE-2019-20921,2021-05-07T16:47:54Z,"Cross-site scripting in bootstrap-select",bootstrap-select,0,1.13.6,MODERATE,CWE-79 -CVE-2019-5428,2019-04-23T15:59:10Z,"Duplicate Advisory: Prototype Pollution in jquery",jquery,0,3.4.0,MODERATE, -CVE-2019-7644,2019-04-18T14:28:03Z,"Critical severity vulnerability that affects Auth0-WCF-Service-JWT",Auth0-WCF-Service-JWT,0,1.0.4,CRITICAL,CWE-209 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",Bootstrap.Less,3.0.0,3.4.1,MODERATE,CWE-79 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",bootstrap,3.0.0,3.4.1,MODERATE,CWE-79 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",bootstrap,4.0.0,4.3.1,MODERATE,CWE-79 -CVE-2019-8331,2019-02-22T20:54:47Z,"Bootstrap Vulnerable to Cross-Site Scripting",bootstrap.sass,0,4.3.1,MODERATE,CWE-79 -CVE-2019-9648,2022-05-14T00:52:11Z,"CoreFTP Directory Traversal",CoreFtp,0,,MODERATE,CWE-22 -CVE-2019-9845,2019-07-05T21:11:13Z,"MadsKristensen.AspNetCore.Miniblog subject to Improper Input Validation","MadsKristensen.AspNetCore.Miniblog",0,,CRITICAL,CWE-20 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core","Microsoft.AspNetCore.Http.Connections",1.0.0,1.0.15,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.All,2.1.0,2.1.15,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.App,2.1.0,2.1.15,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.App,3.0.0,3.0.1,MODERATE,CWE-400 -CVE-2020-0602,2022-05-24T17:06:16Z,"Denial of service in ASP.NET Core",Microsoft.AspNetCore.App,3.1.0,3.1.1,MODERATE,CWE-400 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core","Microsoft.AspNetCore.Http.Connections",1.0.0,1.0.15,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core",Microsoft.AspNetCore.All,2.1.0,2.1.15,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core",Microsoft.AspNetCore.App,2.1.0,2.1.15,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core",Microsoft.AspNetCore.App,3.0.0,3.0.1,HIGH,CWE-119 -CVE-2020-0603,2022-05-24T17:06:16Z,"Remote code execution in ASP.NET Core",Microsoft.AspNetCore.App,3.1.0,3.1.1,HIGH,CWE-119 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Ref",3.0.1,3.0.2,HIGH,CWE-20 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Ref",3.1.0,3.1.1,HIGH,CWE-20 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Runtime.win-x64",3.0.0,3.0.2,HIGH,CWE-20 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Runtime.win-x64",3.1.0,3.1.11,HIGH,CWE-20 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Runtime.win-x86",3.0.0,3.0.2,HIGH,CWE-20 -CVE-2020-0606,2022-05-24T17:06:16Z,"Remote code execution in Microsoft.WindowsDesktop.App.Ref","Microsoft.WindowsDesktop.App.Runtime.win-x86",3.1.0,3.1.11,HIGH,CWE-20 -CVE-2020-0710,2022-05-24T17:08:29Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.16,HIGH,CWE-119;CWE-787 -CVE-2020-0711,2022-05-24T17:08:29Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.16,HIGH,CWE-119;CWE-787 -CVE-2020-0712,2022-05-24T17:08:29Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.16,HIGH,CWE-119;CWE-787 -CVE-2020-0713,2022-05-24T17:08:29Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.16,HIGH,CWE-119;CWE-787 -CVE-2020-0767,2022-05-24T17:08:34Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.16,HIGH,CWE-119 -CVE-2020-0768,2021-08-02T17:26:23Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0811,2022-05-24T17:10:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-119 -CVE-2020-0812,2022-05-24T17:10:58Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-119 -CVE-2020-0813,2022-05-24T22:28:59Z,"ChakraCore information disclosure vulnerability",Microsoft.ChakraCore,0,1.11.17,HIGH, -CVE-2020-0823,2021-07-28T18:57:11Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0825,2021-07-28T18:57:02Z," Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0826,2021-07-28T18:58:03Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0827,2021-07-28T18:56:52Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0828,2021-07-28T18:58:22Z,"Out-of-bounds Write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0829,2021-07-28T18:57:39Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0830,2021-07-28T18:57:47Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0831,2021-07-28T18:58:14Z,"Out-of-bounds Write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0832,2021-07-28T18:57:27Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0833,2021-07-28T18:57:55Z," Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0848,2021-07-28T18:57:19Z,"Out-of-bounds write in ChakraCore",Microsoft.ChakraCore,0,1.11.17,HIGH,CWE-787 -CVE-2020-0969,2022-05-24T17:14:32Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.18,HIGH,CWE-119;CWE-787 -CVE-2020-0970,2022-05-24T17:14:32Z,"ChakraCore Remote Code Execution Vulnerability",Microsoft.ChakraCore,0,1.11.18,HIGH,CWE-787 -CVE-2020-1037,2022-05-24T17:18:23Z,"ChakraCore Remote Code Execution Vulnerability",Microsoft.ChakraCore,0,1.11.19,HIGH,CWE-787 -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.5,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.8,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure","Microsoft.AspNetCore.Http",0,2.1.22,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure",Microsoft.AspNetCore.App,0,2.1.22,HIGH, -CVE-2020-1045,2022-05-24T17:27:57Z,"Cookie parsing failure",Microsoft.Owin,0,4.1.1,HIGH, -CVE-2020-1057,2021-08-02T17:28:53Z,"Remote code execution in ChakraCore",Microsoft.ChakraCore,0,1.11.22,HIGH,CWE-119;CWE-787 -CVE-2020-1065,2022-05-24T17:18:25Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.19,HIGH,CWE-119;CWE-787 -CVE-2020-1073,2022-05-24T17:19:47Z,"ChakraCore RCE Vulnerability",Microsoft.ChakraCore,0,1.11.20,HIGH,CWE-119;CWE-787 -CVE-2020-11005,2020-04-14T23:09:13Z,"Internal NCryptDecrypt method could be used externally from WindowsHello library.","HaemmerElectronics.SeppPenner.WindowsHello",0,1.0.4,MODERATE,CWE-288 -CVE-2020-11022,2020-04-29T22:18:55Z,"Potential XSS vulnerability in jQuery",jquery,1.2.0,3.5.0,MODERATE,CWE-79 -CVE-2020-11023,2020-04-29T22:19:14Z,"Potential XSS vulnerability in jQuery",jQuery,1.0.3,3.5.0,MODERATE,CWE-79 -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.rhel.6-x64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",3.1.0,3.1.4,HIGH, -CVE-2020-1108,2022-05-24T17:18:28Z,".NET Core & .NET Framework Denial of Service Vulnerability",Microsoft.NETCore.App,2.1.0,2.1.18,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.rhel.6-x64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",3.1.0,3.1.6,HIGH, -CVE-2020-1147,2022-05-24T17:22:57Z,".NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability",Microsoft.NETCore.App,2.1.0,2.1.20,HIGH, -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1161,2022-05-24T17:18:32Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.4,HIGH,CWE-20 -CVE-2020-1172,2021-08-02T17:29:01Z,"Remote code execution in ChakraCore",Microsoft.ChakraCore,0,1.11.22,HIGH,CWE-787 -CVE-2020-1180,2021-08-02T17:29:09Z,"Remote code execution in ChakraCore",Microsoft.ChakraCore,0,1.11.22,HIGH,CWE-787 -CVE-2020-1469,2022-04-08T18:11:51Z,"Infinite loop in .Net Bond",Bond.Core.CSharp,3.0.0,9.0.1,HIGH,CWE-434;CWE-835 -CVE-2020-15522,2021-08-13T15:22:31Z,"Timing based private key exposure in Bouncy Castle",BouncyCastle,0,1.8.7,MODERATE,CWE-203;CWE-362 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.7,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability",Microsoft.AspNetCore.All,2.1.0,2.1.21,HIGH,CWE-20 -CVE-2020-1597,2022-05-24T17:26:01Z,"ASP.NET Core Denial of Service Vulnerability",Microsoft.AspNetCore.App,2.1.0,2.1.21,HIGH,CWE-20 -CVE-2020-15999,2020-10-27T19:47:38Z,"Heap buffer overflow in CefSharp",CefSharp.Common,0,85.3.130,MODERATE,CWE-119;CWE-787 -CVE-2020-15999,2020-10-27T19:47:38Z,"Heap buffer overflow in CefSharp",CefSharp.WinForms,0,85.3.130,MODERATE,CWE-119;CWE-787 -CVE-2020-15999,2020-10-27T19:47:38Z,"Heap buffer overflow in CefSharp",CefSharp.Wpf,0,85.3.130,MODERATE,CWE-119;CWE-787 -CVE-2020-15999,2020-10-27T19:47:38Z,"Heap buffer overflow in CefSharp",CefSharp.Wpf.HwndHost,0,85.3.130,MODERATE,CWE-119;CWE-787 -CVE-2020-16009,2020-12-02T18:28:47Z,"Inappropriate implementation in V8",CefSharp.Common,0,86.0.241,HIGH,CWE-787 -CVE-2020-16009,2020-12-02T18:28:47Z,"Inappropriate implementation in V8",CefSharp.WinForms,0,86.0.241,HIGH,CWE-787 -CVE-2020-16009,2020-12-02T18:28:47Z,"Inappropriate implementation in V8",CefSharp.Wpf,0,86.0.241,HIGH,CWE-787 -CVE-2020-16009,2020-12-02T18:28:47Z,"Inappropriate implementation in V8",CefSharp.Wpf.HwndHost,0,86.0.241,HIGH,CWE-787 -CVE-2020-16013,2020-11-27T20:12:55Z,"Inappropriate implementation in V8 in CefSharp",CefSharp.Common,0,86.0.241,HIGH,CWE-119;CWE-787 -CVE-2020-16013,2020-11-27T20:12:55Z,"Inappropriate implementation in V8 in CefSharp",CefSharp.WinForms,0,86.0.241,HIGH,CWE-119;CWE-787 -CVE-2020-16013,2020-11-27T20:12:55Z,"Inappropriate implementation in V8 in CefSharp",CefSharp.Wpf,0,86.0.241,HIGH,CWE-119;CWE-787 -CVE-2020-16013,2020-11-27T20:12:55Z,"Inappropriate implementation in V8 in CefSharp",CefSharp.Wpf.HwndHost,0,86.0.241,HIGH,CWE-119;CWE-787 -CVE-2020-16017,2020-11-27T20:13:05Z,"Use after free in CefSharp",CefSharp.Common,0,86.0.241,HIGH,CWE-416 -CVE-2020-16017,2020-11-27T20:13:05Z,"Use after free in CefSharp",CefSharp.WinForms,0,86.0.241,HIGH,CWE-416 -CVE-2020-16017,2020-11-27T20:13:05Z,"Use after free in CefSharp",CefSharp.Wpf,0,86.0.241,HIGH,CWE-416 -CVE-2020-16017,2020-11-27T20:13:05Z,"Use after free in CefSharp",CefSharp.Wpf.HwndHost,0,86.0.241,HIGH,CWE-416 -CVE-2020-17048,2021-08-02T17:26:11Z,"Out-of-bounds Write in ChakraCore",Microsoft.ChakraCore,0,1.11.23,HIGH,CWE-787 -CVE-2020-17054,2021-08-02T17:25:58Z,"Out-of-bounds Write in ChakraCore",Microsoft.ChakraCore,0,1.11.23,HIGH,CWE-787 -CVE-2020-17131,2021-04-13T15:54:40Z,"Out-of-bounds Write in Chakra",Microsoft.ChakraCore,0,1.11.24,HIGH,CWE-787 -CVE-2020-20136,2022-05-24T17:36:17Z,"QuantConnect Lean vulnerable to insecure deserialization",QuantConnect.Common,2.3.0.0,,CRITICAL,CWE-502 -CVE-2020-23064,2023-06-26T21:30:58Z,"Duplicate Advisory: jQuery Cross Site Scripting vulnerability",jQuery,1.0.3,3.5.0,MODERATE,CWE-79 -CVE-2020-26293,2021-01-04T18:22:11Z,"XSS in HtmlSanitizer",HtmlSanitizer,0,5.0.372,LOW,CWE-74;CWE-79 -CVE-2020-27998,2021-08-02T17:28:16Z,"Missing Authorization in FastReport",FastReport.OpenSource,0,2020.4.0,CRITICAL,CWE-862 -CVE-2020-28042,2021-01-13T19:13:11Z,"Signature validation bypass in ServiceStack",ServiceStack,0,5.9.2,MODERATE,CWE-347 -CVE-2020-29454,2021-04-13T15:48:05Z,"Incorrect permission enforcement in UmbracoCms",UmbracoCms,0,8.10.0,MODERATE,CWE-732 -CVE-2020-29457,2021-11-19T20:19:53Z,"Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.365.10,MODERATE,CWE-295 -CVE-2020-36620,2022-12-21T21:30:15Z,"EnumStringValues vulnerable to Uncontrolled Resource Consumption",EnumStringValues,0,4.0.2,LOW,CWE-400;CWE-404 -CVE-2020-5186,2022-05-24T17:09:33Z,"DNN XSS Vulnerability",DotNetNuke.Core,0,,MODERATE,CWE-79 -CVE-2020-5187,2022-05-24T17:09:34Z,"DNN Path Traversal via Zip Slip",DotNetNuke.Core,0,9.5.0,HIGH,CWE-22 -CVE-2020-5188,2022-05-24T17:09:34Z,"DNN File Upload Vulnerability",DotNetNuke.Core,0,,MODERATE,CWE-434 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack","MessagePack.ImmutableCollection",0,1.9.11,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack","MessagePack.ImmutableCollection",2.0.0,2.1.90,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack","MessagePack.ReactiveProperty",0,1.9.11,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack","MessagePack.ReactiveProperty",2.0.0,2.1.90,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack,0,1.9.11,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack,2.0.0,2.1.90,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack.Unity,0,1.9.11,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack.Unity,2.0.0,2.1.90,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack.UnityShims,0,1.9.11,MODERATE,CWE-121 -CVE-2020-5234,2020-01-31T17:59:20Z,"Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack",MessagePack.UnityShims,2.0.0,2.1.90,MODERATE,CWE-121 -CVE-2020-5261,2020-03-25T16:52:49Z,"Missing Token Replay Detection in Saml2 Authentication services for ASP.NET",Sustainsys.Saml2,2.0.0,2.5.0,HIGH,CWE-294 -CVE-2020-5268,2020-04-22T20:59:37Z,"Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET",Sustainsys.Saml2,0,1.0.2,MODERATE,CWE-303 -CVE-2020-5268,2020-04-22T20:59:37Z,"Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET",Sustainsys.Saml2,2.0.0,2.7.0,MODERATE,CWE-303 -CVE-2020-5809,2022-05-24T17:37:51Z,"Umbraco CMS vulnerable to stored XSS",UmbracoCms.Core,0,,MODERATE,CWE-79 -CVE-2020-5811,2021-04-13T15:51:33Z,"Authenticated path traversal in Umbraco CMS",UmbracoCms,0,8.9.2,MODERATE,CWE-22 -CVE-2020-7210,2022-05-24T17:07:13Z,"Umbraco CMS vulnerable to CSRF",UmbracoCMS.Core,0,8.5.0,MODERATE,CWE-352 -CVE-2020-7656,2020-05-20T16:18:01Z,"Cross-Site Scripting in jquery",jQuery,1.2.1,1.9.0,MODERATE,CWE-79 -CVE-2020-7685,2020-07-29T17:29:51Z,"Insecure defaults in UmbracoForms",UmbracoForms,0,,HIGH,CWE-1188 -CVE-2020-7791,2020-12-14T19:50:22Z,"Denial of Service in i18n",i18n,0,2.1.15,HIGH,CWE-20;CWE-400 -CVE-2020-8867,2021-08-02T17:35:42Z,"Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard","OPCFoundation.NetStandard.Opc.Ua",0,1.4.359.31,MODERATE,CWE-367;CWE-613 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.browser-wasm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-arm",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.linux-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.osx-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.osx-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.osx-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.win-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.Mono.win-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.browser-wasm",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-arm",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-x64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.osx-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.osx-x64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.osx-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.osx-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x64",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x64",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x86",3.0.0,3.1.23,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x86",5.0.0,5.0.15,MODERATE,CWE-120 -CVE-2020-8927,2022-05-24T17:28:21Z,"Integer overflow in the bundled Brotli C library","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.3,MODERATE,CWE-120 -CVE-2020-9471,2022-05-24T17:11:40Z,"Umbraco CMS Authenticated File Upload",UmbracoCMS.Core,0,,HIGH,CWE-434 -CVE-2020-9472,2021-08-02T17:38:56Z,"Unrestricted Upload of File with Dangerous Type in Umbraco CMS",UmbracoCms,0,8.5.4,MODERATE,CWE-434 -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.linux-arm",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.linux-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.linux-musl-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.linux-musl-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.linux-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.osx-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.rhel.6-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.win-arm",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.win-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.win-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Host.win-x86",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.linux-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.linux-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.Mono.osx-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.android-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.android-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.android-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.android-x86",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.browser-wasm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.ios-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.ios-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.ios-x86",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-arm",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-musl-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-musl-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.linux-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.osx-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.osx-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.rhel.6-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.tvos-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.tvos-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-arm",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-arm",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-arm64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-arm64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-x64",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-x64",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-x86",3.1.0,3.1.12,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core","Microsoft.NETCore.App.Runtime.win-x86",5.0.0,5.0.3,MODERATE, -CVE-2021-1721,2022-05-24T17:43:10Z,"Denial of service in .NET core",Microsoft.NETCore.App,2.1.0,2.1.25,MODERATE, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.1,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.11,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.2,HIGH, -CVE-2021-1723,2022-05-24T17:38:51Z,"ASP.NET Core and Visual Studio Denial of Service Vulnerability","Microsoft.AspNetCore.Server.Kestrel.Core",0,2.1.25,HIGH, -CVE-2021-20331,2022-05-24T19:02:24Z,"MongoDB C# Driver Risk of Exposing Authentication Data via Command Listener",mongodb.driver,2.11.0,2.12.2,MODERATE,CWE-200 -CVE-2021-21252,2021-01-13T18:21:54Z,"Regular Expression Denial of Service in jquery-validation",jQuery.Validation,0,1.19.3,HIGH,CWE-400 -CVE-2021-22143,2023-11-22T03:30:19Z,"Exposure of Sensitive Information in Elastic APM .NET Agent",Elastic.Apm,0,1.10.0,LOW,CWE-200;CWE-532 -CVE-2021-22570,2022-01-27T00:01:15Z,"NULL Pointer Dereference in Protocol Buffers",Google.Protobuf,0,3.15.0,HIGH,CWE-476 -CVE-2021-23407,2021-08-02T17:30:27Z,"Path Traversal in elFinder.Net.Core",elFinder.Net.Core,0,1.2.4,HIGH,CWE-22 -CVE-2021-23415,2021-08-09T20:42:13Z,"Directory Traversal in elFinder.AspNet",elFinder.AspNet,0,1.1.1,HIGH,CWE-22 -CVE-2021-23427,2021-09-02T22:05:17Z,"Imporoper path validation in elFinder.NetCore",elFinder.NetCore,0,,CRITICAL,CWE-20 -CVE-2021-23428,2021-09-02T22:05:26Z,"Path traversal in elFinder.NetCore",elFinder.NetCore,0,,HIGH,CWE-20;CWE-22 -CVE-2021-23440,2021-09-13T20:09:36Z,"Prototype Pollution in set-value",set-value-nuget,0,2.0.0,HIGH,CWE-1321;CWE-843 -CVE-2021-23758,2021-12-16T15:27:55Z,"Remote Code Execution in AjaxNetProfessional",AjaxNetProfessional,0,21.11.29.1,CRITICAL,CWE-502 -CVE-2021-24112,2022-05-24T17:43:19Z,".NET Core Remote Code Execution Vulnerability",System.Drawing.Common,4.0.0,4.7.2,CRITICAL, -CVE-2021-24112,2022-05-24T17:43:19Z,".NET Core Remote Code Execution Vulnerability",System.Drawing.Common,5.0.0,5.0.3,CRITICAL, -CVE-2021-25976,2021-11-17T23:42:40Z,"Cross-Site Request Forgery in PiranhaCMS",Piranha,4.0.0-alpha1,10.0-alpha1,HIGH,CWE-352 -CVE-2021-25977,2021-10-27T18:53:03Z,"Cross-site Scripting in PiranhaCMS",Piranha,7.0.0,9.2.0,MODERATE,CWE-79 -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.Mono.osx-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.rhel.6-x64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",5.0.0,5.0.9,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",3.1.0,3.1.18,HIGH, -CVE-2021-26423,2022-10-25T17:33:12Z,".NET Core Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",5.0.0,5.0.9,HIGH, -CVE-2021-26701,2021-04-21T19:38:01Z,".NET Core Remote Code Execution Vulnerability","System.Text.Encodings.Web",4.0.0,4.5.1,CRITICAL, -CVE-2021-26701,2021-04-21T19:38:01Z,".NET Core Remote Code Execution Vulnerability","System.Text.Encodings.Web",4.6.0,4.7.2,CRITICAL, -CVE-2021-26701,2021-04-21T19:38:01Z,".NET Core Remote Code Execution Vulnerability","System.Text.Encodings.Web",5.0.0,5.0.1,CRITICAL, -CVE-2021-27293,2021-07-14T19:10:01Z,"Incorrect Regular Expression in RestSharp",RestSharp,0,106.11.8-alpha.0.13,HIGH,CWE-185;CWE-697 -CVE-2021-29508,2021-05-19T23:02:38Z,"Insecure deserialization in Wire",Wire,0,,CRITICAL,CWE-502 -CVE-2021-31819,2021-09-23T23:17:07Z,"Remote Code Execution in Halibut",Halibut,0,4.4.7,CRITICAL,CWE-502 -CVE-2021-31957,2021-10-06T00:23:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.NETCore.App.Ref",0,3.1.16,HIGH, -CVE-2021-31957,2021-10-06T00:23:01Z,"ASP.NET Core Denial of Service Vulnerability","Microsoft.NETCore.App.Ref",5.0.0,5.0.7,HIGH, -CVE-2021-32840,2022-02-01T16:22:50Z,"Path Traversal in SharpZipLib",SharpZipLib,0,1.3.3,HIGH,CWE-22 -CVE-2021-32841,2022-02-01T16:22:57Z,"Path Traversal in SharpZipLib",SharpZipLib,1.3.0,1.3.3,MODERATE,CWE-22 -CVE-2021-32842,2022-02-01T16:23:00Z,"Path Traversal in SharpZipLib",SharpZipLib,1.0.0,1.3.3,MODERATE,CWE-22 -CVE-2021-33318,2022-05-17T00:00:35Z,"Improper Input Validation in IpMatcher",IpMatcher,0,1.0.4.2,CRITICAL,CWE-20;CWE-704 -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.Mono.osx-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.rhel.6-x64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",3.1.0,3.1.18,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",5.0.0,5.0.9,MODERATE, -CVE-2021-34485,2022-10-20T21:34:09Z,".NET Core Information Disclosure Vulnerability",Microsoft.NETCore.App,2.1.0,2.1.29,MODERATE, -CVE-2021-34532,2021-08-25T14:45:28Z,"ASP.NET Core Information Disclosure Vulnerability","Microsoft.AspNetCore.Authentication.JwtBearer",2.1.0,2.1.29,MODERATE, -CVE-2021-34532,2021-08-25T14:45:28Z,"ASP.NET Core Information Disclosure Vulnerability","Microsoft.AspNetCore.Authentication.JwtBearer",3.0.0,3.1.18,MODERATE, -CVE-2021-34532,2021-08-25T14:45:28Z,"ASP.NET Core Information Disclosure Vulnerability","Microsoft.AspNetCore.Authentication.JwtBearer",5.0.0,5.0.9,MODERATE, -CVE-2021-39208,2021-09-20T19:53:42Z,"Partial path traversal in sharpcompress",SharpCompress,0,0.29,MODERATE,CWE-22 -CVE-2021-41182,2021-10-26T14:55:02Z,"XSS in the `altField` option of the Datepicker widget in jquery-ui",jQuery.UI.Combined,0,1.13.0,MODERATE,CWE-79 -CVE-2021-41183,2021-10-26T14:55:21Z,"XSS in `*Text` options of the Datepicker widget in jquery-ui",jQuery.UI.Combined,0,1.13.0,MODERATE,CWE-79 -CVE-2021-41184,2021-10-26T14:55:12Z,"XSS in the `of` option of the `.position()` util in jquery-ui",jQuery.UI.Combined,0,1.13.0,MODERATE,CWE-79 -CVE-2021-41238,2021-11-03T17:30:59Z,"Missing Authorization with Default Settings in Dashboard UI",Hangfire.Core,1.7.25,1.7.26,HIGH,CWE-862 -CVE-2021-41355,2021-10-12T17:49:25Z,"Credential Disclosure in System.DirectoryServices.Protocols","System.DirectoryServices.Protocols",0,5.0.1,MODERATE,CWE-200 -CVE-2021-42279,2022-05-24T19:20:22Z,"Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption",Microsoft.ChakraCore,0,,HIGH,CWE-787 -CVE-2021-4248,2022-12-18T12:30:20Z,"DNS NuGet package uses insufficiently random values",DNS,0,7.0.0,CRITICAL,CWE-330 -CVE-2021-42655,2022-05-25T00:00:37Z,"SQL injection in SiteServer CMS",SSCMS,0,,HIGH,CWE-89 -CVE-2021-42656,2022-05-25T00:00:37Z,"Cross site scripting in SiteServer CMS",SSCMS,0,,MODERATE,CWE-79 -CVE-2021-43045,2022-01-08T00:39:20Z,"Allocation of Resources Without Limits or Throttling in Apache Avro",Apache.Avro,0,1.11.0,HIGH,CWE-770 -CVE-2021-43569,2021-11-10T20:58:03Z,"Improper Verification of Cryptographic Signature in starkbank-ecdsa",starkbank-ecdsa,0,1.3.2,CRITICAL,CWE-347 -CVE-2021-43853,2022-01-06T18:32:24Z,"AjaxNetProfessional deserializes arbitrary JavaScript objects",AjaxNetProfessional,0,21.12.22.1,HIGH,CWE-502;CWE-79 -CVE-2021-44150,2021-11-29T18:09:08Z,"Use of Sha-1 in tusdotnet",tusdotnet,0,,LOW,CWE-327 -CVE-2021-46703,2022-03-07T00:00:41Z,"Code injection in RazorEngine",RazorEngine,0,,MODERATE, -CVE-2022-0159,2022-01-21T23:57:49Z,"orchardcore is vulnerable to Cross-site Scripting",OrchardCore,0,1.2.1,MODERATE,CWE-79 -CVE-2022-0274,2022-01-21T23:08:50Z,"Cross-site Scripting OrchardCore.Application.Cms.Targets","OrchardCore.Application.Cms.Targets",0,1.2.2,MODERATE,CWE-79 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation","CefSharp.OffScreen.NETCore",0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation","CefSharp.WinForms.NETCore",0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.Common,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.Common.NETCore,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.OffScreen,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.WinForms,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.Wpf,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.Wpf.HwndHost,0,98.1.210,HIGH,CWE-416 -CVE-2022-0609,2022-02-22T21:51:19Z,"Use after free in Animation",CefSharp.Wpf.NETCore,0,98.1.210,HIGH,CWE-416 -CVE-2022-0749,2022-03-18T00:01:10Z,"Deserialization of Untrusted Data in SinGooCMS.Utility",SinGooCMS.Utility,0,,CRITICAL,CWE-502 -CVE-2022-21167,2022-05-03T00:00:46Z,"Code Injection in Masuit.Tools.Core",Masuit.Tools.Core,0,,HIGH,CWE-94 -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.2,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.14,HIGH, -CVE-2022-21986,2022-10-21T20:29:04Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.2,HIGH, -CVE-2022-22690,2022-01-21T23:34:24Z,"Umbraco ApplicationURL Overwrite",Umbraco.Cms.Core,0,9.2.0,HIGH,CWE-444 -CVE-2022-22691,2022-01-21T23:34:27Z,"Umbraco Persistent Password Reset Poison",Umbraco.Cms.Core,0,9.2.0,HIGH,CWE-444;CWE-640 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.1,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-23267,2022-10-21T20:50:24Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-23395,2022-03-03T00:00:51Z,"Prototype Pollution in jquery.cookie",jquery.cookie,0,,MODERATE,CWE-1321 -CVE-2022-23494,2022-12-08T23:30:01Z,"Cross-site scripting vulnerability in TinyMCE alerts",TinyMCE,0,5.10.7,MODERATE,CWE-79 -CVE-2022-23494,2022-12-08T23:30:01Z,"Cross-site scripting vulnerability in TinyMCE alerts",TinyMCE,6.0.0,6.3.1,MODERATE,CWE-79 -CVE-2022-23535,2023-02-24T16:22:50Z,"LiteDB may deserialize bad JSON on object type using _type",LiteDB,0,5.0.13,CRITICAL,CWE-502 -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.5,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.3,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.0.0,3.1.23,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.15,HIGH, -CVE-2022-24464,2022-10-21T20:32:34Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.3,HIGH, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.browser-wasm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.linux-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.osx-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.osx-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.osx-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.win-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.Mono.win-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.3,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",3.0.0,3.1.23,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",5.0.0,5.0.15,MODERATE, -CVE-2022-24512,2022-10-18T21:46:08Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.3,MODERATE, -CVE-2022-24785,2022-04-04T21:25:48Z,"Path Traversal: 'dir/../../filename' in moment.locale",Moment.js,0,2.29.2,HIGH,CWE-22;CWE-27 -CVE-2022-24789,2022-03-30T00:00:31Z,"Server side request forgery in C1 CMS",C1CMS.Assemblies,0,6.12.8122.18346,HIGH,CWE-918 -CVE-2022-24849,2022-04-22T20:39:47Z,"Exposure of Sensitive Information to an Unauthorized Actor in DisCatSharp",DisCatSharp,9.8.5,9.9.1,MODERATE,CWE-200 -CVE-2022-26907,2022-04-16T00:00:28Z,"Azure SDK for .NET Information Disclosure Vulnerability.","Microsoft.Rest.ClientRuntime",0,2.3.24,MODERATE,CWE-532 -CVE-2022-26924,2022-04-22T20:23:44Z,"YARP Denial of Service Vulnerability",Yarp.ReverseProxy,0,1.0.1,HIGH, -CVE-2022-26924,2022-04-22T20:23:44Z,"YARP Denial of Service Vulnerability",Yarp.ReverseProxy,1.1.0-rc.1.22152.1,1.1.0-rc.1.22211.2,HIGH, -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.0.0,3.1.25,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.17,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.5,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability","Microsoft.Owin.Security.Cookies",0,4.2.2,HIGH,CWE-400 -CVE-2022-29117,2022-08-30T19:32:29Z," .NET Denial of Service Vulnerability",Microsoft.Owin,0,4.2.2,HIGH,CWE-400 -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.5,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.0.0,3.1.25,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,5.0.17,HIGH, -CVE-2022-29145,2022-08-30T19:35:52Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.5,HIGH, -CVE-2022-2922,2022-10-01T00:00:25Z,"DNN vulnerable to Relative Path Traversal",DotNetNuke.Core,0,9.11.0,MODERATE,CWE-22;CWE-23 -CVE-2022-2922,2022-10-01T00:00:25Z,"DNN vulnerable to Relative Path Traversal",DotNetNuke.Web,0,9.11.0,MODERATE,CWE-22;CWE-23 -CVE-2022-29245,2022-06-01T19:50:15Z,"Weak private key generation in SSH.NET",SSH.NET,0,2020.0.2,MODERATE,CWE-330;CWE-338 -CVE-2022-29362,2022-05-26T00:01:31Z,"Cross-site Scripting in ZKEACMS",ZKEACMS.Publisher,0,,MODERATE,CWE-79 -CVE-2022-29862,2022-06-17T21:44:01Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.368.58,HIGH,CWE-835 -CVE-2022-29863,2022-06-17T21:45:15Z,"Memory Allocation with Excessive Size Value in OPCFoundation.NetStandard.Opc.Ua.Core","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.368.58,HIGH,CWE-789 -CVE-2022-29864,2022-06-17T21:44:58Z,"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.368.58,HIGH,CWE-400 -CVE-2022-29865,2022-06-17T21:44:39Z,"Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.368.58,HIGH,CWE-287 -CVE-2022-29866,2022-06-17T21:44:23Z,"Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.368.58,HIGH,CWE-400 -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,3.5.0,4.9.5,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,5.0.0,5.2.1,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,5.10.0,5.11.