Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-07-11 CVE-2020-35167 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
network
low complexity
dell oracle
critical
 9.8
9.8
2022-07-11 CVE-2020-35166 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
network
low complexity
dell oracle
critical
 9.8
9.8
2022-07-11 CVE-2020-35163 Use of Insufficiently Random Values vulnerability in multiple products
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
network
low complexity
dell oracle CWE-330
critical
 9.8
9.8
2022-07-11 CVE-2020-29508 Improper Input Validation vulnerability in multiple products
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
network
low complexity
dell oracle CWE-20
critical
 9.8
9.8
2022-07-11 CVE-2020-29507 Improper Input Validation vulnerability in multiple products
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
network
low complexity
dell oracle CWE-20
critical
 9.8
9.8
2022-07-11 CVE-2020-29506 Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
network
low complexity
dell oracle
critical
 9.8
9.8
2022-06-10 CVE-2022-25845 Deserialization of Untrusted Data vulnerability in multiple products
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.
network
low complexity
alibaba oracle CWE-502
critical
 9.8
9.8
2022-05-19 CVE-2022-22978 Incorrect Authorization vulnerability in multiple products
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers.
network
low complexity
vmware oracle netapp CWE-863
critical
 9.8
9.8
2022-05-03 CVE-2022-1292 OS Command Injection vulnerability in multiple products
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.
network
low complexity
openssl debian netapp oracle fedoraproject CWE-78
critical
 9.8
9.8
2022-04-25 CVE-2022-23457 Path Traversal vulnerability in multiple products
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp CWE-22
critical
 9.8
9.8