Vulnerabilities > Oracle > Enterprise Manager OPS Center > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-29 CVE-2021-33503 Resource Exhaustion vulnerability in multiple products
An issue was discovered in urllib3 before 1.26.5.
network
low complexity
python fedoraproject oracle CWE-400
7.5
2021-06-15 CVE-2021-31618 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well.
network
low complexity
apache fedoraproject debian oracle CWE-476
7.5
2021-06-10 CVE-2020-13950 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-10 CVE-2020-35452 Out-of-bounds Write vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.
network
low complexity
apache debian fedoraproject oracle CWE-787
7.3
2021-06-10 CVE-2021-26690 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-07 CVE-2021-22222 Infinite Loop vulnerability in multiple products
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle debian CWE-835
7.5
2021-05-28 CVE-2021-29505 XStream is software for serializing Java objects to XML and back again. 8.8
2021-05-18 CVE-2021-3518 Use After Free vulnerability in multiple products
There's a flaw in libxml2 in versions before 2.9.11.
8.8
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5
2020-08-07 CVE-2020-9490 HTTP Request Smuggling vulnerability in multiple products
Apache HTTP Server versions 2.4.20 to 2.4.43.
7.5