CVE-2020-11022

CVE-2020-11022 affects jQuery versions >=1.2 and =3.5.0 or apply vendor guidance where applicable.

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

CVE-2023-22045

CVE-2023-22045 affects Oracle Java SE (Hotspot) and Oracle GraalVM variants (Enterprise Edition and JDK). Affected versions include Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; GraalVM Enterprise: 20.3.10, 21.3.6, 22.3.2; GraalVM for JDK: 17.0.7, 20.0.1. The vulnerability is diffic...

CVE-2021-23841

CVE-2021-23841 is described in connected advisories as a NULL pointer dereference in OpenSSL’s X509_issuer_and_serial_hash() when parsing the issuer field. This can crash a process if certificates from untrusted sources are processed and the issuer parsing fails, enabling a potential denial of se...

CVE-2018-11776

The CVE-2018-11776 issue affects Apache Struts 2.x versions 2.3–2.3.34 and 2.5–2.5.16. The underlying condition is when alwaysSelectFullNamespace is true and a result or url tag lacks a namespace/value, and the upper namespace/action configuration also has no or a wildcard namespace, allowing rem...

CVE-2017-12617

CVE-2017-12617 concerns Apache Tomcat JSP upload via HTTP PUT when readonly=false and PUTs are allowed. Affected: Tomcat 7.x/8.x/9.x (various 7.0.0–7.0.81, 8.0.0.RC1–8.0.46, 8.5.0–8.5.22, 9.0.0.M1–9.0.0) with PUT enabled. Root cause: PUT request handling allowed uploading a JSP, enabling remote c...

CVE-2022-21541

CVE-2022-21541 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected Java SE versions include 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; GraalVM EE: 20.3.6, 21.3.2, 22.1.0. The vulnerability is described as difficult to exploit but allows an unauthenticated networked ...

CVE-2022-21540

CVE-2022-21540 applies to Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition; affected versions include Oracle Java SE 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1 and GraalVM EE 20.3.6, 21.3.2, 22.1.0. The connected documents provide concrete details: the vulnerability can be exploite...

CVE-2022-1292

CVE-2022-1292 describes a command-injection risk in the OpenSSL c_rehash script due to improper sanitization of shell metacharacters. The issue can allow local attackers to run arbitrary commands with the script’s privileges on systems where c_rehash runs automatically. Fixes are published in Ope...

CVE-2022-21449

CVE-2022-21449 affects Oracle Java SE Libraries (Oracle Java SE 17.0.2, 18) and GraalVM Enterprise Edition (21.3.1, 22.0.0.2). It enables unauthenticated, network‑accessible attackers to compromise data integrity — potentially unauthorized creation, deletion or modification of data in affected Or...

CVE-2020-1971

CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...

CVE-2022-22971

CVE-2022-22971 affects Spring Framework/Tanzu with a vulnerability in the STOMP over WebSocket endpoint that can allow authenticated users to trigger a denial-of-service. The connected IBM bulletin shows affected IBM Storage Copy Data Management versions (2.2.x) and provides a fixed release path:...

CVE-2023-38545

CVE-2023-38545 is a heap-based buffer overflow in curl/libcurl during SOCKS5 proxy hostname handling. When a long host name (over 255 bytes) is passed for proxy resolution, curl may copy the full hostname into the target buffer due to a race in a slow handshake, enabling arbitrary code execution....

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

CVE-2022-21549

CVE-2022-21549 affects Oracle Java SE Libraries with affected binaries: Oracle Java SE 17.0.3.1 and Oracle GraalVM Enterprise Edition 21.3.2 and 22.1.0. The entry notes network‑accessible exploitation by an unauthenticated attacker, potentially enabling unauthorized update/insert/delete of data i...

CVE-2010-1871

CVE-2010-1871 affects JBoss Seam 2 (jboss-seam2) as used in Red Hat Linux’s JBoss Enterprise Application Platform 4.3.0. The vulnerability stems from inadequate sanitization of inputs to JBoss Expression Language (EL) expressions, enabling remote code execution via a crafted URL when the Java Sec...

CVE-2016-8735

CVE-2016-8735 is a remote code execution vulnerability in Apache Tomcat via JmxRemoteLifecycleListener. Affected are Tomcat releases before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12, when JMX ports are reachable. Root cause: JmxRemoteLifecycleListe...

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

CVE-2018-8014

CVE-2018-8014 affects the default configuration of Tomcat’s CORS filter, where default settings enable supportsCredentials for all origins across multiple releases (9.0.0.M1–9.0.8, 8.5.0–8.5.31, 8.0.0.RC1–8.0.52, 7.0.41–7.0.88). The issue is that environments relying on the default CORS configura...

