VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Oracle
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-09-22
CVE-2021-38153
Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
high complexity
apache
quarkus
oracle
CWE-203
5.9
5.9
2021-09-19
CVE-2021-40690
All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element.
network
low complexity
apache
debian
oracle
7.5
7.5
2021-09-17
CVE-2021-41303
Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may cause an authentication bypass.
network
low complexity
apache
oracle
critical
9.8
9.8
2021-09-17
CVE-2021-3807
ansi-regex is vulnerable to Inefficient Regular Expression Complexity
network
low complexity
ansi-regex-project
oracle
7.5
7.5
2021-09-16
CVE-2021-34798
NULL Pointer Dereference vulnerability in multiple products
Malformed requests may cause the server to dereference a NULL pointer.
network
low complexity
apache
fedoraproject
debian
netapp
tenable
oracle
broadcom
siemens
CWE-476
7.5
7.5
2021-09-16
CVE-2021-36160
Out-of-bounds Read vulnerability in multiple products
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).
network
low complexity
apache
fedoraproject
debian
netapp
oracle
broadcom
CWE-125
7.5
7.5
2021-09-16
CVE-2021-39275
Out-of-bounds Write vulnerability in multiple products
ap_escape_quotes() may write beyond the end of a buffer when given malicious input.
network
low complexity
apache
fedoraproject
debian
netapp
oracle
siemens
CWE-787
critical
9.8
9.8
2021-09-16
CVE-2021-40438
Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
network
high complexity
apache
fedoraproject
debian
netapp
broadcom
f5
oracle
siemens
tenable
CWE-918
critical
9.0
9.0
2021-09-12
CVE-2021-23440
Type Confusion vulnerability in multiple products
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1.
network
low complexity
set-value-project
oracle
CWE-843
critical
9.8
9.8
2021-08-31
CVE-2021-37701
The npm package "tar" (aka node-tar) before versions 4.4.16, 5.0.8, and 6.1.7 has an arbitrary file creation/overwrite and arbitrary code execution vulnerability.
local
low complexity
npmjs
debian
oracle
siemens
8.6
8.6
«
Previous
1
2
...
31
32
33
(current)
34
35
...
455
456
»
Next