Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-21	CVE-2022-29577	Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. network low complexity antisamy-project oracle CWE-79	6.1
2022-04-21	CVE-2022-22969	<Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. network low complexity pivotal oracle	6.5
2022-04-19	CVE-2022-21496	Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). network low complexity oracle netapp debian azul	5.3
2022-04-14	CVE-2022-22968	Improper Handling of Case Sensitivity vulnerability in multiple products In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. network low complexity vmware netapp oracle CWE-178	5.3
2022-03-25	CVE-2021-4203	A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. network high complexity linux netapp oracle	6.8
2022-03-25	CVE-2022-0322	Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. local low complexity linux fedoraproject oracle CWE-704	5.5
2022-03-16	CVE-2022-24728	Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. network low complexity ckeditor drupal oracle fedoraproject CWE-79	5.4
2022-03-11	CVE-2022-0001	Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. local low complexity intel oracle	6.5
2022-03-11	CVE-2022-0002	Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. local low complexity intel oracle	6.5
2022-03-04	CVE-2021-3744	A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). local low complexity linux fedoraproject debian redhat oracle	5.5