Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-19 | CVE-2022-21399 | Unspecified vulnerability in Oracle Communications Operations Monitor Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). | 6.5 |
| 2022-01-19 | CVE-2022-21400 | Unspecified vulnerability in Oracle Communications Operations Monitor Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). network oracle | 4.9 |
| 2022-01-19 | CVE-2022-21401 | Unspecified vulnerability in Oracle Communications Operations Monitor Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). | 6.5 |
| 2022-01-19 | CVE-2022-21402 | Unspecified vulnerability in Oracle Communications Operations Monitor Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). network oracle | 4.9 |
| 2022-01-19 | CVE-2022-21403 | Unspecified vulnerability in Oracle Communications Operations Monitor Vulnerability in the Oracle Communications Operations Monitor product of Oracle Communications (component: Mediation Engine). | 6.5 |
| 2022-01-12 | CVE-2022-20612 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set. | 4.3 |
| 2022-01-12 | CVE-2022-20613 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20614 | Missing Authorization vulnerability in multiple products A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname. | 4.3 |
| 2022-01-12 | CVE-2022-20615 | Cross-site Scripting vulnerability in multiple products Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | 5.4 |
| 2022-01-10 | CVE-2021-22060 | In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. | 4.0 |