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,5.3.0,5.7.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,5.8.0,5.9.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,6.0.0,6.0.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine,6.1.0,6.2.1,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,3.5.0,4.9.5,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,5.0.0,5.2.1,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,5.10.0,5.11.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,5.3.0,5.7.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,5.8.0,5.9.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,6.0.0,6.0.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.CommandLine.XPlat,6.1.0,6.2.1,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,3.5.0,4.9.5,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,5.0.0,5.2.1,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,5.10.0,5.11.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,5.3.0,5.7.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,5.8.0,5.9.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,6.0.0,6.0.2,MODERATE, -CVE-2022-30184,2022-06-14T21:57:52Z,"Potential leak of NuGet.org API key",NuGet.Commands,6.1.0,6.2.1,MODERATE, -CVE-2022-30187,2022-07-13T00:00:39Z,"Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library",Azure.Storage.Blobs,0,12.13.0,MODERATE,CWE-668 -CVE-2022-30187,2022-07-13T00:00:39Z,"Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library",Azure.Storage.Queues,0,12.11.0,MODERATE,CWE-668 -CVE-2022-31129,2022-07-06T18:38:49Z,"Moment.js vulnerable to Inefficient Regular Expression Complexity",Moment.js,2.18.0,2.29.4,HIGH,CWE-1333;CWE-400 -CVE-2022-31160,2022-07-18T17:07:36Z,"jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label",jQuery.UI.Combined,0,1.13.2,MODERATE,CWE-79 -CVE-2022-32173,2022-10-04T00:00:20Z,"OrchardCore vulnerable to HTML injection",OrchardCore,1.0.0-rc1-11259,1.4.0,MODERATE,CWE-79 -CVE-2022-33916,2022-08-24T00:00:32Z,"Exposure of Sensitive Information in OPCFoundation.NetStandard.Opc.Ua.Server","OPCFoundation.NetStandard.Opc.Ua.Server",0,1.4.370.9,MODERATE,CWE-200 -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.28,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.8,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","System.Security.Cryptography.Xml",0,4.7.1,MODERATE, -CVE-2022-34716,2024-02-03T00:47:54Z,".NET Information Disclosure Vulnerability","System.Security.Cryptography.Xml",5.0.0,6.0.1,MODERATE, -CVE-2022-35540,2022-08-19T00:00:16Z,"Use of Hard-coded Credentials in AgileConfig.Client",AgileConfig.Client,0,1.6.8,CRITICAL,CWE-798 -CVE-2022-35909,2022-08-20T00:00:39Z,"Incorrect Access Control and Cross Site Scripting in Jellyfin",Jellyfin.Common,0,10.8.0,HIGH,CWE-79 -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",5.0.0,6.0.9,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.29,HIGH, -CVE-2022-38013,2022-09-15T03:25:36Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",5.0.0,6.0.9,HIGH, -CVE-2022-39256,2022-09-30T04:54:06Z,"Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.",CompositeC1.Core,0,6.13,CRITICAL,CWE-502 -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,4.6.0,4.9.6,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,5.0.0,5.7.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,5.10.0,5.11.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,5.8.0,5.9.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,6.0.0,6.0.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,6.1.0,6.2.2,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.CommandLine,6.3.0,6.3.1,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,4.6.0,4.9.6,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,5.0.0,5.7.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,5.10.0,5.11.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,5.8.0,5.9.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,6.0.0,6.0.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,6.1.0,6.2.2,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Commands,6.3.0,6.3.1,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,4.6.0,4.9.6,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,5.0.0,5.7.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,5.10.0,5.11.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,5.8.0,5.9.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,6.0.0,6.0.3,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,6.1.0,6.2.2,HIGH, -CVE-2022-41032,2022-10-11T20:48:52Z,"NuGet Elevation of Privilege Vulnerability",NuGet.Protocol,6.3.0,6.3.1,HIGH, -CVE-2022-41064,2022-11-08T23:00:22Z,".NET Information Disclosure Vulnerability",Microsoft.Data.SqlClient,0,1.1.4,MODERATE, -CVE-2022-41064,2022-11-08T23:00:22Z,".NET Information Disclosure Vulnerability",Microsoft.Data.SqlClient,2.0.0,2.1.2,MODERATE, -CVE-2022-41064,2022-11-08T23:00:22Z,".NET Information Disclosure Vulnerability",System.Data.SqlClient,0,4.8.5,MODERATE, -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",6.0.0,6.0.12,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",7.0.0,7.0.1,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",3.1.0,3.1.32,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",6.0.0,6.0.12,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",7.0.0,7.0.1,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",3.1.0,3.1.32,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",6.0.0,6.0.12,HIGH,CWE-94 -CVE-2022-41089,2022-12-14T21:42:00Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",7.0.0,7.0.1,HIGH,CWE-94 -CVE-2022-41954,2022-11-28T22:09:09Z,"Temporary File Information Disclosure vulnerability in MPXJ",net.sf.mpxj,0,10.14.1,LOW,CWE-200;CWE-668 -CVE-2022-41954,2022-11-28T22:09:09Z,"Temporary File Information Disclosure vulnerability in MPXJ",net.sf.mpxj-for-csharp,0,10.14.1,LOW,CWE-200;CWE-668 -CVE-2022-41954,2022-11-28T22:09:09Z,"Temporary File Information Disclosure vulnerability in MPXJ",net.sf.mpxj-for-vb,0,10.14.1,LOW,CWE-200;CWE-668 -CVE-2022-48282,2023-02-21T21:30:18Z,"MongoDB .NET/C# Driver vulnerable to Deserialization of Untrusted Data",MongoDB.Driver,0,2.19.0,HIGH,CWE-502 -CVE-2023-0493,2023-01-27T00:30:18Z,"Withdrawn Advisory: HTML injections in BTCPayServer",BTCPayServer.Client,0,1.7.5,HIGH,CWE-74;CWE-76 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21538,2023-01-10T22:43:38Z,".NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.13,HIGH,CWE-502 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-arm",6.0.0,6.0.14,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-arm",7.0.0,7.0.3,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-arm64",6.0.0,6.0.14,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-arm64",7.0.0,7.0.3,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-x64",6.0.0,6.0.14,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-x64",7.0.0,7.0.3,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-x86",6.0.0,6.0.14,HIGH,CWE-416 -CVE-2023-21808,2023-02-14T22:00:54Z,".NET Remote Code Execution Vulnerability ","Microsoft.NetCore.App.Runtime.win-x86",7.0.0,7.0.3,HIGH,CWE-416 -CVE-2023-21893,2023-01-18T00:30:16Z,"Component takeover in Oracle Data Provider for .NET","Oracle.ManagedDataAccess.Core",2.19.0,2.19.180,HIGH,CWE-284 -CVE-2023-21893,2023-01-18T00:30:16Z,"Component takeover in Oracle Data Provider for .NET","Oracle.ManagedDataAccess.Core",3.21.0,3.21.90,HIGH,CWE-284 -CVE-2023-21893,2023-01-18T00:30:16Z,"Component takeover in Oracle Data Provider for .NET",Oracle.ManagedDataAccess,19.0.0,19.18.0,HIGH,CWE-284 -CVE-2023-21893,2023-01-18T00:30:16Z,"Component takeover in Oracle Data Provider for .NET",Oracle.ManagedDataAccess,21.0.0,21.9.0,HIGH,CWE-284 -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",6.0.0,6.0.18,HIGH, -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",7.0.0,7.0.7,HIGH, -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",6.0.0,6.0.18,HIGH, -CVE-2023-24895,2023-06-14T17:02:24Z,".NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",7.0.0,7.0.7,HIGH, -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",6.0.0,6.0.18,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",7.0.0,7.0.7,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",6.0.0,6.0.18,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",6.0.0,6.0.18,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",7.0.0,7.0.7,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",6.0.0,6.0.18,HIGH,CWE-122 -CVE-2023-24897,2023-06-14T17:01:16Z,".NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",7.0.0,7.0.7,HIGH,CWE-122 -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.7,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.18,HIGH, -CVE-2023-24936,2023-06-14T17:04:29Z,".NET Elevation of Privilege Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.7,HIGH, -CVE-2023-26154,2023-12-06T06:30:20Z,"pubnub Insufficient Entropy vulnerability",Pubnub,0,6.19.0,MODERATE,CWE-331 -CVE-2023-27321,2023-05-05T02:19:39Z,"Uncontrolled Resource Consumption in OPC UA .NET Standard Reference Server","OPCFoundation.NetStandard.Opc.Ua.Server",0,1.4.371.86,HIGH,CWE-400 -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-arm",6.0.0,6.0.16,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-arm",7.0.0,7.0.5,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",6.0.0,6.0.16,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",7.0.0,7.0.5,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-x64",6.0.0,6.0.16,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-x64",7.0.0,7.0.5,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-x86",6.0.0,6.0.16,HIGH, -CVE-2023-28260,2023-04-11T22:02:15Z,".NET Remote Code Execution vulnerability","Microsoft.NetCore.App.Runtime.win-x86",7.0.0,7.0.5,HIGH, -CVE-2023-2862,2023-05-24T12:30:17Z,"SSCMS vulnerable to Cross Site Scripting",SSCMS,0,,MODERATE,CWE-79 -CVE-2023-28638,2023-03-27T22:23:43Z,"Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer",Snappier,1.1.0,1.1.1,HIGH,CWE-119 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-arm",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-arm",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.18,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.7,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.Windows.Compatibility",6.0.0,6.0.6,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","Microsoft.Windows.Compatibility",7.0.0,7.0.3,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","System.Security.Cryptography.Pkcs",6.0.0,6.0.3,HIGH,CWE-400 -CVE-2023-29331,2023-06-14T17:08:54Z,".NET Denial of Service vulnerability","System.Security.Cryptography.Pkcs",7.0.0,7.0.2,HIGH,CWE-400 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,4.6.0,5.11.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.0.0,6.0.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.2.0,6.2.4,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.3.0,6.3.3,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.4.0,6.4.2,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.5.0,6.5.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.CommandLine,6.6.0,6.6.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,4.6.0,5.11.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.0.0,6.0.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.2.0,6.2.4,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.3.0,6.3.3,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.4.0,6.4.2,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.5.0,6.5.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Commands,6.6.0,6.6.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,4.6.0,5.11.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.0.0,6.0.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.2.0,6.2.4,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.3.0,6.3.3,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.4.0,6.4.2,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.5.0,6.5.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Common,6.6.0,6.6.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,4.6.0,5.11.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.0.0,6.0.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.2.0,6.2.4,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.3.0,6.3.3,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.4.0,6.4.2,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.5.0,6.5.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.PackageManagement,6.6.0,6.6.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,4.7.0,5.11.