Commerce Guided Search

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-17	CVE-2023-22029	Unspecified vulnerability in Oracle Commerce Guided Search 11.3.2 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). network low complexity oracle	6.1
2022-04-19	CVE-2022-21466	Unspecified vulnerability in Oracle Commerce Guided Search 11.3.2 Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Tools and Frameworks). network low complexity oracle	5.0
2022-03-04	CVE-2022-22946	Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. local low complexity vmware oracle CWE-295	5.5
2022-03-03	CVE-2022-22947	Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. network low complexity vmware oracle CWE-917 critical	10.0
2022-02-01	CVE-2021-43859	Resource Exhaustion vulnerability in multiple products XStream is an open source java library to serialize objects to XML and back again. network low complexity xstream-project fedoraproject debian oracle CWE-400	7.5
2021-11-17	CVE-2021-41165	Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. network low complexity ckeditor drupal oracle CWE-79	5.4
2021-11-17	CVE-2021-41164	Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source WYSIWYG HTML editor. network low complexity ckeditor drupal oracle fedoraproject CWE-79	5.4
2021-10-19	CVE-2021-37136	Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). network low complexity netty quarkus oracle netapp debian CWE-400	7.5
2021-10-19	CVE-2021-37137	Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. network low complexity netty oracle quarkus netapp debian CWE-400	7.5
2021-09-29	CVE-2021-22946	Cleartext Transmission of Sensitive Information vulnerability in multiple products A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). network low complexity haxx debian fedoraproject netapp oracle apple siemens splunk CWE-319	7.5