| 2022-05-03 | CVE-2022-1434 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. | 5.9 |
| 2022-05-03 | CVE-2022-1473 | Incomplete Cleanup vulnerability in multiple products
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. | 7.5 |
| 2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
| 2022-05-01 | CVE-2022-25647 | Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. | 7.5 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-04-25 | CVE-2022-23457 | Path Traversal vulnerability in multiple products
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 9.8 |
| 2022-04-19 | CVE-2022-21412 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
| 2022-04-19 | CVE-2022-21413 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
| 2022-04-19 | CVE-2022-21414 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
| 2022-04-19 | CVE-2022-21415 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.9 |