Vulnerabilities > Oracle > Middleware Common Libraries AND Tools > 12.2.1.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-18 | CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
| 2021-08-18 | CVE-2021-37714 | Infinite Loop vulnerability in multiple products jsoup is a Java library for working with HTML. | 7.5 |
| 2021-07-19 | CVE-2021-35043 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). | 6.1 |
| 2021-07-12 | CVE-2021-30129 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. | 6.5 |
| 2021-01-14 | CVE-2021-23926 | XML Entity Expansion vulnerability in multiple products The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. | 9.1 |