Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-10 CVE-2021-22569 An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order.
local
low complexity
google oracle
5.5
2022-01-01 CVE-2021-45943 Out-of-bounds Write vulnerability in multiple products
GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment).
local
low complexity
osgeo debian fedoraproject oracle CWE-787
5.5
2021-12-30 CVE-2021-4183 Out-of-bounds Read vulnerability in multiple products
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
local
low complexity
wireshark fedoraproject oracle CWE-125
5.5
2021-12-28 CVE-2021-44832 Improper Input Validation vulnerability in multiple products
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
high complexity
apache oracle cisco fedoraproject debian CWE-20
6.6
2021-12-18 CVE-2021-45105 Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache netapp debian sonicwall oracle CWE-674
5.9
2021-12-17 CVE-2021-34141 Incorrect Comparison vulnerability in multiple products
An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects.
network
low complexity
numpy oracle CWE-697
5.3
2021-12-09 CVE-2021-43797 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian
6.5
2021-11-17 CVE-2021-41165 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle
5.4
2021-11-17 CVE-2021-41164 CKEditor4 is an open source WYSIWYG HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject
5.4
2021-11-17 CVE-2021-43976 In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). 4.6