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.0.0,6.0.5,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.2.0,6.2.4,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.3.0,6.3.3,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.4.0,6.4.2,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.5.0,6.5.1,HIGH,CWE-367 -CVE-2023-29337,2023-06-14T16:44:21Z,"NuGet Client Remote Code Execution Vulnerability",NuGet.Protocol,6.6.0,6.6.1,HIGH,CWE-367 -CVE-2023-30626,2023-04-24T22:39:03Z,"Directory traversal + file write causing arbitrary code execution",Jellyfin.Controller,10.8.0,10.8.10,HIGH,CWE-22 -CVE-2023-31048,2023-05-05T02:19:11Z,"Exposure of Sensitive Information in OPC UA .NET Standard Reference Server","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.4.371.86,MODERATE,CWE-200;CWE-209 -CVE-2023-31048,2023-05-05T02:19:11Z,"Exposure of Sensitive Information in OPC UA .NET Standard Reference Server","OPCFoundation.NetStandard.Opc.Ua.Server",0,1.4.371.86,MODERATE,CWE-200;CWE-209 -CVE-2023-31285,2023-04-27T03:30:23Z,"Cross Site Scripting (XSS) in Serenity",Serenity.Net.Core,0,6.7.0,MODERATE,CWE-79 -CVE-2023-31285,2023-04-27T03:30:23Z,"Cross Site Scripting (XSS) in Serenity",Serenity.Net.Services,0,6.7.0,MODERATE,CWE-79 -CVE-2023-31286,2023-04-27T03:30:23Z,"User account enumeration in Serenity",Serenity.Net.Core,0,6.7.0,MODERATE,CWE-209 -CVE-2023-31286,2023-04-27T03:30:23Z,"User account enumeration in Serenity",Serenity.Net.Web,0,6.7.0,MODERATE,CWE-209 -CVE-2023-31287,2023-04-27T03:30:23Z,"Insufficient token expiration in Serenity",Serenity.Net.Core,0,6.7.0,HIGH,CWE-640 -CVE-2023-31287,2023-04-27T03:30:23Z,"Insufficient token expiration in Serenity",Serenity.Net.Web,0,6.7.0,HIGH,CWE-640 -CVE-2023-32571,2023-06-22T21:30:49Z,"Dynamic Linq vulnerable to remote code execution",System.Linq.Dynamic.Core,1.0.7.10,1.3.0,CRITICAL,CWE-697 -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",6.0.0,6.0.18,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",7.0.0,7.0.7,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",6.0.0,6.0.18,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",6.0.0,6.0.18,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",7.0.0,7.0.7,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",6.0.0,6.0.18,HIGH, -CVE-2023-33126,2023-06-14T17:18:10Z,"Microsoft Security Advisory CVE-2023-33126: .NET Remote Code Execution Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",7.0.0,7.0.7,HIGH, -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",6.0.0,6.0.20,HIGH,CWE-1220 -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",7.0.0,7.0.9,HIGH,CWE-1220 -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",6.0.0,6.0.20,HIGH,CWE-1220 -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",7.0.0,7.0.9,HIGH,CWE-1220 -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",6.0.0,6.0.20,HIGH,CWE-1220 -CVE-2023-33127,2023-07-11T22:45:28Z,"Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",7.0.0,7.0.9,HIGH,CWE-1220 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33128,2023-06-14T17:17:02Z,".NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.7,HIGH,CWE-416 -CVE-2023-33141,2023-06-23T21:37:26Z,"YARP Denial of Service Vulnerability",Yarp.ReverseProxy,0,1.1.2,HIGH,CWE-400 -CVE-2023-33141,2023-06-23T21:37:26Z,"YARP Denial of Service Vulnerability",Yarp.ReverseProxy,2.0.0,2.0.1,HIGH,CWE-400 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNet.Identity.Owin",0,2.2.4,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",0,6.0.20,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",7.0.0,7.0.9,HIGH,CWE-362 -CVE-2023-33170,2023-07-11T22:45:20Z," Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.Identity",0,2.1.39,HIGH,CWE-362 -CVE-2023-34230,2023-06-09T22:40:23Z,"Snowflake Connector .Net Command Injection",Snowflake.Data,0,2.0.18,HIGH,CWE-77 -CVE-2023-35390,2023-08-09T13:15:38Z,".NET Remote Code Execution Vulnerability","Microsoft.NET.Build.Containers",0,7.0.307,HIGH,CWE-77 -CVE-2023-35391,2023-08-11T20:54:45Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.SignalR.Redis",0,1.0.40,HIGH,CWE-200 -CVE-2023-35391,2023-08-11T20:54:45Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.SignalR.StackExchangeRedis",6.0.0,6.0.21,HIGH,CWE-200 -CVE-2023-35391,2023-08-11T20:54:45Z,".NET Information Disclosure Vulnerability","Microsoft.AspNetCore.SignalR.StackExchangeRedis",7.0.0,7.0.10,HIGH,CWE-200 -CVE-2023-36049,2023-11-14T20:39:33Z,"Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability",System.Net.Requests,6.0.0,6.0.25,HIGH,CWE-20 -CVE-2023-36049,2023-11-14T20:39:33Z,"Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability",System.Net.Requests,7.0.0,7.0.14,HIGH,CWE-20 -CVE-2023-36049,2023-11-14T20:39:33Z,"Microsoft Security Advisory CVE-2023-36049: .NET Elevation of Privilege Vulnerability",System.Net.Requests,8.0.0-rc.2.23480.2,8.0.0,HIGH,CWE-20 -CVE-2023-36414,2023-10-10T18:31:33Z,"Azure Identity SDK Remote Code Execution Vulnerability",Azure.Identity,0,1.10.2,HIGH,CWE-77 -CVE-2023-36435,2023-10-10T22:23:28Z,"MsQuic Remote Denial of Service Vulnerability","Microsoft.Native.Quic.MsQuic.OpenSSL",0,2.2.3,HIGH,CWE-400;CWE-401 -CVE-2023-36435,2023-10-10T22:23:28Z,"MsQuic Remote Denial of Service Vulnerability","Microsoft.Native.Quic.MsQuic.Schannel",0,2.2.3,HIGH,CWE-400;CWE-401 -CVE-2023-36558,2023-11-14T20:36:55Z,"Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.Components",6.0.0,6.0.25,MODERATE, -CVE-2023-36558,2023-11-14T20:36:55Z,"Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.Components",7.0.0,7.0.14,MODERATE, -CVE-2023-36558,2023-11-14T20:36:55Z,"Microsoft Security Advisory CVE-2023-36558: .NET Security Feature Bypass Vulnerability","Microsoft.AspNetCore.Components",8.0.0-rc.2.23480.2,8.0.0,MODERATE, -CVE-2023-36566,2023-10-10T18:31:33Z,"Microsoft Common Data Model SDK Denial of Service Vulnerability","Microsoft.CommonDataModel.ObjectModel",0,1.7.4,MODERATE,CWE-20 -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.22,HIGH, -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.11,HIGH, -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.22,HIGH, -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.11,HIGH, -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.22,HIGH, -CVE-2023-36792,2023-09-12T20:51:36Z," Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.11,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.22,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.11,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.22,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.11,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.22,HIGH, -CVE-2023-36793,2023-09-12T20:15:59Z,"Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.11,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.22,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.11,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.22,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.11,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.22,HIGH, -CVE-2023-36794,2023-09-12T20:26:05Z,"Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.11,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",6.0.0,6.0.22,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.11,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",6.0.0,6.0.22,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.11,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",6.0.0,6.0.22,HIGH, -CVE-2023-36796,2023-09-12T20:05:18Z,"Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.11,HIGH, -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",6.0.0,6.0.22,MODERATE,CWE-400 -CVE-2023-36799,2023-09-12T19:57:06Z,"Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0,7.0.11,MODERATE,CWE-400 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Infrastructure",11.0.0,11.4.2,HIGH,CWE-284 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Infrastructure",12.0.0,12.0.1,HIGH,CWE-284 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Infrastructure",9.0.0,10.6.1,HIGH,CWE-284 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Web.BackOffice",11.0.0,11.4.2,HIGH,CWE-284 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Web.BackOffice",12.0.0,12.0.1,HIGH,CWE-284 -CVE-2023-37267,2023-07-13T17:02:07Z,"Umbraco allows possible Admin-level access to backoffice without Auth under rare conditions","Umbraco.Cms.Web.BackOffice",9.0.0,10.6.1,HIGH,CWE-284 -CVE-2023-38171,2023-10-10T21:23:27Z,"Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel","Microsoft.Native.Quic.MsQuic.OpenSSL",0,2.2.3,HIGH,CWE-400;CWE-476 -CVE-2023-38171,2023-10-10T21:23:27Z,"Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel","Microsoft.Native.Quic.MsQuic.Schannel",0,2.2.3,HIGH,CWE-400;CWE-476 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38178,2023-08-09T13:04:54Z,".NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",7.0.0,7.0.10,HIGH,CWE-400 -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.21,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",7.0.0,7.0.10,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.21,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",7.0.0,7.0.10,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.21,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",7.0.0,7.0.10,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv",0,2.1.40,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv",6.0.0,6.0.21,HIGH, -CVE-2023-38180,2023-08-09T12:56:43Z,".NET Denial of Service Vulnerability","Microsoft.AspNetCore.Server.Kestrel.Transport.Sockets",0,2.1.40,HIGH, -CVE-2023-38694,2023-12-13T13:17:37Z,"Possible injection of HTML into user invite mails",Umbraco.CMS,11.0.0,12.1.0,LOW,CWE-79 -CVE-2023-38694,2023-12-13T13:17:37Z,"Possible injection of HTML into user invite mails",Umbraco.CMS,8.0.0,8.18.10,LOW,CWE-79 -CVE-2023-38694,2023-12-13T13:17:37Z,"Possible injection of HTML into user invite mails",Umbraco.CMS,9.0.0,10.7.0,LOW,CWE-79 -CVE-2023-41890,2023-09-20T23:01:52Z,"Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation",Kentor.AuthServices,0,,HIGH,CWE-289;CWE-294 -CVE-2023-41890,2023-09-20T23:01:52Z,"Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation",Sustainsys.Saml2,0,1.0.3,HIGH,CWE-289;CWE-294 -CVE-2023-41890,2023-09-20T23:01:52Z,"Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation",Sustainsys.Saml2,2.0.0,2.9.2,HIGH,CWE-289;CWE-294 -CVE-2023-44390,2023-10-04T18:52:35Z,"HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content",HtmlSanitizer,0,8.0.723,MODERATE,CWE-79 -CVE-2023-44390,2023-10-04T18:52:35Z,"HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content",HtmlSanitizer,8.1.0-beta,8.1.722-beta,MODERATE,CWE-79 -CVE-2023-45814,2023-10-19T16:11:59Z,"Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free",Bunkum,4.0.0,4.2.1,MODERATE,CWE-772 -CVE-2023-45818,2023-10-19T16:36:29Z,"TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",TinyMCE,0,5.10.8,MODERATE,CWE-79 -CVE-2023-45818,2023-10-19T16:36:29Z,"TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin",TinyMCE,6.0.0,6.7.1,MODERATE,CWE-79 -CVE-2023-45819,2023-10-19T16:42:57Z,"TinyMCE XSS vulnerability in notificationManager.open API",TinyMCE,0,5.10.8,MODERATE,CWE-79 -CVE-2023-45819,2023-10-19T16:42:57Z,"TinyMCE XSS vulnerability in notificationManager.open API",TinyMCE,6.0.0,6.7.1,MODERATE,CWE-79 -CVE-2023-48219,2023-11-15T18:32:34Z,"TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",TinyMCE,0,5.10.9,MODERATE,CWE-79 -CVE-2023-48219,2023-11-15T18:32:34Z,"TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes",TinyMCE,6.0.0,6.7.3,MODERATE,CWE-79 -CVE-2023-48227,2023-12-13T13:21:51Z,"Backoffice User can bypass ""Publish"" restriction",Umbraco.CMS,11.0.0,12.3.0,LOW,CWE-863 -CVE-2023-48227,2023-12-13T13:21:51Z,"Backoffice User can bypass ""Publish"" restriction",Umbraco.CMS,8.0.0,8.18.10,LOW,CWE-863 -CVE-2023-48227,2023-12-13T13:21:51Z,"Backoffice User can bypass ""Publish"" restriction",Umbraco.CMS,9.0.0,10.8.0,LOW,CWE-863 -CVE-2023-48313,2023-12-13T13:24:06Z,"DOM-XSS on Backoffice login screen.",Umbraco.CMS,10.0.0,10.8.1,MODERATE,CWE-79 -CVE-2023-48313,2023-12-13T13:24:06Z,"DOM-XSS on Backoffice login screen.",Umbraco.CMS,11.0.0,12.3.4,MODERATE,CWE-79 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable","magick.net-q16-hdri-anycpu",0,13.3.0,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",SkiaSharp,2.0.0,2.88.6,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",magick.net-q16-anycpu,0,13.3.0,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",magick.net-q16-x64,0,13.3.0,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",magick.net-q8-anycpu,0,13.3.0,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",magick.net-q8-openmp-x64,0,13.3.0,HIGH,CWE-787 -CVE-2023-4863,2023-09-12T15:30:20Z,"libwebp: OOB write in BuildHuffmanTable",magick.net-q8-x64,0,13.3.0,HIGH,CWE-787 -CVE-2023-49089,2023-12-13T13:24:53Z,"Using the directory back payload (“/../”) in a package name allows placement of package in other folders.",Umbraco.CMS,11.0.0,12.3.4,LOW,CWE-22 -CVE-2023-49089,2023-12-13T13:24:53Z,"Using the directory back payload (“/../”) in a package name allows placement of package in other folders.",Umbraco.CMS,8.0.0,8.18.10,LOW,CWE-22 -CVE-2023-49089,2023-12-13T13:24:53Z,"Using the directory back payload (“/../”) in a package name allows placement of package in other folders.",Umbraco.CMS,9.0.0,10.8.1,LOW,CWE-22 -CVE-2023-49273,2023-12-13T13:25:38Z,"Privilege Escalation using Spoofing",Umbraco.CMS,11.0.0,12.3.4,MODERATE,CWE-863 -CVE-2023-49273,2023-12-13T13:25:38Z,"Privilege Escalation using Spoofing",Umbraco.CMS,8.0.0,8.18.10,MODERATE,CWE-863 -CVE-2023-49273,2023-12-13T13:25:38Z,"Privilege Escalation using Spoofing",Umbraco.CMS,9.0.0,10.8.1,MODERATE,CWE-863 -CVE-2023-49274,2023-12-13T13:26:34Z,"SMTP misconfiguration leading to ""Forgot Password"" exploit that leaks registered user email. ",Umbraco.CMS,11.0.0,12.3.4,LOW,CWE-200 -CVE-2023-49274,2023-12-13T13:26:34Z,"SMTP misconfiguration leading to ""Forgot Password"" exploit that leaks registered user email. ",Umbraco.CMS,8.0.0,8.18.10,LOW,CWE-200 -CVE-2023-49274,2023-12-13T13:26:34Z,"SMTP misconfiguration leading to ""Forgot Password"" exploit that leaks registered user email. ",Umbraco.CMS,9.0.0,10.8.1,LOW,CWE-200 -CVE-2023-49278,2023-12-13T13:27:06Z," Brute force exploit can be used to collect valid usernames",Umbraco.CMS,11.0.0,12.3.4,LOW,CWE-200 -CVE-2023-49278,2023-12-13T13:27:06Z," Brute force exploit can be used to collect valid usernames",Umbraco.CMS,8.0.0,8.18.10,LOW,CWE-200 -CVE-2023-49278,2023-12-13T13:27:06Z," Brute force exploit can be used to collect valid usernames",Umbraco.CMS,9.0.0,10.8.1,LOW,CWE-200 -CVE-2023-49279,2023-12-13T13:30:53Z,"Stored XSS via SVG File Upload",Umbraco.CMS,11.0.0,11.5.0,LOW,CWE-79 -CVE-2023-49279,2023-12-13T13:30:53Z,"Stored XSS via SVG File Upload",Umbraco.CMS,12.0.0,12.2.0,LOW,CWE-79 -CVE-2023-49279,2023-12-13T13:30:53Z,"Stored XSS via SVG File Upload",Umbraco.CMS,7.0.0,7.15.11,LOW,CWE-79 -CVE-2023-49279,2023-12-13T13:30:53Z,"Stored XSS via SVG File Upload",Umbraco.CMS,8.0.0,8.18.9,LOW,CWE-79 -CVE-2023-49279,2023-12-13T13:30:53Z,"Stored XSS via SVG File Upload",Umbraco.CMS,9.0.0,10.7.0,LOW,CWE-79 -CVE-2023-49289,2023-12-05T00:06:04Z,"Ajax Pro Cross-site Scripting",AjaxNetProfessional,0,21.12.22.1,MODERATE,CWE-79 -CVE-2023-51652,2024-01-02T16:38:28Z,"OWASP.AntiSamy mXSS when preserving comments",OWASP.AntiSamy,0,1.2.0,MODERATE,CWE-79 -CVE-2023-51662,2023-12-22T19:51:09Z,"Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)",Snowflake.Data,2.0.25,2.1.5,MODERATE,CWE-295 -CVE-2024-0056,2024-01-09T18:30:27Z,"Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass ",Microsoft.Data.SqlClient,0,2.1.7,HIGH,CWE-319 -CVE-2024-0056,2024-01-09T18:30:27Z,"Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass ",Microsoft.Data.SqlClient,3.0.0,3.1.5,HIGH,CWE-319 -CVE-2024-0056,2024-01-09T18:30:27Z,"Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass ",Microsoft.Data.SqlClient,4.0.0,4.0.5,HIGH,CWE-319 -CVE-2024-0056,2024-01-09T18:30:27Z,"Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass ",Microsoft.Data.SqlClient,5.0.0,5.1.3,HIGH,CWE-319 -CVE-2024-0056,2024-01-09T18:30:27Z,"Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass ",System.Data.SqlClient,0,4.8.6,HIGH,CWE-319 -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,4.6.0,5.11.6,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.0.0,6.0.6,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.3.0,6.3.4,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.4.0,6.4.3,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.6.0,6.6.2,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.7.0,6.7.1,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.8.0,6.8.1,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,4.6.0,5.11.6,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.0.0,6.0.6,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.3.0,6.3.4,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.4.0,6.4.3,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.6.0,6.6.2,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.7.0,6.7.1,CRITICAL, -CVE-2024-0057,2024-02-13T21:18:10Z,"NuGet Client Security Feature Bypass Vulnerability ",NuGet.Packaging,6.8.0,6.8.1,CRITICAL, -CVE-2024-10761,2024-11-04T06:30:30Z,"Umbraco CMS Cross-site Scripting vulnerability",Umbraco.Cms.Core,0,,LOW,CWE-707;CWE-79 -CVE-2024-11862,2024-11-27T19:01:01Z,"Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications",Devolutions.XTS.NET,0,2024.11.26,MODERATE,CWE-385 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","Microsoft.IdentityModel.JsonWebTokens",0,5.7.0,MODERATE,CWE-400 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","Microsoft.IdentityModel.JsonWebTokens",6.5.0,6.34.0,MODERATE,CWE-400 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","Microsoft.IdentityModel.JsonWebTokens",7.0.0-preview,7.1.2,MODERATE,CWE-400 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","System.IdentityModel.Tokens.Jwt",0,5.7.0,MODERATE,CWE-400 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","System.IdentityModel.Tokens.Jwt",6.5.0,6.34.0,MODERATE,CWE-400 -CVE-2024-21319,2024-01-09T19:35:02Z,"Microsoft ASP.NET Core project templates vulnerable to denial of service","System.IdentityModel.Tokens.Jwt",7.0.0-preview,7.1.2,MODERATE,CWE-400 -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",8.0.0,8.0.2,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",0,6.0.27,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",7.0.0,7.0.16,CRITICAL, -CVE-2024-21386,2024-02-13T19:49:43Z,"Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",8.0.0,8.0.2,CRITICAL, -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0-preview.1.22076.8,7.0.17,HIGH,CWE-400 -CVE-2024-21392,2024-03-12T20:07:59Z,"Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",8.0.0,8.0.3,HIGH,CWE-400 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",0,6.0.29,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",7.0.0,7.0.18,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-arm64",8.0.0,8.0.4,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",0,6.0.29,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",7.0.0,7.0.18,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x64",8.0.0,8.0.4,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",0,6.0.29,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",7.0.0,7.0.18,HIGH,CWE-416 -CVE-2024-21409,2024-04-17T18:21:57Z,".NET Elevation of Privilege Vulnerability","Microsoft.WindowsDesktop.App.Runtime.win-x86",8.0.0,8.0.4,HIGH,CWE-416 -CVE-2024-21643,2024-01-09T18:25:47Z,"Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability","Microsoft.IdentityModel.Protocols.SignedHttpRequest",0,6.34.0,HIGH,CWE-94 -CVE-2024-21643,2024-01-09T18:25:47Z,"Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability","Microsoft.IdentityModel.Protocols.SignedHttpRequest",7.0.0-preview,7.1.2,HIGH,CWE-94 -CVE-2024-21907,2022-06-22T15:08:47Z,"Improper Handling of Exceptional Conditions in Newtonsoft.Json",Newtonsoft.Json,0,13.0.1,HIGH,CWE-755 -CVE-2024-21908,2021-10-22T16:24:02Z,"Cross-site scripting vulnerability in TinyMCE",TinyMCE,0,5.9.0,MODERATE,CWE-79 -CVE-2024-21909,2022-01-21T23:35:35Z,"Denial of service in CBOR library",PeterO.Cbor,4.0.0,4.5.1,HIGH,CWE-407 -CVE-2024-21910,2021-11-02T15:42:52Z,"Cross-site scripting vulnerability in TinyMCE plugins",TinyMCE,0,5.10.0,MODERATE,CWE-64;CWE-79 -CVE-2024-21911,2021-01-06T19:27:54Z,"Cross-site scripting vulnerability in TinyMCE",TinyMCE,0,5.6.0,MODERATE,CWE-79 -CVE-2024-23838,2024-01-30T20:57:59Z,"TrueLayer.Client SSRF when fetching payment or payment provider",TrueLayer.Client,0,1.6.0,HIGH,CWE-918 -CVE-2024-24810,2024-02-08T18:23:49Z,"WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges",wix,0,3.14.0,HIGH,CWE-426 -CVE-2024-24810,2024-02-08T18:23:49Z,"WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges",wix,4.0.0,4.0.4,HIGH,CWE-426 -CVE-2024-26318,2024-02-19T06:30:33Z,"Cross-site Scripting in Serenity",Serenity.Net.Core,0,6.8.0,MODERATE,CWE-79 -CVE-2024-26470,2024-02-29T03:33:18Z,"FullStackHero's WebAPI Boilerplate host header injection vulnerability","FullStackHero.WebAPI.Boilerplate",1.0.0,,MODERATE,CWE-200 -CVE-2024-27086,2024-04-16T21:41:57Z,"MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service","Microsoft.Identity.Client",4.48.0,4.59.1,LOW,CWE-863;CWE-926 -CVE-2024-27086,2024-04-16T21:41:57Z,"MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service","Microsoft.Identity.Client",4.60.0,4.60.3,LOW,CWE-863;CWE-926 -CVE-2024-27929,2024-03-05T16:26:15Z,"Use After Free in SixLabors.ImageSharp",SixLabors.ImageSharp,0,2.1.7,HIGH,CWE-416 -CVE-2024-27929,2024-03-05T16:26:15Z,"Use After Free in SixLabors.ImageSharp",SixLabors.ImageSharp,3.0.0,3.1.3,HIGH,CWE-416 -CVE-2024-28252,2024-03-15T19:20:17Z,"CoreWCF NetFraming based services can leave connections open when they should be closed",CoreWCF.NetFramingBase,1.4.0,1.4.2,HIGH,CWE-404 -CVE-2024-28252,2024-03-15T19:20:17Z,"CoreWCF NetFraming based services can leave connections open when they should be closed",CoreWCF.NetFramingBase,1.5.0,1.5.2,HIGH,CWE-404 -CVE-2024-28698,2024-07-22T18:31:48Z,"CLSA Directory Traversal vulnerability",Csla,0,5.5.4,CRITICAL,CWE-22 -CVE-2024-28698,2024-07-22T18:31:48Z,"CLSA Directory Traversal vulnerability",Csla,6.0.0,8.0.0,CRITICAL,CWE-22 -CVE-2024-28698,2024-07-22T18:31:48Z,"CLSA Directory Traversal vulnerability",Csla,7.0.0,8.0.0,CRITICAL,CWE-22 -CVE-2024-28868,2024-03-20T17:54:35Z,"Umbraco possible user enumeration ",UmbracoCMS,10.0.0,10.8.5,LOW,CWE-204 -CVE-2024-29035,2024-04-17T18:20:28Z,"Blind SSRF Leads to Port Scan by using Webhooks","Umbraco.Cms.Web.BackOffice",13.0.0,13.1.1,MODERATE,CWE-918 -CVE-2024-29035,2024-04-17T18:20:28Z,"Blind SSRF Leads to Port Scan by using Webhooks",Umbraco.Cms.Core,13.0.0,13.1.1,MODERATE,CWE-918 -CVE-2024-29187,2024-03-25T19:42:32Z,"WiX based installers are vulnerable to binary hijack when run as SYSTEM",WixToolset.Sdk,0,4.0.5,HIGH,CWE-732 -CVE-2024-29187,2024-03-25T19:42:32Z,"WiX based installers are vulnerable to binary hijack when run as SYSTEM",wix,0,3.14.1,HIGH,CWE-732 -CVE-2024-29187,2024-03-25T19:42:32Z,"WiX based installers are vulnerable to binary hijack when run as SYSTEM",wix,4.0.0,4.0.5,HIGH,CWE-732 -CVE-2024-29188,2024-03-25T19:42:17Z,"Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files",WixToolset.Util.wixext,0,4.0.5,HIGH,CWE-59 -CVE-2024-29188,2024-03-25T19:42:17Z,"Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files",wix,0,3.14.1,HIGH,CWE-59 -CVE-2024-29188,2024-03-25T19:42:17Z,"Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files",wix,4.0.0,4.0.5,HIGH,CWE-59 -CVE-2024-29203,2024-03-26T21:23:47Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes",TinyMCE,0,6.8.1,MODERATE,CWE-79 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.","BouncyCastle.Cryptography",0,2.3.1,MODERATE,CWE-125;CWE-400 -CVE-2024-29857,2024-05-14T15:32:54Z,"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.",BouncyCastle,0,,MODERATE,CWE-125;CWE-400 -CVE-2024-29881,2024-03-26T21:23:45Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements",TinyMCE,0,7.0.0,MODERATE,CWE-79 -CVE-2024-29992,2024-04-09T18:30:28Z,"Azure Identity Library for .NET Information Disclosure Vulnerability",Azure.Identity,0,1.11.0,MODERATE,CWE-522 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-arm64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-musl-x64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.linux-x64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-arm64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.osx-x64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-arm64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x64",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",7.0.0,7.0.19,MODERATE,CWE-122 -CVE-2024-30045,2024-05-14T20:30:57Z,"Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability","Microsoft.NETCore.App.Runtime.win-x86",8.0.0,8.0.5,MODERATE,CWE-122 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",7.0.0,7.0.19,MODERATE,CWE-362 -CVE-2024-30046,2024-05-14T20:31:00Z,"Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",8.0.0,8.0.5,MODERATE,CWE-362 -CVE-2024-30054,2024-05-14T18:31:05Z,"Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability","Microsoft.PowerBI.JavaScript",0,,MODERATE,CWE-20 -CVE-2024-30105,2024-07-09T21:14:10Z,"Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability",System.Text.Json,7.0.0,8.0.4,HIGH,CWE-400 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")","BouncyCastle.Cryptography",0,2.3.1,MODERATE,CWE-203 -CVE-2024-30171,2024-05-14T15:32:54Z,"Bouncy Castle affected by timing side-channel for RSA key exchange (""The Marvin Attack"")",BouncyCastle,0,,MODERATE,CWE-203 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop","BouncyCastle.Cryptography",0,2.3.1,MODERATE,CWE-835 -CVE-2024-30172,2024-05-14T15:32:54Z,"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop",BouncyCastle,0,,MODERATE,CWE-835 -CVE-2024-32028,2024-04-12T22:54:09Z,"Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore","OpenTelemetry.Instrumentation.AspNetCore",0,1.8.1,MODERATE,CWE-201;CWE-212 -CVE-2024-32028,2024-04-12T22:54:09Z,"Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore","OpenTelemetry.Instrumentation.Http",0,1.8.1,MODERATE,CWE-201;CWE-212 -CVE-2024-32035,2024-04-15T20:22:54Z,"SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value",SixLabors.ImageSharp,0,2.1.8,MODERATE,CWE-789 -CVE-2024-32035,2024-04-15T20:22:54Z,"SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value",SixLabors.ImageSharp,3.0.0,3.1.4,MODERATE,CWE-789 -CVE-2024-32036,2024-04-15T20:24:06Z,"SixLabors.ImageSharp vulnerable to data leakage",SixLabors.ImageSharp,0,2.1.8,MODERATE,CWE-226 -CVE-2024-32036,2024-04-15T20:24:06Z,"SixLabors.ImageSharp vulnerable to data leakage",SixLabors.ImageSharp,3.0.0,3.1.4,MODERATE,CWE-226 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,0,4.0.14,HIGH,CWE-190;CWE-89 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,4.1.0,4.1.13,HIGH,CWE-190;CWE-89 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,5.0.0,5.0.18,HIGH,CWE-190;CWE-89 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,6.0.0,6.0.11,HIGH,CWE-190;CWE-89 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,7.0.0,7.0.7,HIGH,CWE-190;CWE-89 -CVE-2024-32655,2024-05-09T15:12:49Z,"Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow",Npgsql,8.0.0,8.0.3,HIGH,CWE-190;CWE-89 -CVE-2024-32872,2024-04-24T17:04:34Z,"Umbraco Workflow's Backoffice users can execute arbitrary SQL",Plumber.Workflow,0,10.1.2,MODERATE,CWE-89 -CVE-2024-32872,2024-04-24T17:04:34Z,"Umbraco Workflow's Backoffice users can execute arbitrary SQL",Umbraco.Workflow,0,10.3.9,MODERATE,CWE-89 -CVE-2024-32872,2024-04-24T17:04:34Z,"Umbraco Workflow's Backoffice users can execute arbitrary SQL",Umbraco.Workflow,11.0.0-rc1,12.2.6,MODERATE,CWE-89 -CVE-2024-32872,2024-04-24T17:04:34Z,"Umbraco Workflow's Backoffice users can execute arbitrary SQL",Umbraco.Workflow,13.0.0-rc1,13.0.6,MODERATE,CWE-89 -CVE-2024-33862,2024-07-06T00:31:06Z,"OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.5.374.54,HIGH,CWE-770 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ","Umbraco.Cms.Web.BackOffice",10.5.0,10.8.6,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ","Umbraco.Cms.Web.BackOffice",12.0.0,12.3.10,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ","Umbraco.Cms.Web.BackOffice",13.0.0,13.3.1,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ","Umbraco.Cms.Web.BackOffice",8.18.5,8.18.14,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ",UmbracoCms.Core,10.5.0,10.8.6,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ",UmbracoCms.Core,12.0.0,12.3.10,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ",UmbracoCms.Core,13.0.0,13.3.1,MODERATE,CWE-601 -CVE-2024-34071,2024-05-21T14:29:18Z,"Umbraco CMS Open Redirect Bypass Protection ",UmbracoCms.Core,8.18.5,8.18.14,MODERATE,CWE-601 -CVE-2024-35218,2024-05-21T14:47:24Z,"Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane",UmbracoCms.Core,10.0.0,10.8.4,MODERATE,CWE-79 -CVE-2024-35218,2024-05-21T14:47:24Z,"Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane",UmbracoCms.Core,12.0.0,12.3.7,MODERATE,CWE-79 -CVE-2024-35218,2024-05-21T14:47:24Z,"Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane",UmbracoCms.Core,13.0.0,13.1.1,MODERATE,CWE-79 -CVE-2024-35218,2024-05-21T14:47:24Z,"Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane",UmbracoCms.Core,8.0.0,8.18.13,MODERATE,CWE-79 -CVE-2024-35239,2024-05-28T20:40:31Z,"Umbraco Forms components vulnerable to Stored Cross-site Scripting",Umbraco.Forms,10.0.0,10.5.3,LOW,CWE-79 -CVE-2024-35239,2024-05-28T20:40:31Z,"Umbraco Forms components vulnerable to Stored Cross-site Scripting",Umbraco.Forms,12.0.0,12.2.2,LOW,CWE-79 -CVE-2024-35239,2024-05-28T20:40:31Z,"Umbraco Forms components vulnerable to Stored Cross-site Scripting",Umbraco.Forms,13.0.0,13.0.1,LOW,CWE-79 -CVE-2024-35239,2024-05-28T20:40:31Z,"Umbraco Forms components vulnerable to Stored Cross-site Scripting",Umbraco.Forms,8.0.0,8.13.13,LOW,CWE-79 -CVE-2024-35240,2024-05-28T21:18:04Z,"Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality",Umbraco.Commerce,0,10.0.5,MODERATE,CWE-79 -CVE-2024-35240,2024-05-28T21:18:04Z,"Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality",Umbraco.Commerce,12.0.0,12.1.4,MODERATE,CWE-79 -CVE-2024-35252,2024-06-11T18:30:50Z,"Azure Storage Movement Client Library Denial of Service Vulnerability","Microsoft.Azure.Storage.DataMovement",0,2.0.5,HIGH,CWE-1104 -CVE-2024-35255,2024-06-11T18:30:50Z,"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability","Microsoft.Identity.Client",4.49.1,4.60.4,MODERATE,CWE-362 -CVE-2024-35255,2024-06-11T18:30:50Z,"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability","Microsoft.Identity.Client",4.61.0,4.61.3,MODERATE,CWE-362 -CVE-2024-35255,2024-06-11T18:30:50Z,"Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability",Azure.Identity,0,1.11.4,MODERATE,CWE-362 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-35264,2024-07-09T21:14:23Z,"Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",8.0.0,8.0.7,CRITICAL,CWE-416 -CVE-2024-38081,2024-07-09T21:14:35Z,"Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability",Microsoft.IO.Redist,4.6.0-preview.18571.3,6.0.1,HIGH,CWE-59 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-x64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.linux-x64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.osx-arm64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.osx-arm64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.osx-x64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.osx-x64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",6.0.0,6.0.32,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",8.0.0,8.0.7,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability",System.Formats.Asn1,5.0.0-preview.7.20364.11,6.0.1,HIGH,CWE-20 -CVE-2024-38095,2024-07-09T21:14:53Z,"Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability",System.Formats.Asn1,7.0.0-preview.1.22076.8,8.0.1,HIGH,CWE-20 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-arm64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.linux-x64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.osx-arm64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.osx-x64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.win-arm",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.win-arm64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.win-x64",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38167,2024-08-13T19:26:10Z,"Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability","Microsoft.NetCore.App.Runtime.win-x86",8.0.0,8.0.8,MODERATE,CWE-319 -CVE-2024-38168,2024-08-13T19:27:23Z,"Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",8.0.0,8.0.8,HIGH,CWE-400 -CVE-2024-38168,2024-08-13T19:27:23Z,"Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",8.0.0,8.0.8,HIGH,CWE-400 -CVE-2024-38168,2024-08-13T19:27:23Z,"Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",8.0.0,8.0.8,HIGH,CWE-400 -CVE-2024-38168,2024-08-13T19:27:23Z,"Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",8.0.0,8.0.8,HIGH,CWE-400 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-arm64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",8.0.0,8.0.10,HIGH,CWE-362;CWE-416 -CVE-2024-38229,2024-10-08T17:43:46Z,"Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",9.0.0-preview.1.24081.5,9.0.0-rc.2.24474.3,HIGH,CWE-362;CWE-416 -CVE-2024-38356,2024-06-19T15:07:08Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",TinyMCE,0,5.11.0,MODERATE,CWE-79 -CVE-2024-38356,2024-06-19T15:07:08Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",TinyMCE,6.0.0,6.8.4,MODERATE,CWE-79 -CVE-2024-38356,2024-06-19T15:07:08Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option",TinyMCE,7.0.0,7.2.0,MODERATE,CWE-79 -CVE-2024-38357,2024-06-19T15:07:03Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",TinyMCE,0,5.11.0,MODERATE,CWE-79 -CVE-2024-38357,2024-06-19T15:07:03Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",TinyMCE,6.0.0,6.8.4,MODERATE,CWE-79 -CVE-2024-38357,2024-06-19T15:07:03Z,"TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements",TinyMCE,7.0.0,7.2.0,MODERATE,CWE-79 -CVE-2024-39677,2024-07-08T14:20:33Z,"NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities",NHibernate,0,5.4.9,HIGH,CWE-89 -CVE-2024-39677,2024-07-08T14:20:33Z,"NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities",NHibernate,5.5.0,5.5.2,HIGH,CWE-89 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",Duende.IdentityServer,6.0.0-preview.1,6.0.5,MODERATE,CWE-601 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",Duende.IdentityServer,6.1.0-preview.1,6.1.8,MODERATE,CWE-601 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",Duende.IdentityServer,6.2.0-preview.1,6.2.5,MODERATE,CWE-601 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",Duende.IdentityServer,6.3.0-preview.1,6.3.10,MODERATE,CWE-601 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",Duende.IdentityServer,7.0.0-preview.1,7.0.6,MODERATE,CWE-601 -CVE-2024-39694,2024-07-31T15:28:54Z,"IdentityServer Open Redirect vulnerability",IdentityServer4,0,,MODERATE,CWE-601 -CVE-2024-40636,2024-07-17T16:00:10Z,"Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error","Steeltoe.Discovery.ClientAutofac",0,,LOW,CWE-532 -CVE-2024-40636,2024-07-17T16:00:10Z,"Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error","Steeltoe.Discovery.ClientCore",0,,LOW,CWE-532 -CVE-2024-40636,2024-07-17T16:00:10Z,"Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error","Steeltoe.Discovery.Eureka",0,3.2.8,LOW,CWE-532 -CVE-2024-40636,2024-07-17T16:00:10Z,"Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error","Steeltoe.Discovery.EurekaBase",0,,LOW,CWE-532 -CVE-2024-41131,2024-07-22T17:42:07Z,"SixLabors ImageSharp Out-of-bounds Write",SixLabors.ImageSharp,0,2.1.9,HIGH,CWE-787 -CVE-2024-41131,2024-07-22T17:42:07Z,"SixLabors ImageSharp Out-of-bounds Write",SixLabors.ImageSharp,3.0.0,3.1.5,HIGH,CWE-787 -CVE-2024-41132,2024-07-22T17:42:33Z,"SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder",SixLabors.ImageSharp,0,2.1.9,MODERATE,CWE-770;CWE-789 -CVE-2024-41132,2024-07-22T17:42:33Z,"SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder",SixLabors.ImageSharp,3.0.0,3.1.5,MODERATE,CWE-770;CWE-789 -CVE-2024-41799,2024-07-29T16:44:15Z,"tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users",Tgstation.Server.Api,4.0.0,6.8.0,HIGH,CWE-22 -CVE-2024-41799,2024-07-29T16:44:15Z,"tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users",Tgstation.Server.Host,4.0.0,6.8.0,HIGH,CWE-22 -CVE-2024-43376,2024-08-20T18:25:15Z,"Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information","Umbraco.Cms.Api.Management",14.0.0,14.1.2,MODERATE,CWE-209 -CVE-2024-43377,2024-08-20T18:32:26Z,"Umbraco CMS Improper Access Control vulnerability",Umbraco.Cms,14.0.0,14.1.2,MODERATE,CWE-284 -CVE-2024-43383,2024-10-31T12:30:32Z,"Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability",Lucene.Net.Replicator,4.8.0-beta00005,4.8.0-beta00017,HIGH,CWE-502 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability","Microsoft.Extensions.Caching.Memory",6.0.0-preview.1.21102.12,6.0.2,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability","Microsoft.Extensions.Caching.Memory",8.0.0-preview.1.23110.8,8.0.1,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability","Microsoft.Extensions.Caching.Memory",9.0.0-preview.1.24080.9,9.0.0-rc.2.24473.5,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability","System.Security.Cryptography.Cose",8.0.0-preview.1.23110.8,8.0.1,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability","System.Security.Cryptography.Cose",9.0.0-preview.1.24080.9,9.0.0-rc.2.24473.5,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability",System.IO.Packaging,6.0.0-preview.1.21102.12,6.0.1,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability",System.IO.Packaging,8.0.0-preview.1.23110.8,8.0.1,HIGH,CWE-407 -CVE-2024-43483,2024-10-08T20:24:41Z,"Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability",System.IO.Packaging,9.0.0-preview.1.24080.9,9.0.0-rc.2.24473.5,HIGH,CWE-407 -CVE-2024-43484,2024-10-08T20:24:56Z,"Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability",System.IO.Packaging,6.0.0-preview.1.21102.12,6.0.1,HIGH,CWE-407 -CVE-2024-43484,2024-10-08T20:24:56Z,"Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability",System.IO.Packaging,8.0.0-preview.1.23110.8,8.0.1,HIGH,CWE-407 -CVE-2024-43484,2024-10-08T20:24:56Z,"Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability",System.IO.Packaging,9.0.0-preview.1.24080.9,9.0.0-rc.2.24473.5,HIGH,CWE-407 -CVE-2024-43485,2024-10-08T20:25:19Z,"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability",System.Text.Json,6.0.0,6.0.10,HIGH,CWE-407 -CVE-2024-43485,2024-10-08T20:25:19Z,"Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability",System.Text.Json,8.0.0,8.0.5,HIGH,CWE-407 -CVE-2024-43498,2024-11-12T23:03:15Z,".NET Remote Code Execution Vulnerability",System.Formats.Nrbf,0,9.0.0,CRITICAL, -CVE-2024-43499,2024-11-12T23:01:23Z,".NET Denial of Service Vulnerability",System.Formats.Nrbf,0,9.0.0,LOW, -CVE-2024-44930,2024-08-29T18:31:36Z,"Serilog Client IP Spoofing vulnerability","Serilog.Enrichers.ClientInfo",0,2.1.0,MODERATE,CWE-348;CWE-79 -CVE-2024-45302,2024-08-29T19:30:51Z,"CRLF Injection in RestSharp's `RestRequest.AddHeader` method",RestSharp,107.0.0-preview.1,112.0.0,MODERATE,CWE-113;CWE-74;CWE-93 -CVE-2024-45526,2024-10-18T20:05:28Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua",0,1.5.374.118,MODERATE,CWE-770 -CVE-2024-45526,2024-10-18T20:05:28Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.5.374.118,MODERATE,CWE-770 -CVE-2024-47819,2024-10-22T17:50:08Z,"Umbraco CMS vulnerable to stored Cross-site Scripting in the ""dictionary name"" on Dictionary section",Umbraco.Cms.StaticAssets,14.0.0,14.3.1,MODERATE,CWE-79;CWE-80 -CVE-2024-48510,2024-11-13T15:31:37Z,"DotNetZip Directory Traversal vulnerability",DotNetZip,1.10.1,,HIGH,CWE-22 -CVE-2024-48510,2024-11-13T15:31:37Z,"DotNetZip Directory Traversal vulnerability",ProDotNetZip,0,1.19.0,HIGH,CWE-22 -CVE-2024-48924,2024-10-17T19:30:03Z,"MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow",MessagePack,0,2.5.187,MODERATE,CWE-328 -CVE-2024-48924,2024-10-17T19:30:03Z,"MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow",MessagePack,2.6.95-alpha,3.0.214-rc.1,MODERATE,CWE-328 -CVE-2024-48925,2024-10-22T17:51:26Z,"Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API",Umbraco.CMS,14.0.0,14.3.0,LOW,CWE-284;CWE-863 -CVE-2024-48926,2024-10-22T17:55:01Z,"Umbraco CMS logout page displayed before session expiration",Umbraco.CMS,10.0.0,10.8.7,MODERATE,CWE-613 -CVE-2024-48926,2024-10-22T17:55:01Z,"Umbraco CMS logout page displayed before session expiration",Umbraco.CMS,13.0.0,13.5.2,MODERATE,CWE-613 -CVE-2024-48926,2024-10-22T17:55:01Z,"Umbraco CMS logout page displayed before session expiration",UmbracoCMS,8.0.0,8.18.15,MODERATE,CWE-613 -CVE-2024-48927,2024-10-22T18:12:38Z,"Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice",Umbraco.Cms,10.0.0,10.8.7,MODERATE,CWE-74 -CVE-2024-48927,2024-10-22T18:12:38Z,"Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice",Umbraco.Cms,13.0.0,13.5.2,MODERATE,CWE-74 -CVE-2024-48927,2024-10-22T18:12:38Z,"Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice",UmbracoCms,8.0.0,8.18.15,MODERATE,CWE-74 -CVE-2024-48929,2024-10-22T18:13:47Z,"Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out",Umbraco.CMS,10.0.0,10.8.7,MODERATE,CWE-384 -CVE-2024-48929,2024-10-22T18:13:47Z,"Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out",Umbraco.CMS,13.0.0,13.5.2,MODERATE,CWE-384 -CVE-2024-49755,2024-10-28T19:44:10Z,"Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs ",Duende.IdentityServer,7.0.0,7.0.8,LOW,CWE-287 -CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",MPXJ.Net,13.0.0,13.5.1,MODERATE,CWE-22 -CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",net.sf.mpxj,8.3.5,13.5.1,MODERATE,CWE-22 -CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",net.sf.mpxj-for-csharp,8.3.5,13.5.1,MODERATE,CWE-22 -CVE-2024-49771,2024-10-28T18:30:32Z,"MPXJ has a Potential Path Traversal Vulnerability",net.sf.mpxj-for-vb,8.3.5,13.5.1,MODERATE,CWE-22 -CVE-2024-50353,2024-10-30T14:40:58Z,"ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected","ICG.AspNetCore.Utilities.CloudStorage",0,8.0.0,MODERATE,CWE-284 -CVE-2024-51501,2024-11-04T23:23:17Z,"CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes ",Refit,0,7.2.22,CRITICAL,CWE-93 -CVE-2024-51987,2024-11-07T21:57:52Z,"HTTP Client uses incorrect token after refresh","Duende.AccessTokenManagement.OpenIdConnect",3.0.0,3.0.1,MODERATE,CWE-270 -CVE-2024-6484,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",bootstrap,2.0.0,,MODERATE,CWE-79 -CVE-2024-6484,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",bootstrap.sass,2.0.0,,MODERATE,CWE-79 -CVE-2024-6531,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",bootstrap,4.0.0,5.0.0,MODERATE,CWE-79 -CVE-2024-6531,2024-07-11T18:31:14Z,"Bootstrap Cross-Site Scripting (XSS) vulnerability",bootstrap.sass,4.0.0,5.0.0,MODERATE,CWE-79 -GHSA-259p-rvjx-ffwg,2024-02-08T18:24:21Z,"Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges",PanelSW.Custom.WiX,0,3.15.0-a44,HIGH,CWE-426 -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-arm64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-musl-x64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-x64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.osx-x64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-arm64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x64",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",3.1.0,3.1.28,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","Microsoft.AspNetCore.App.Runtime.win-x86",6.0.0,6.0.8,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","System.Security.Cryptography.Xml",0,4.7.1,MODERATE, -GHSA-2m65-m22p-9wjw,2022-08-10T00:00:18Z,"Duplicate Advisory: .NET Information Disclosure Vulnerability","System.Security.Cryptography.Xml",5.0.0,6.0.1,MODERATE, -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.OpenSSL",0,2.1.12,HIGH,CWE-401 -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.OpenSSL",2.2.0,2.2.7,HIGH,CWE-401 -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.OpenSSL",2.3.0,2.3.5,HIGH,CWE-401 -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.Schannel",0,2.1.12,HIGH,CWE-401 -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.Schannel",2.2.0,2.2.7,HIGH,CWE-401 -GHSA-2x7m-gf85-3745,2024-03-13T17:14:43Z,"Remote Denial of Service Vulnerability in Microsoft