Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-20 | CVE-2021-35571 | Unspecified vulnerability in Oracle Peoplesoft Enterprise CS Academic Advisement 9.2 Vulnerability in the PeopleSoft Enterprise CS Academic Advisement product of Oracle PeopleSoft (component: Advising Notes). | 5.4 |
| 2021-10-20 | CVE-2021-35580 | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). | 6.1 |
| 2021-10-20 | CVE-2021-35581 | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). | 4.7 |
| 2021-10-20 | CVE-2021-35582 | Unspecified vulnerability in Oracle Applications Manager Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: View Reports). | 6.5 |
| 2021-10-20 | CVE-2021-35584 | Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: ndbcluster/plugin DDL). | 4.3 |
| 2021-10-20 | CVE-2021-42739 | Out-of-bounds Write vulnerability in multiple products The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. | 6.7 |
| 2021-10-04 | CVE-2021-32672 | Out-of-bounds Read vulnerability in multiple products Redis is an open source, in-memory database that persists on disk. | 4.3 |
| 2021-10-04 | CVE-2021-21705 | Improper Input Validation vulnerability in multiple products In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. | 5.3 |
| 2021-09-29 | CVE-2021-22947 | Insufficient Verification of Data Authenticity vulnerability in multiple products When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. | 5.9 |
| 2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |