Vulnerabilities > Oracle > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
2022-04-27 | CVE-2022-24736 | Redis is an in-memory database that persists on disk. | 5.5 |
2022-04-27 | CVE-2021-41041 | Unchecked Return Value vulnerability in multiple products In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 5.3 |
2022-04-21 | CVE-2022-29577 | Cross-site Scripting vulnerability in multiple products OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. | 6.1 |
2022-04-21 | CVE-2022-22969 | <Issue Description> Spring Security OAuth versions 2.5.x prior to 2.5.2 and older unsupported versions are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. | 6.5 |
2022-04-19 | CVE-2022-21496 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). | 5.3 |
2022-04-14 | CVE-2022-22968 | Improper Handling of Case Sensitivity vulnerability in multiple products In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | 5.3 |
2022-03-25 | CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. | 6.8 |
2022-03-25 | CVE-2022-0322 | Incorrect Type Conversion or Cast vulnerability in multiple products A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. | 5.5 |
2022-03-16 | CVE-2022-24728 | Cross-site Scripting vulnerability in multiple products CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. | 5.4 |