Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2021-06-10 CVE-2021-30641 Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
network
low complexity
apache debian fedoraproject oracle
5.3
5.3
2021-06-09 CVE-2021-28169 For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory.
network
low complexity
eclipse debian oracle netapp
5.3
5.3
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
7.5
2021-06-07 CVE-2021-22222 Infinite Loop vulnerability in multiple products
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle debian CWE-835
7.5
7.5
2021-06-06 CVE-2021-33880 Information Exposure Through Discrepancy vulnerability in multiple products
The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...).
network
high complexity
websockets-project oracle CWE-203
5.9
5.9
2021-06-03 CVE-2020-28469 Resource Exhaustion vulnerability in multiple products
This affects the package glob-parent before 5.1.2.
network
low complexity
gulpjs oracle CWE-400
7.5
7.5
2021-06-02 CVE-2020-6950 Path Traversal vulnerability in multiple products
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.
network
low complexity
eclipse oracle CWE-22
6.5
6.5
2021-06-02 CVE-2021-3522 Out-of-bounds Read vulnerability in multiple products
GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.
local
low complexity
gstreamer-project netapp oracle CWE-125
5.5
5.5
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
5.9
2021-06-02 CVE-2021-3520 There's a flaw in lz4.
network
low complexity
lz4-project netapp oracle splunk
critical
 9.8
9.8