Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-22970 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | 5.3 |
| 2022-05-12 | CVE-2022-22971 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user. | 6.5 |
| 2022-05-06 | CVE-2022-24823 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework. | 5.5 |
| 2022-05-03 | CVE-2022-29824 | Integer Overflow or Wraparound vulnerability in multiple products In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. | 6.5 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-04-27 | CVE-2022-24736 | NULL Pointer Dereference vulnerability in multiple products Redis is an in-memory database that persists on disk. | 5.5 |
| 2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.0 |
| 2022-04-21 | CVE-2022-29577 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. | 6.1 |
| 2022-04-21 | CVE-2022-22969 | <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. | 6.5 |
| 2022-04-19 | CVE-2022-21404 | Unspecified vulnerability in Oracle Helidon 1.4.10/2.0.0 Vulnerability in the Helidon product of Oracle Fusion Middleware (component: Reactive WebServer). network oracle | 6.8 |