CVE-2020-2574

CVE-2020-2574 affects the Oracle MySQL Client (C API). Affected: MySQL Client in Oracle MySQL releases 5.6.46 and earlier, 5.7.28 and earlier, and 8.0.18 and earlier. Description in the sources: vulnerability allows an unauthenticated attacker with network access via multiple protocols to cause a...

CVE-2022-31160

CVE-2022-31160 affects jQuery UI versions prior to 1.13.2. The issue occurs when initializing a checkboxradio widget on an input inside a label; the label contents can be treated as the input label, and refreshing with .checkboxradio("refresh") on such a widget may decode encoded HTML entities in...

CVE-2019-7317

CVE-2019-7317 is a use-after-free involving png_image_free in libpng. A connected document ties this to the FLTK package, affecting versions less than 1.3.8-1, and states that upgrading to a later FLTK version resolves the issue. If applying this advisory, upgrade FLTK to 1.3.8-1 or newer for rem...

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

CVE-2022-43551

CVE-2022-43551 is a vulnerability in curl’s HSTS check that could allow bypassing HSTS and forcing a cleartext HTTP transfer. The issue occurs when the URL hostname uses IDN characters that are later ASCII-encoded during IDN processing (e.g., U+3002 IDEOGRAPHIC FULL STOP instead of U+002E). Curl ...

CVE-2016-3427

CVE-2016-3427 is an unspecified vulnerability in Oracle Java SE (affecting 6u113, 7u99, 8u77) and JRockit, tied to the Java Management Extensions (JMX) component. Exploitation can affect confidentiality, integrity, and availability via JMX-related vectors; the issue is described as an unspecified...

CVE-2020-36518

CVE-2020-36518 affects jackson-databind prior to 2.13.0, enabling a Java StackOverflow and DoS via excessive nesting depth. In affected advisories, remediation is to upgrade jackson-databind to 2.13.0+ (examples show 2.13.x or newer such as 2.13.4.2 in Crowd/CWD references). Practical impact is d...

CVE-2020-1967

CVE-2020-1967 describes a NULL pointer dereference in OpenSSL’s SSL_check_chain() during or after a TLS 1.3 handshake, caused by incorrect handling of the signature_algorithms_cert extension. A malicious peer sending an invalid/unrecognized signature algorithm can crash the server/client, enablin...

CVE-2023-41993

CVE-2023-41993 is a WebKit code‑execution vulnerability affecting Apple platforms where processing web content could trigger arbitrary code execution. The public record notes the issue was fixed in macOS Sonoma 14 and is associated with Safari/WebKit processing paths. Apple documents indicate the...

CVE-2021-3711

CVE-2021-3711 involves a bug in OpenSSL SM2 decryption: the buffer-size calculation during EVP_PKEY_decrypt() first call can under-allocate, enabling a later second call with a too-small buffer and causing a buffer overflow (up to 62 bytes). The issue affects OpenSSL 1.1.1 up to 1.1.1k and is fix...

CVE-2019-2938

CVE-2019-2938 affects MySQL Server (InnoDB) in Oracle MySQL. Affected versions include 5.7.27 and earlier and 8.0.17 and earlier; exploitation over network could cause a hang or crash (DoS) with high privileges. CVSSv3 base score 4.4. Patches are available; advisory ALSA-2020-1333 recommends upgr...

CVE-2023-21930

CVE-2023-21930 affects Oracle Java SE and GraalVM Enterprise Edition (JSSE component) on Java 8u361, 11.0.18, 17.0.6, 20 and GraalVM 20.3.9/21.3.5/22.3.1. An unauthenticated attacker with network access over TLS can compromise data confidentiality and integrity; exploitation is possible via TLS h...

CVE-2020-2752

CVE-2020-2752 affects the Oracle MySQL Client (C API). Publicly documented affected versions are 5.6.47 and earlier, 5.7.27 and earlier, and 8.0.17 and earlier. The vulnerability can be triggered by a network-accessing attacker via multiple protocols with low privileges and may lead to a Hang or ...

CVE-2021-2011

CVE-2021-2011 affects Oracle MySQL's Client C API, with vulnerable versions 5.7.32 and earlier and 8.0.22 and earlier. An unauthenticated network attacker can trigger a hang or crash (DoS) via multiple protocols. remediation is to upgrade to a version where the issue is resolved (e.g., newer MySQ...