QUIC","Microsoft.Native.Quic.MsQuic.Schannel",2.3.0,2.3.5,HIGH,CWE-401 -GHSA-32q7-gv7f-4cg5,2024-02-13T18:38:24Z,"Duplicate Advisory: Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability","Microsoft.AspNetCore.App.Runtime.linux-arm",0,6.0.27,HIGH,CWE-400 -GHSA-3m2r-q8x3-xmf7,2018-10-16T19:59:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv","Microsoft.AspNetCore.Server.Kestrel.Core",2.0.0,2.0.3,MODERATE, -GHSA-3m2r-q8x3-xmf7,2018-10-16T19:59:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv","Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions",2.0.0,2.0.3,MODERATE, -GHSA-3m2r-q8x3-xmf7,2018-10-16T19:59:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv","Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv",2.0.0,2.0.3,MODERATE, -GHSA-3m2r-q8x3-xmf7,2018-10-16T19:59:48Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv",Microsoft.AspNetCore.All,2.0.0,2.0.8,MODERATE, -GHSA-3w9w-9833-gcpv,2023-01-26T19:52:50Z,"Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader",directxtex_desktop_2019,0,2023.1.31.1,MODERATE, -GHSA-3w9w-9833-gcpv,2023-01-26T19:52:50Z,"Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader",directxtex_desktop_win10,0,2023.1.31.1,MODERATE, -GHSA-3w9w-9833-gcpv,2023-01-26T19:52:50Z,"Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader",directxtex_uwp,0,2023.1.31.1,MODERATE, -GHSA-4c29-gfrp-g6x9,2023-10-05T13:22:50Z,"CefSharp affected by libvpx's heap buffer overflow in vp8 encoding",CefSharp.Common,0,117.2.20,HIGH, -GHSA-4c29-gfrp-g6x9,2023-10-05T13:22:50Z,"CefSharp affected by libvpx's heap buffer overflow in vp8 encoding",CefSharp.Common.NETCore,0,117.2.20,HIGH, -GHSA-4vr3-9v7h-5f8v,2019-06-18T15:38:41Z,"Low severity vulnerability that affects Gw2Sharp",Gw2Sharp,0,0.3.1,LOW, -GHSA-55p7-v223-x366,2024-07-31T19:57:33Z,"IdentityServer Open Redirect vulnerability",IdentityServer4,0,,MODERATE,CWE-601 -GHSA-6r78-m64m-qwcf,2023-08-10T19:25:23Z,"Moq v4.20.0-rc to 4.20.1 share hashed user data",moq,4.20.0-rc,4.20.2,LOW, -GHSA-6r7c-6w96-8pvw,2021-12-07T21:21:49Z,"Remote Code Execution in AjaxNetProfessional",AjaxNetProfessional,0,21.11.29.1,CRITICAL,CWE-502 -GHSA-7r36-jf3c-jhp4,2022-05-13T01:50:31Z,"Duplicate Advisory: tgstation-server vulnerable to cached user logins in legacy server",TGServiceInterface,3.2.1.0,3.2.5.0,CRITICAL, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","ImageResizer.Plugins.Imageflow",0,5.0.12,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.osx-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.osx_10_11-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.ubuntu-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.ubuntu-x86_64-haswell",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.ubuntu_16_04-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.ubuntu_18_04-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.ubuntu_18_04-x86_64-haswell",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.win-x86",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeRuntime.win-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.osx-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.osx_10_11-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.ubuntu-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.ubuntu-x86_64-haswell",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.ubuntu_16_04-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.ubuntu_18_04-x86_64",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.ubuntu_18_04-x86_64-haswell",0,,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.win-x86",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.","Imageflow.NativeTool.win-x86_64",0,2.0.0-preview6,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.",Imageflow.AllPlatforms,0,0.10.2,HIGH, -GHSA-7vpr-3ppw-qrpj,2023-09-27T21:16:16Z,"Imageflow affected by libwebp zero-day and should not be used with malicious source images.",Imageflow.Server,0,0.8.2,HIGH, -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","Microsoft.IdentityModel.JsonWebTokens",0,5.7.0,MODERATE,CWE-20 -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","Microsoft.IdentityModel.JsonWebTokens",6.5.0,6.34.0,MODERATE,CWE-20 -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","Microsoft.IdentityModel.JsonWebTokens",7.0.0-preview,7.1.2,MODERATE,CWE-20 -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","System.IdentityModel.Tokens.Jwt",0,5.7.0,MODERATE,CWE-20 -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","System.IdentityModel.Tokens.Jwt",6.5.0,6.34.0,MODERATE,CWE-20 -GHSA-8g9c-28fc-mcx2,2024-01-09T18:28:03Z,"Duplicate Advisory: Microsoft Identity Denial of service vulnerability","System.IdentityModel.Tokens.Jwt",7.0.0-preview,7.1.2,MODERATE,CWE-20 -GHSA-8rfx-6mr3-5jh3,2024-01-03T18:30:51Z,"Duplicate Advisory: Improper Handling of Exceptional Conditions in Newtonsoft.Json",Newtonsoft.Json,0,13.0.1,HIGH,CWE-755 -GHSA-8rxm-6783-qh55,2024-11-12T18:30:58Z,"Duplicate Advisory: .NET and Visual Studio Remote Code Execution Vulnerability",System.Formats.Nrbf,0,9.0.0,CRITICAL,CWE-843 -GHSA-8v28-3g86-chj5,2024-02-08T18:24:35Z,"PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges",PanelSwWix4.Sdk,0,5.0.0-psw-wix.0251-40,HIGH,CWE-426 -GHSA-9qcm-fqj9-93m4,2022-12-13T21:30:26Z,"Duplicate Advisory: .NET Framework Remote Code Execution Vulnerability.","Microsoft.WindowsDesktop.App.Runtime.win-x64",3.1.0,3.1.32,HIGH, -GHSA-9wx7-jrvc-28mm,2021-11-08T21:51:18Z,"Signature verification vulnerability in Stark Bank ecdsa libraries",starkbank-ecdsa,1.3.1,1.3.2,HIGH,CWE-347 -GHSA-cgpw-2gph-2r9g,2018-10-16T19:59:59Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core","Microsoft.AspNetCore.Server.Kestrel.Core",2.0.0,2.0.4,MODERATE, -GHSA-cgpw-2gph-2r9g,2018-10-16T19:59:59Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core","Microsoft.AspNetCore.Server.Kestrel.Core",2.1.0,2.1.2,MODERATE, -GHSA-cgpw-2gph-2r9g,2018-10-16T19:59:59Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core",Microsoft.AspNetCore.All,2.0.0,2.0.9,MODERATE, -GHSA-cgpw-2gph-2r9g,2018-10-16T19:59:59Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core",Microsoft.AspNetCore.All,2.1.0,2.1.2,MODERATE, -GHSA-cgpw-2gph-2r9g,2018-10-16T19:59:59Z,"Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core",Microsoft.AspNetCore.App,2.1.0,2.1.2,MODERATE, -GHSA-cxw4-9qv9-vx5h,2019-09-30T19:42:28Z,"High severity vulnerability that affects PeterO.Cbor",PeterO.Cbor,0,4.0.0,HIGH, -GHSA-g4v6-69p6-q3p4,2024-03-25T19:36:25Z,"WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM ",PanelSwWix4.Sdk,0,5.0.0-psw-wix.0265-49,HIGH, -GHSA-g8q2-24jh-5hpc,2018-07-27T14:47:52Z,"High severity vulnerability that affects jquery-ui",jQuery.UI.Combined,0,1.12.0,HIGH, -GHSA-gmc6-fwg3-75m5,2024-07-11T17:42:20Z,"Mimekit has vulnerable dependency that can lead to denial of service",MimeKit,3.0.0,4.7.1,HIGH,CWE-20 -GHSA-gpv5-rp6w-58r8,2022-11-22T00:13:44Z,"Remote code execution vulnerability in dependency System.Drawing.Common",Akka,0,1.4.46,MODERATE, -GHSA-gpv5-rp6w-58r8,2022-11-22T00:13:44Z,"Remote code execution vulnerability in dependency System.Drawing.Common",Akka,1.5.0-alpha1,1.5.0-alpha3,MODERATE, -GHSA-hf3r-vmrv-7w29,2024-01-03T18:30:51Z,"Duplicate Advisory: Denial of service in CBOR library",PeterO.Cbor,4.0.0,4.5.1,HIGH,CWE-407 -GHSA-j646-gj5p-p45g,2023-09-21T17:11:42Z,"CefSharp affected by heap buffer overflow in WebP",CefSharp.Common,0,116.0.230,CRITICAL, -GHSA-j646-gj5p-p45g,2023-09-21T17:11:42Z,"CefSharp affected by heap buffer overflow in WebP",CefSharp.Common.NETCore,0,116.0.230,CRITICAL, -GHSA-jcmq-5rrv-j2g4,2024-02-02T21:04:47Z,"PowerShell is subject to remote code execution vulnerability",PowerShell,0,7.0.0,HIGH, -GHSA-jw42-5m4v-9c8g,2024-01-09T18:30:27Z,"Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability ",NuGet.CommandLine,6.8.0,6.8.1,CRITICAL,CWE-20 -GHSA-qm9f-c3v9-wphv,2024-10-18T20:04:51Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua",0,1.05.374.54,HIGH,CWE-770 -GHSA-qm9f-c3v9-wphv,2024-10-18T20:04:51Z,"Security Update for the OPC UA .NET Standard Stack","OPCFoundation.NetStandard.Opc.Ua.Core",0,1.05.374.54,HIGH,CWE-770 -GHSA-qrmm-w75w-3wpx,2021-12-09T19:08:38Z,"Server side request forgery in SwaggerUI","Swashbuckle.AspNetCore.SwaggerUI",0,6.3.0,MODERATE,CWE-918 -GHSA-qv8q-v995-72gr,2020-09-09T17:29:38Z,"personnummer/csharp vulnerable to Improper Input Validation",Personnummer,0,3.0.2,LOW, -GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.10.0,4.10.3,HIGH,CWE-287 -GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.6.0,4.6.4,HIGH,CWE-287 -GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.7.0,4.7.3,HIGH,CWE-287 -GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.8.0,4.8.2,HIGH,CWE-287 -GHSA-qxx8-292g-2w66,2021-03-08T15:50:01Z,"Improper Authentication",Microsoft.Bot.Connector,4.9.0,4.9.5,HIGH,CWE-287 -GHSA-vx2x-9cff-fhjw,2022-12-06T21:13:49Z,"DSInternals Credential Roaming Elevation of Privilege Vulnerability",DSInternals.Common,2.21,4.8,MODERATE, -GHSA-w4x6-hh3x-wjrx,2023-12-11T21:47:14Z,"Stale copy of the public suffix list",Gsemac.Net,0,0.38.2,LOW, -GHSA-wmm6-pgp8-29hg,2024-11-12T18:30:58Z,"Duplicate Advisory: .NET and Visual Studio Denial of Service Vulnerability",System.Formats.Nrbf,0,9.0.0,HIGH,CWE-409;CWE-606 -GHSA-wq88-fq4x-h2pm,2024-03-25T19:35:53Z,"WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM",PanelSW.Custom.WiX,0,3.15.0-a46,HIGH, -GHSA-wqcr-xm43-hpqr,2023-10-06T20:46:33Z,"Vulnerable version of libwebp and can be exploited with a malicious source image","ImageResizer.Plugins.FreeImage",0,,HIGH, diff --git a/src/test/advisories/github-reviewed/2023/07/GHSA-2cv5-qvq3-6276/GHSA-2cv5-qvq3-6276.json b/src/test/advisories/github-reviewed/2023/07/GHSA-2cv5-qvq3-6276/GHSA-2cv5-qvq3-6276.json deleted file mode 100644 index ab35f38..0000000 --- a/src/test/advisories/github-reviewed/2023/07/GHSA-2cv5-qvq3-6276/GHSA-2cv5-qvq3-6276.json +++ /dev/null @@ -1,65 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-2cv5-qvq3-6276", - "modified": "2023-07-10T21:43:12Z", - "published": "2023-07-08T09:30:26Z", - "aliases": [ - "CVE-2023-3552" - ], - "summary": "TeamPass vulnerable to Improper Encoding or Escaping of Output", - "details": "TeamPass prior to 3.0.10 is vulnerable to cross-site scripting filter bypass in folder names. This can lead to information disclosure.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N" - } - ], - "affected": [ - { - "package": { - "ecosystem": "Packagist", - "name": "nilsteampassnet/teampass" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "3.0.10" - } - ] - } - ] - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3552" - }, - { - "type": "WEB", - "url": "https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955" - }, - { - "type": "PACKAGE", - "url": "https://github.com/nilsteampassnet/teampass" - }, - { - "type": "WEB", - "url": "https://huntr.dev/bounties/aeb2f43f-0602-4ac6-9685-273e87ff4ded" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-116" - ], - "severity": "HIGH", - "github_reviewed": true, - "github_reviewed_at": "2023-07-10T21:43:12Z", - "nvd_published_at": null - } -} \ No newline at end of file diff --git a/src/test/advisories/github-reviewed/2023/07/GHSA-2gpr-j5vj-wvh2/GHSA-2gpr-j5vj-wvh2.json b/src/test/advisories/github-reviewed/2023/07/GHSA-2gpr-j5vj-wvh2/GHSA-2gpr-j5vj-wvh2.json deleted file mode 100644 index 4030111..0000000 --- a/src/test/advisories/github-reviewed/2023/07/GHSA-2gpr-j5vj-wvh2/GHSA-2gpr-j5vj-wvh2.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "schema_version": "1.4.0", - "id": "GHSA-2gpr-j5vj-wvh2", - "modified": "2023-07-12T15:48:59Z", - "published": "2023-07-05T09:30:20Z", - "aliases": [ - "CVE-2023-34150" - ], - "summary": "Apache Any23 vulnerable to excessive memory usage", - "details": "Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage.", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" - } - ], - "affected": [ - { - "package": { - "ecosystem": "Maven", - "name": "org.apache.any23:apache-any23" - }, - "ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "2.7" - } - ] - } - ] - } - ], - "references": [ - { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34150" - }, - { - "type": "PACKAGE", - "url": "https://github.com/apache/any23" - }, - { - "type": "WEB", - "url": "https://lists.apache.org/thread/713tk23khbtbg940pb2ql8ggd4cvh6j1" - } - ], - "database_specific": { - "cwe_ids": [ - "CWE-20", - "CWE-400" - ], - "severity": "MODERATE", - "github_reviewed": true, - "github_reviewed_at": "2023-07-06T20:37:32Z", - "nvd_published_at": null - } -} \ No newline at end of file diff --git a/src/test/java/org/openrewrite/csharp/dependencies/DependencyInsightTest.java b/src/test/java/org/openrewrite/csharp/dependencies/DependencyInsightTest.java deleted file mode 100644 index 973c789..0000000 --- a/src/test/java/org/openrewrite/csharp/dependencies/DependencyInsightTest.java +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import org.junit.jupiter.api.Test; -import org.openrewrite.DocumentExample; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.openrewrite.xml.Assertions.xml; - -class DependencyInsightTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(new DependencyInsight(null, null)); - } - - @Test - @DocumentExample - void csproj() { - // Taken from - // https://learn.microsoft.com/en-us/aspnet/web-forms/overview/deployment/web-deployment-in-the-enterprise/understanding-the-project-file - // https://learn.microsoft.com/en-us/nuget/consume-packages/package-references-in-project-files - rewriteRun( - xml( - //language=xml - """ - - - - - compile - contentFiles - - - - """, - //language=xml - """ - - - - - compile - contentFiles - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } - - @Test - void packagesConfig() { - // Taken from https://learn.microsoft.com/en-us/nuget/reference/packages-config - rewriteRun( - xml( - //language=xml - """ - - - - - - - - - - - - - """, - //language=xml - """ - - - - - - - - - - - - - """, - spec -> spec.path("packages.config") - ) - ); - } - - @Test - void matchesArtifactId() { - // Taken from https://learn.microsoft.com/en-us/nuget/reference/packages-config - rewriteRun( - spec -> spec.recipe(new DependencyInsight("Microsoft.*", null)), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("packages.config") - ) - ); - } - - @Test - void matchesVersion() { - // Taken from https://learn.microsoft.com/en-us/nuget/reference/packages-config - rewriteRun( - spec -> spec.recipe(new DependencyInsight(null, "2.1.x")), - xml( - //language=xml - """ - - - - - - - """, - //language=xml - """ - - - - - - - """, - spec -> spec.path("packages.config") - ) - ); - } - - @Test - void matchesArtifactIdAndVersion() { - // Taken from https://learn.microsoft.com/en-us/nuget/reference/packages-config - rewriteRun( - spec -> spec.recipe(new DependencyInsight("Microsoft.