Lucene search
K
OracleProduct Lifecycle Analytics

7 matches found

CVE
CVE
added 2022/04/01 10:17 p.m.2486 views

CVE-2022-22965

CVE-2022-22965 (Spring4Shell) affects Spring Framework’s Spring MVC and Spring WebFlux when data binding is enabled in apps running on JDK 9+, with exploitation requiring Tomcat as WAR deployment. The issue is not exploited in Spring Boot executable jars. Vulnerable configurations are associated ...

9.8CVSS8.7AI score0.99677EPSS
In wildWeb
CVE
CVE
added 2022/04/01 12:0 a.m.1531 views

CVE-2022-22963

CVE-2022-22963 affects Spring Cloud Function: in versions 3.1.6, 3.2.2 and older unsupported releases, routing-expression using SpEL can be crafted by a user to trigger remote code execution and access local resources. The root cause is unsafe evaluation of SpEL within the HTTP request routing he...

9.8CVSS9.5AI score0.99939EPSS
In wildWeb
CVE
CVE
added 2021/12/28 7:35 p.m.974 views

CVE-2021-44832

CVE-2021-44832 affects Apache Log4j2 up to 2.17.0 (except 2.3.2 and 2.12.4) when a configuration uses a JDBC Appender with a JNDI LDAP data source URI and an attacker controls the LDAP server. The root cause is JNDI LDAP data source handling enabling RCE. Impact: remote code execution with the de...

8.5CVSS8.4AI score0.97906EPSS
In wild
CVE
CVE
added 2021/07/14 6:20 a.m.584 views

CVE-2021-36374

CVE-2021-36374 affects Apache Ant and causes denial of service via memory allocation when parsing specially crafted ZIP-based archives (and derived formats such as JARs and certain Office files). The vulnerability stems from how Ant reads these archives, enabling large memory use and out-of-memor...

5.5CVSS6.2AI score0.0262EPSS
CVE
CVE
added 2022/01/24 12:0 a.m.384 views

CVE-2022-23437

Technical specifics for CVE-2022-23437 (Xerces-J infinite loop in XML parsing) are not disclosed in the provided connected documents. Monitor for vendor/maintainer updates; current entries reference the issue but do not provide detailed root-cause, affected versions beyond 2.12.1, or fixes.

7.1CVSS6.6AI score0.0444EPSS
CVE
CVE
added 2021/02/24 12:0 a.m.296 views

CVE-2020-11987

CVE-2020-11987 – SSRF in Apache Batik 1.13 . The initial description confirms a server-side request forgery via improper input validation in NodePickerPanel, enabling an attacker to make arbitrary GET requests from the server. Connected documents corroborate concrete remediation actions across ve...

8.2CVSS7.8AI score0.13635EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.239 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS