Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
6.1
2022-04-27 CVE-2022-24736 Redis is an in-memory database that persists on disk.
local
low complexity
redis fedoraproject netapp oracle
5.5
2022-04-27 CVE-2021-41041 Unchecked Return Value vulnerability in multiple products
In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.
network
low complexity
eclipse oracle CWE-252
5.3
2022-04-21 CVE-2022-29577 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input.
network
low complexity
antisamy-project oracle CWE-79
6.1
2022-04-21 CVE-2022-22969 <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application.
network
low complexity
pivotal oracle
6.5
2022-04-19 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI).
network
low complexity
oracle netapp debian azul
5.3
2022-04-14 CVE-2022-22968 Improper Handling of Case Sensitivity vulnerability in multiple products
In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
network
low complexity
vmware netapp oracle CWE-178
5.3
2022-03-25 CVE-2021-4203 A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel.
network
high complexity
linux netapp oracle
6.8
2022-03-25 CVE-2022-0322 Incorrect Type Conversion or Cast vulnerability in multiple products
A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access.
local
low complexity
linux fedoraproject oracle CWE-704
5.5
2022-03-16 CVE-2022-24728 Cross-site Scripting vulnerability in multiple products
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor.
network
low complexity
ckeditor drupal oracle fedoraproject CWE-79
5.4