Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2023-21900 Unspecified vulnerability in Oracle Solaris 10/11
Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch).
network
high complexity
oracle
4.0
2022-12-26 CVE-2021-43395 Improper Locking vulnerability in multiple products
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923.
5.5
2022-11-03 CVE-2022-2696 Unspecified vulnerability in Oracle Restaurant Menu - Food Ordering System - Table Reservation
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation.
network
low complexity
oracle
6.5
2022-05-19 CVE-2022-22976 Integer Overflow or Wraparound vulnerability in multiple products
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability.
network
low complexity
vmware oracle netapp CWE-190
5.3
2022-05-16 CVE-2022-25169 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
local
low complexity
apache oracle CWE-770
5.5
2022-05-16 CVE-2022-30126 In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file.
local
low complexity
apache oracle
5.5
2022-05-12 CVE-2022-22970 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
network
high complexity
vmware oracle netapp CWE-770
5.3
2022-05-12 CVE-2022-22971 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.
network
low complexity
vmware oracle netapp CWE-770
6.5
2022-05-06 CVE-2022-24823 Netty is an open-source, asynchronous event-driven network application framework.
local
low complexity
netty oracle netapp
5.5
2022-05-03 CVE-2022-29824 Integer Overflow or Wraparound vulnerability in multiple products
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows.
network
low complexity
xmlsoft fedoraproject debian netapp oracle CWE-190
6.5