High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-22	CVE-2021-2157	Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: TopLink Integration). network low complexity oracle	7.5
2021-04-22	CVE-2021-2156	Unspecified vulnerability in Oracle Customers Online 12.1.3 Vulnerability in the Oracle Customers Online product of Oracle E-Business Suite (component: Customer Tab). network low complexity oracle	8.1
2021-04-22	CVE-2021-2150	Unspecified vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). network low complexity oracle	8.2
2021-04-22	CVE-2021-2145	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). local high complexity oracle	7.5
2021-04-22	CVE-2021-2144	Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). network low complexity oracle netapp mariadb	7.2
2021-04-22	CVE-2021-2008	Unspecified vulnerability in Oracle Enterprise Manager 11.1.1.9/12.2.1.3 Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: FMW Control Plugin). network low complexity oracle	7.3
2021-04-02	CVE-2021-22696	Server-Side Request Forgery (SSRF) vulnerability in multiple products CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). network low complexity apache oracle CWE-918	7.5
2021-04-01	CVE-2021-28165	Improper Handling of Exceptional Conditions vulnerability in multiple products In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. network low complexity eclipse oracle jenkins netapp CWE-755	7.5
2021-03-25	CVE-2021-3450	Improper Certificate Validation vulnerability in multiple products The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. network high complexity openssl freebsd netapp windriver fedoraproject tenable oracle mcafee sonicwall nodejs CWE-295	7.4
2021-03-23	CVE-2021-21349	Deserialization of Untrusted Data vulnerability in multiple products XStream is a Java library to serialize objects to XML and back again. network low complexity xstream-project debian fedoraproject oracle CWE-502	8.6