Vulnerabilities > Oracle > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-10 | CVE-2021-22569 | An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. | 5.5 |
2022-01-01 | CVE-2021-45943 | Out-of-bounds Write vulnerability in multiple products GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 |
2021-12-30 | CVE-2021-4183 | Out-of-bounds Read vulnerability in multiple products Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file | 5.5 |
2021-12-28 | CVE-2021-44832 | Improper Input Validation vulnerability in multiple products Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 6.6 |
2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
2021-12-17 | CVE-2021-34141 | Incorrect Comparison vulnerability in multiple products An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. | 5.3 |
2021-12-09 | CVE-2021-43797 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
2021-11-17 | CVE-2021-41165 | CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
2021-11-17 | CVE-2021-41164 | CKEditor4 is an open source WYSIWYG HTML editor. | 5.4 |
2021-11-17 | CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | 4.6 |