Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-27778 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.
network
low complexity
haxx netapp oracle splunk CWE-706
8.1
2022-06-01 CVE-2020-26184 Improper Certificate Validation vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
network
low complexity
dell oracle CWE-295
7.5
2022-06-01 CVE-2020-26185 Out-of-bounds Read vulnerability in multiple products
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
network
low complexity
dell oracle CWE-125
7.5
2022-05-13 CVE-2022-25762 Improper Resource Shutdown or Release vulnerability in multiple products
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed.
network
low complexity
apache oracle CWE-404
8.6
2022-05-12 CVE-2022-29885 The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network.
network
low complexity
apache debian oracle
7.5
2022-05-01 CVE-2022-25647 Deserialization of Untrusted Data vulnerability in multiple products
The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
network
low complexity
google debian netapp oracle CWE-502
7.5
2022-04-27 CVE-2022-24735 Redis is an in-memory database that persists on disk.
local
low complexity
redis fedoraproject netapp oracle
7.8
2022-04-11 CVE-2022-24839 org.cyberneko.html is an html parser written in Java.
network
low complexity
nekohtml-project oracle
7.5
2022-04-04 CVE-2022-24801 Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
high complexity
twisted debian fedoraproject oracle
8.1
2022-03-30 CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
local
low complexity
vim fedoraproject debian oracle
7.8