Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2022-03-18 CVE-2022-1011 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write().
7.8
2022-03-16 CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
7.5
2022-03-14 CVE-2022-22719 Improper Initialization vulnerability in multiple products
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash.
network
low complexity
apache debian fedoraproject oracle apple CWE-665
7.5
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
2022-03-10 CVE-2021-38296 Authentication Bypass by Capture-replay vulnerability in multiple products
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled".
network
low complexity
apache oracle CWE-294
7.5
2022-03-04 CVE-2021-3737 Infinite Loop vulnerability in multiple products
A flaw was found in python.
7.5
2022-03-04 CVE-2021-3743 An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.
local
low complexity
linux fedoraproject netapp oracle
7.1
2022-03-03 CVE-2022-21716 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Twisted is an event-based framework for internet applications, supporting Python 3.6+.
network
low complexity
twisted debian oracle fedoraproject CWE-770
7.5
2022-02-26 CVE-2022-23308 Use After Free vulnerability in multiple products
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5
2022-02-24 CVE-2021-44531 Improper Certificate Validation vulnerability in multiple products
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates.
network
high complexity
nodejs oracle CWE-295
7.4