Vulnerabilities > Oracle > Mysql Enterprise Monitor > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-14 CVE-2022-22968 Improper Handling of Case Sensitivity vulnerability in multiple products
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
network
low complexity
vmware netapp oracle CWE-178
5.3
2022-02-24 CVE-2021-44532 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format.
network
low complexity
nodejs oracle debian CWE-295
5.3
2022-02-24 CVE-2021-44533 Improper Certificate Validation vulnerability in multiple products
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly.
network
low complexity
nodejs oracle debian CWE-295
5.3
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-10-26 CVE-2021-41182 jQuery-UI is the official jQuery user interface library. 6.1
2021-10-26 CVE-2021-41183 jQuery-UI is the official jQuery user interface library. 6.1
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
2021-02-16 CVE-2021-23841 NULL Pointer Dereference vulnerability in multiple products
The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate.
5.9
2020-09-19 CVE-2020-5421 In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
network
high complexity
vmware oracle netapp
6.5
2020-02-24 CVE-2020-1935 HTTP Request Smuggling vulnerability in multiple products
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.
network
high complexity
apache debian canonical opensuse netapp oracle CWE-444
4.8