Oracle Middleware_common_libraries_and_tools
9 CVEs affecting Oracle Middleware_common_libraries_and_tools. Latest disclosed: 2022-01-18. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-23305 | Critical | 9.8 | 2022-01-18 | By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLay… |
CVE-2021-42575 | Critical | 9.8 | 2021-10-18 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. |
CVE-2021-23926 | Critical | 9.1 | 2021-01-14 | The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include po… |
CVE-2022-23307 | High | 8.8 | 2022-01-18 | CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x whe… |
CVE-2022-23302 | High | 8.8 | 2022-01-18 | JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the… |
CVE-2021-42340 | High | 7.5 | 2021-10-14 | The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. Th… |
CVE-2021-37714 | High | 7.5 | 2021-08-18 | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If t… |
CVE-2021-30129 | Medium | 6.5 | 2021-07-12 | A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port f… |
CVE-2021-35043 | Medium | 6.1 | 2021-07-19 | OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript… |