High

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-16	CVE-2021-3551	Cleartext Storage of Sensitive Information vulnerability in multiple products A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. local low complexity dogtagpki fedoraproject oracle redhat CWE-312	7.8
2022-02-09	CVE-2022-0391	Injection vulnerability in multiple products A flaw was found in Python, specifically within the urllib.parse module. network low complexity python netapp fedoraproject oracle CWE-74	7.5
2022-02-01	CVE-2021-43859	Resource Exhaustion vulnerability in multiple products XStream is an open source java library to serialize objects to XML and back again. network low complexity xstream-project fedoraproject debian oracle CWE-400	7.5
2022-01-28	CVE-2021-4034	Out-of-bounds Write vulnerability in multiple products A local privilege escalation vulnerability was found on polkit's pkexec utility. local low complexity polkit-project redhat canonical suse oracle siemens starwindsoftware CWE-787	7.8
2022-01-27	CVE-2022-23181	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. local high complexity apache oracle debian CWE-367	7.0
2022-01-26	CVE-2022-23990	Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. network low complexity libexpat-project tenable oracle debian fedoraproject siemens CWE-190	7.5
2022-01-19	CVE-2022-21250	Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). network low complexity oracle	8.1
2022-01-19	CVE-2022-21251	Unspecified vulnerability in Oracle Installed Base Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). network low complexity oracle	7.5
2022-01-19	CVE-2022-21255	Unspecified vulnerability in Oracle Configurator Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: UI Servlet). network low complexity oracle	8.1
2022-01-19	CVE-2022-21266	Unspecified vulnerability in Oracle Communications Billing and Revenue Management 12.0.0.3.0/12.0.0.4.0 Vulnerability in the Oracle Communications Billing and Revenue Management product of Oracle Communications Applications (component: Pipeline Manager). network low complexity oracle	7.5