Vulnerabilities > Oracle > Blockchain Platform > 21.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-21 | CVE-2021-2351 | Session Fixation vulnerability in Oracle products Vulnerability in the Advanced Networking Option component of Oracle Database Server. | 8.3 |
2020-07-24 | CVE-2020-8174 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. | 9.3 |
2020-07-14 | CVE-2020-15719 | Improper Certificate Validation vulnerability in multiple products libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. | 4.0 |
2020-06-08 | CVE-2020-8172 | Improper Certificate Validation vulnerability in multiple products TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0. | 5.8 |
2020-02-24 | CVE-2020-5245 | Injection vulnerability in multiple products Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. | 9.0 |
2019-07-26 | CVE-2019-13057 | An issue was discovered in the server in OpenLDAP before 2.4.48. | 3.5 |
2017-12-18 | CVE-2017-17740 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. | 5.0 |
2017-09-05 | CVE-2017-14159 | Improper Initialization vulnerability in multiple products slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. | 1.9 |
2017-05-29 | CVE-2017-9287 | Double Free vulnerability in multiple products servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. | 4.0 |