Vulnerabilities > Oracle > Healthcare Data Repository > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-04-13 CVE-2021-29425 Path Traversal vulnerability in multiple products
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.
network
high complexity
apache debian oracle netapp CWE-22
4.8
2020-12-07 CVE-2020-17521 Apache Groovy provides extension methods to aid with creating temporary directories.
local
low complexity
apache netapp oracle
5.5
2019-11-08 CVE-2019-10219 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle CWE-79
6.1
2019-10-02 CVE-2019-17091 Cross-site Scripting vulnerability in multiple products
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
network
low complexity
eclipse oracle CWE-79
6.1