Vulnerabilities > Oracle > Commerce Guided Search > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-04 CVE-2022-22946 Improper Certificate Validation vulnerability in multiple products
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager.
local
low complexity
vmware oracle CWE-295
5.5
2021-11-17 CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle
5.4
2021-11-17 CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
5.4
2021-09-29 CVE-2021-22947 Insufficient Verification of Data Authenticity vulnerability in multiple products
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches.
5.9
2021-08-23 CVE-2021-39140 XStream is a simple library to serialize objects to XML and back again. 6.3
2021-08-13 CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor debian fedoraproject oracle
5.4
2021-08-12 CVE-2021-32808 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle
5.4
2021-08-12 CVE-2021-32809 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2020-12-02 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
network
low complexity
apache quarkus oracle netapp
5.3