Vulnerabilities > Oracle > Weblogic Server

DATE CVE VULNERABILITY TITLE RISK
2022-07-19 CVE-2022-21560 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
5.3
5.3
2022-07-19 CVE-2022-21564 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).
network
low complexity
oracle
5.3
5.3
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
6.1
6.1
2022-04-25 CVE-2022-23457 Path Traversal vulnerability in multiple products
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp CWE-22
critical
 9.8
9.8
2022-04-21 CVE-2022-29577 Cross-site Scripting vulnerability in multiple products
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input.
network
low complexity
antisamy-project oracle CWE-79
6.1
6.1
2022-04-19 CVE-2022-21441 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).
network
low complexity
oracle
7.5
7.5
2022-04-19 CVE-2022-21453 Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).
network
low complexity
oracle
6.1
6.1
2022-04-11 CVE-2022-24839 Resource Exhaustion vulnerability in multiple products
org.cyberneko.html is an html parser written in Java.
network
low complexity
nekohtml-project oracle CWE-400
7.5
7.5
2022-04-01 CVE-2022-22965 Code Injection vulnerability in multiple products
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
network
low complexity
vmware cisco oracle siemens veritas CWE-94
critical
 9.8
9.8
2022-03-11 CVE-2020-36518 Out-of-bounds Write vulnerability in multiple products
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
network
low complexity
fasterxml oracle debian netapp CWE-787
7.5
7.5