Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-11 | CVE-2020-36518 | Out-of-bounds Write vulnerability in multiple products jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | 7.5 |
| 2022-03-10 | CVE-2021-38296 | Authentication Bypass by Capture-replay vulnerability in multiple products Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". | 7.5 |
| 2022-03-04 | CVE-2021-3737 | Infinite Loop vulnerability in multiple products A flaw was found in python. | 7.5 |
| 2022-03-04 | CVE-2021-3743 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. | 7.1 |
| 2022-03-04 | CVE-2021-3744 | Memory Leak vulnerability in multiple products A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). | 5.5 |
| 2022-03-04 | CVE-2022-22946 | Improper Certificate Validation vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. | 5.5 |
| 2022-03-04 | CVE-2022-0839 | XXE vulnerability in multiple products Improper Restriction of XML External Entity Reference in GitHub repository liquibase/liquibase prior to 4.8.0. | 9.8 |
| 2022-03-03 | CVE-2021-4002 | Memory Leak vulnerability in multiple products A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. | 4.4 |
| 2022-03-03 | CVE-2022-22947 | Expression Language Injection vulnerability in multiple products In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | 10.0 |
| 2022-03-03 | CVE-2022-21716 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Twisted is an event-based framework for internet applications, supporting Python 3.6+. | 7.5 |