Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2022-04-19 CVE-2022-21420 Unspecified vulnerability in Oracle Coherence 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
7.5
2022-04-19 CVE-2022-21431 Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.4/12.0.0.5
Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Connection Manager).
network
low complexity
oracle
7.5
2022-04-19 CVE-2022-21445 Unspecified vulnerability in Oracle Jdeveloper 12.2.1.3.0/12.2.1.4.0
Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces).
network
low complexity
oracle
7.5
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
7.5
2022-03-14 CVE-2022-23943 Out-of-bounds Write vulnerability in multiple products
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data.
network
low complexity
apache fedoraproject debian oracle CWE-787
7.5
2022-02-24 CVE-2021-35689 Unspecified vulnerability in Oracle Talent Acquisition Cloud
A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition.
network
low complexity
oracle
7.5
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
7.5
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
7.5
2022-02-16 CVE-2022-25236 Exposure of Resource to Wrong Sphere vulnerability in multiple products
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
network
low complexity
libexpat-project debian oracle CWE-668
7.5
2022-01-26 CVE-2022-23990 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5