*", "2.1.x")), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("packages.config") - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheckTest.java b/src/test/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheckTest.java deleted file mode 100644 index fdb0336..0000000 --- a/src/test/java/org/openrewrite/csharp/dependencies/DependencyVulnerabilityCheckTest.java +++ /dev/null @@ -1,208 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import org.junit.jupiter.api.Test; -import org.openrewrite.DocumentExample; -import org.openrewrite.csharp.dependencies.table.VulnerabilityReport; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.openrewrite.xml.Assertions.xml; - -class DependencyVulnerabilityCheckTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(new DependencyVulnerabilityCheck(null)); - } - - @Test - @DocumentExample - void upgradeVulnerableDependency() { - rewriteRun( - xml( - //language=xml - """ - - - - - - - """, - //language=xml - """ - - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MySecond.csproj") - ) - ); - } - - @Test - void addMarkers() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(true)) - .dataTable(VulnerabilityReport.Row.class, rows -> assertThat(rows) - .singleElement() - .extracting(VulnerabilityReport.Row::getCve) - .isEqualTo("CVE-2010-1459")), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } - - @Test - void upgradePackageWithMultipleVulnerablePatchVersions() { - rewriteRun( - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } - - @Test - void vulnerableWithNoFixedVersion() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(true)), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } - - @Test - void notVulnerableOnOlderVersion() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(true)), - xml( - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } - - @Test - void vulnerableOnMinimumVersion() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(true)), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersionTest.java b/src/test/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersionTest.java deleted file mode 100644 index 2b90006..0000000 --- a/src/test/java/org/openrewrite/csharp/dependencies/UpgradeDependencyVersionTest.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies; - -import org.junit.jupiter.api.Test; -import org.openrewrite.DocumentExample; -import org.openrewrite.test.RewriteTest; - -import static org.openrewrite.xml.Assertions.xml; - -class UpgradeDependencyVersionTest implements RewriteTest { - - @Test - @DocumentExample - void packagesConfig() { - rewriteRun( - spec -> spec.recipe(new UpgradeDependencyVersion("Microsoft.*", "2.1.2")), - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("packages.config") - ) - ); - } - - @Test - void csproj() { - rewriteRun( - spec -> spec.recipe(new UpgradeDependencyVersion("Contoso.Utility.SomeOther*", "3.6.2")), - xml( - //language=xml - """ - - - - - - - """, - //language=xml - """ - - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/csharp/dependencies/trait/PackageReferenceTest.java b/src/test/java/org/openrewrite/csharp/dependencies/trait/PackageReferenceTest.java deleted file mode 100644 index 37091bf..0000000 --- a/src/test/java/org/openrewrite/csharp/dependencies/trait/PackageReferenceTest.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.csharp.dependencies.trait; - -import org.junit.jupiter.api.Test; -import org.openrewrite.DocumentExample; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.openrewrite.test.RewriteTest.toRecipe; -import static org.openrewrite.xml.Assertions.xml; - -class PackageReferenceTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(toRecipe(() -> new PackageReference.Matcher().asVisitor(ref -> ref.withVersion("3.6.1")))); - } - - @Test - @DocumentExample - void updateVersion() { - rewriteRun( - xml( - //language=xml - """ - - - - - - """, - //language=xml - """ - - - - - - """, - spec -> spec.path("MyFirst.csproj") - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/java/dependencies/DependencyLicenseCheckTest.java b/src/test/java/org/openrewrite/java/dependencies/DependencyLicenseCheckTest.java deleted file mode 100644 index acfb6c1..0000000 --- a/src/test/java/org/openrewrite/java/dependencies/DependencyLicenseCheckTest.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import org.junit.jupiter.api.Test; -import org.openrewrite.java.dependencies.table.LicenseReport; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.openrewrite.maven.Assertions.pomXml; - -class DependencyLicenseCheckTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(new DependencyLicenseCheck("runtime", true)); - } - - @Test - void maven() { - rewriteRun( - spec -> spec.dataTable(LicenseReport.Row.class, rows -> - assertThat(rows.stream().map(LicenseReport.Row::getLicenseType).distinct()) - .containsExactlyInAnyOrder("Apache2", "Unknown", "PublicDomain")), - //language=xml - pomXml( - """ - - com.mycompany.app - my-app - 1 - - - org.springframework.security - spring-security-core - 4.2.13.RELEASE - - - org.apache.logging.log4j - log4j - 2.13.1 - - - - """ - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java b/src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java deleted file mode 100644 index 99d7ab9..0000000 --- a/src/test/java/org/openrewrite/java/dependencies/DependencyVulnerabilityCheckTest.java +++ /dev/null @@ -1,360 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import org.junit.jupiter.api.Disabled; -import org.junit.jupiter.api.Test; -import org.openrewrite.DocumentExample; -import org.openrewrite.java.dependencies.table.VulnerabilityReport; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.openrewrite.gradle.Assertions.buildGradle; -import static org.openrewrite.gradle.toolingapi.Assertions.withToolingApi; -import static org.openrewrite.maven.Assertions.pomXml; - -@SuppressWarnings("GroovyAssignabilityCheck") -class DependencyVulnerabilityCheckTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(new DependencyVulnerabilityCheck("runtime", true)); - } - - @DocumentExample - @Test - void gradleTransitive() { - rewriteRun( - spec -> spec.beforeRecipe(withToolingApi()) - .recipe(new DependencyVulnerabilityCheck(null, true)), - //language=groovy - buildGradle( - """ - plugins { id 'java' } - repositories { mavenCentral() } - - dependencies { - implementation 'org.openrewrite:rewrite-java:7.0.0' - } - """, - """ - plugins { id 'java' } - repositories { mavenCentral() } - - dependencies { - constraints { - runtimeOnly('io.github.classgraph:classgraph:4.8.112') { - because 'CVE-2021-47621' - } - implementation('com.fasterxml.jackson.core:jackson-databind:2.12.7.1') { - because 'CVE-2020-36518, CVE-2021-46877, CVE-2022-42003, CVE-2022-42004' - } - } - - implementation 'org.openrewrite:rewrite-java:7.0.0' - } - """ - ) - ); - } - - @Test - void milestoneVersion() { - rewriteRun( - spec -> spec.beforeRecipe(withToolingApi()) - .recipe(new DependencyVulnerabilityCheck(null, true)), - //language=groovy - buildGradle( - """ - plugins { id 'java' } - repositories { mavenCentral() } - - dependencies { - implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.0.0-M1' - } - """, - """ - plugins { id 'java' } - repositories { mavenCentral() } - - dependencies { - implementation 'org.apache.tomcat.embed:tomcat-embed-core:10.0.27' - } - """ - ) - ); - } - - @Test - void dependenciesBlockInFreestandingScript() { - rewriteRun( - spec -> spec.beforeRecipe(withToolingApi()), - //language=groovy - buildGradle( - """ - repositories { - mavenLocal() - mavenCentral() - maven { - url = uri("https://oss.sonatype.org/content/repositories/snapshots") - } - } - dependencies { - implementation("org.apache.logging.log4j:log4j:2.13.1") - } - """, - """ - repositories { - mavenLocal() - mavenCentral() - maven { - url = uri("https://oss.sonatype.org/content/repositories/snapshots") - } - } - dependencies { - implementation("org.apache.logging.log4j:log4j:2.13.2") - } - """, - spec -> spec.path("dependencies.gradle") - ), - //language=groovy - buildGradle( - """ - plugins { - id("java") - } - apply from: 'dependencies.gradle' - """ - ) - ); - } - - @Test - void mavenTransitive() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(null, true)), - //language=xml - pomXml( - """ - - com.mycompany.app - my-app - 1 - - - org.openrewrite - rewrite-java - 7.0.0 - - - - """, - """ - - com.mycompany.app - my-app - 1 - - - - com.fasterxml.jackson.core - jackson-databind - 2.12.7.2 - - - - - - org.openrewrite - rewrite-java - 7.0.0 - - - - """ - ) - ); - } - - @Test - void mavenOverrideTransitiveDisabledByDefault() { - rewriteRun( - spec -> spec.recipe(new DependencyVulnerabilityCheck(null, null)), - //language=xml - pomXml( - """ - - com.mycompany.app - my-app - 1 - - - org.openrewrite - rewrite-java - 7.0.0 - - - - """ - ) - ); - } - - @Test - void maven() { - rewriteRun( - spec -> spec - .dataTable(VulnerabilityReport.Row.class, rows -> { - assertThat(rows).isNotEmpty(); - assertThat(rows).filteredOn(VulnerabilityReport.Row::isFixWithVersionUpdateOnly).isNotEmpty(); - assertThat(rows).extracting(VulnerabilityReport.Row::getCWEs).anySatisfy(cwes -> assertThat(cwes).isNotEmpty()); - }), - //language=xml - pomXml( - """ - - com.mycompany.app - my-app - 1 - - - org.springframework.security - spring-security-core - 4.2.13.RELEASE - - - org.apache.logging.log4j - log4j - 2.13.1 - - - - """, - """ - - com.mycompany.app - my-app - 1 - - - org.springframework.security - spring-security-core - 4.2.20.RELEASE - - - org.apache.logging.log4j - log4j - 2.13.3 - - - - """ - ) - ); - } - - @Test - @Disabled("https://github.com/openrewrite/rewrite-java-dependencies/pull/7") - void mavenSnakeyamlMajorMinor() { - rewriteRun( - spec -> spec - .recipe(new DependencyVulnerabilityCheck("compile", false)), - //language=xml - pomXml( - """ - - - 4.0.0 - com.example - openrewrite-playground - 0.0.1-SNAPSHOT - - - org.yaml - snakeyaml - 1.29 - - - - """, - """ - - - 4.0.0 - com.example - openrewrite-playground - 0.0.1-SNAPSHOT - - - org.yaml - snakeyaml - 1.33 - - - - """ - ) - ); - } - - @Test - void mavenJacksonMajorMinorPatch() { - rewriteRun( - spec -> spec - .recipe(new DependencyVulnerabilityCheck("compile", false)), - //language=xml - pomXml( - """ - - - 4.0.0 - com.example - openrewrite-playground - 0.0.1-SNAPSHOT - - - com.fasterxml.jackson.core - jackson-databind - 2.13.0 - - - - """, - """ - - - 4.0.0 - com.example - openrewrite-playground - 0.0.1-SNAPSHOT - - - com.fasterxml.jackson.core - jackson-databind - 2.13.5 - - - - """ - ) - ); - } -} diff --git a/src/test/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterialsTest.java b/src/test/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterialsTest.java deleted file mode 100644 index 72a06e9..0000000 --- a/src/test/java/org/openrewrite/java/dependencies/SoftwareBillOfMaterialsTest.java +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Copyright 2024 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies; - -import org.junit.jupiter.api.Test; -import org.openrewrite.test.RecipeSpec; -import org.openrewrite.test.RewriteTest; - -import static org.openrewrite.gradle.Assertions.buildGradle; -import static org.openrewrite.gradle.Assertions.settingsGradle; -import static org.openrewrite.gradle.toolingapi.Assertions.withToolingApi; -import static org.openrewrite.java.Assertions.mavenProject; -import static org.openrewrite.maven.Assertions.pomXml; -import static org.openrewrite.xml.Assertions.xml; - -@SuppressWarnings("GroovyUnusedAssignment") -class SoftwareBillOfMaterialsTest implements RewriteTest { - - @Override - public void defaults(RecipeSpec spec) { - spec.recipe(new SoftwareBillOfMaterials()); - } - - @Test - void maven() { - rewriteRun( - //language=xml - pomXml(""" - - 4.0.0 - com.mycompany.app - my-app - 1 - - - org.yaml - snakeyaml - 1.27 - - - org.junit.jupiter - junit-jupiter - 5.7.0 - test - - - - """), - xml(null, - //language=xml - """ - - - - - - OpenRewrite by Moderne - OpenRewrite CycloneDX - 8.32.0 - - - - com.mycompany.app - my-app - 1 - pkg:maven/com.mycompany.app/my-app@1 - - - - - org.yaml - snakeyaml - 1.27 - required - - - Apache License, Version 2.0 - - - pkg:maven/org.yaml/snakeyaml@1.27 - - - - - - - """, - spec -> spec.path("sbom.xml")) - ); - } - - - @Test - void gradle() { - // GradlePlugin marker seems to be missing license information - rewriteRun( - spec -> spec.beforeRecipe(withToolingApi()), - mavenProject("root", - settingsGradle("include 'my-app'"), - mavenProject("my-app", - //language=groovy - buildGradle(""" - plugins { - id 'java' - } - repositories { - mavenCentral() - } - group = "com.mycompany.app" - version = "1" - dependencies { - implementation("org.yaml:snakeyaml:1.27") - } - """) - , - xml(null, - //language=xml - """ - - - - - - OpenRewrite by Moderne - OpenRewrite CycloneDX - 8.32.0 - - - - com.mycompany.app - my-app - 1 - pkg:maven/com.mycompany.app/my-app@1 - - - - - org.yaml - snakeyaml - 1.27 - required - - pkg:maven/org.yaml/snakeyaml@1.27 - - - - - - - """, - spec -> spec.path("sbom.xml")) - ))); - } -} diff --git a/src/test/java/org/openrewrite/java/dependencies/github/ParseAdvisoriesTest.java b/src/test/java/org/openrewrite/java/dependencies/github/ParseAdvisoriesTest.java deleted file mode 100644 index 5aa41b1..0000000 --- a/src/test/java/org/openrewrite/java/dependencies/github/ParseAdvisoriesTest.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 2021 the original author or authors. - *

- * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - *

- * https://www.apache.org/licenses/LICENSE-2.0 - *

- * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.openrewrite.java.dependencies.github; - -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.io.TempDir; - -import java.io.File; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.List; - -import static org.assertj.core.api.Assertions.assertThat; - -class ParseAdvisoriesTest { - - @Test - void parseAdvisories(@TempDir Path tmp) throws Exception { - Path output = tmp.resolve("advisories-maven.csv"); - ParseAdvisories.parseAdvisories(new File("src/test/advisories"), "Maven", output.toFile()); - - List allLines = Files.readAllLines(output); - assertThat(allLines).containsExactly("CVE-2023-34150,2023-07-05T09:30:20Z,\"Apache Any23 vulnerable to excessive memory usage\",\"org.apache.any23:apache-any23\",0,,MODERATE,CWE-20;CWE-400"); - } -}