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

CVE-2019-16168

CVE-2019-16168 affects SQLite up to version 3.29.0, whereLoopAddBtreeIndex in sqlite3.c may crash a browser/application due to missing validation of sqlite_stat1 sz, described as a severe division by zero in the query planner. Connected documents show multiple advisories referencing the fix in SQ...

CVE-2019-2503

The connected advisory ALAS-2019-1292 documents CVE-2019-2503 as a MySQL/MariaDB Server: Connection Handling vulnerability. Affected are Oracle MySQL Server components with versions 5.6.42 and prior, 5.7.24 and prior, and 8.0.13 and prior. The issue can allow a low-privileged attacker on the netw...

CVE-2021-22570

CVE-2021-22570 affects Protocol Buffers (protobuf). A null character in a proto symbol is parsed incorrectly, causing a null pointer dereference via an unchecked access to the proto file name during error message generation. The issue can enable denial of service or memory access instability as d...

CVE-2021-2022

CVE-2021-2022 is a vulnerability in Oracle MySQL Server (component: InnoDB) that affects MySQL Server versions 5.6.50 and earlier, 5.7.32 and earlier, and 8.0.22 and earlier. The issue is exploitable by a highly privileged attacker who can access the affected server over network via multiple prot...

CVE-2020-2760

CVE-2020-2760 affects MySQL Server (InnoDB) with affected versions 5.7.29 and prior, and 8.0.19 and prior. It enables a high-privilege attacker with network access to cause a hang or crash (DoS) and potentially unauthorized data updates/inserts/deletes. The ALAS advisory shows remediation through...

CVE-2023-22028

CVE-2023-22028 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 5.7.x up to 5.7.43 and 8.0.x up to 8.0.31. Exploitation can lead to a high-privilege attacker over network causing a hang or frequent crash (DoS) of MySQL Server. Connected sources indicate Oracle CPU advisory and ven...

CVE-2022-34169

CVE-2022-34169 affects the Apache Xalan Java XSLT library. It describes an integer truncation vulnerability when processing malicious XSLT stylesheets, which can corrupt Java class files generated by the internal XSLTC compiler and allow execution of arbitrary Java bytecode. Public references in ...

CVE-2025-21502

CVE-2025-21502 affects Oracle Java SE and related GraalVM packages (Hotspot) across multiple supported versions (Java SE 8u431-perf, 11.0.25, 17.0.13, 21.0.5, 23.0.1; GraalVM JDK 17.0.13/21.0.5/23.0.1; GraalVM EE 20.3.16/21.3.12). The described vulnerability allows an unauthenticated, network-acc...

CVE-2024-20918

CVE-2024-20918 affects Oracle Java SE (8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1), Oracle GraalVM for JDK (17.0.9, 21.0.1), and Oracle GraalVM Enterprise Edition (20.3.12, 21.3.8, 22.3.4). The vulnerability, which is network-accessible via multiple protocols, can allow an unauthenticated attacke...

CVE-2020-2812

CVE-2020-2812 affects the MySQL Server component (Server: Stored Procedure). Affected are MySQL/MariaDB builds with versions 5.6.47 and earlier, 5.7.29 and earlier, and 8.0.19 and earlier. The vulnerability can allow a high-privilege attacker with network access via multiple protocols to cause a ...

CVE-2020-2922

CVE-2020-2922 affects the MySQL Client C API in Oracle MySQL. Affected versions are 5.6.47 and prior, 5.7.29 and prior, and 8.0.18 and prior. It is difficult to exploit and can allow an unauthenticated attacker with network access via multiple protocols to read a subset of MySQL Client data. CVSS...

CVE-2023-22068

CVE-2023-22068 affects Oracle MySQL Server (InnoDB). Affected: MySQL 8.0.34 and earlier, and 8.1.0. An attacker with network access via multiple protocols and high privileges can cause the server to hang or crash (DoS). No explicit exploitation details are provided beyond this claim. Remediation:...

CVE-2022-21607

CVE-2022-21607 is a vulnerability in Oracle MySQL Server, specifically in the Server: Optimizer component. Affected are MySQL Server versions up to and including 8.0.28 (and prior). The flaw is exploitable by a high-privilege attacker who can reach the server over the network via multiple protoco...

CVE-2023-22103

CVE-2023-22103 affects Oracle MySQL Server (Server: Optimizer). Affected: MySQL 8.0.34 and earlier, and 8.1.0. Attack via network with high privileges can cause a hang or frequent crash (DoS) of MySQL Server. CVSS v3.1 base score 4.9 (Availability). Remediation: upgrade to a fixed package/version...