Vulnerabilities > Netapp > Oncommand Workflow Automation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-39410 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
| 2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
| 2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
| 2022-09-01 | CVE-2022-2764 | A flaw was found in Undertow. | 4.9 |
| 2022-08-31 | CVE-2022-1259 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-31 | CVE-2022-1319 | Unchecked Return Value vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-29 | CVE-2022-36033 | Cross-site Scripting vulnerability in multiple products jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. | 6.1 |
| 2022-08-26 | CVE-2021-3859 | Information Exposure Through Process Environment vulnerability in multiple products A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. | 7.5 |
| 2022-08-23 | CVE-2022-35278 | Cross-site Scripting vulnerability in multiple products In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 6.1 |
| 2022-08-05 | CVE-2022-37434 | Out-of-bounds Write vulnerability in multiple products zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. | 9.8 |