Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-14343 | Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. | 9.8 |
| 2021-02-08 | CVE-2020-13947 | Cross-site Scripting vulnerability in multiple products An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | 6.1 |
| 2021-02-08 | CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.5 |
| 2021-02-07 | CVE-2020-36242 | Integer Overflow or Wraparound vulnerability in multiple products In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | 9.1 |
| 2021-02-03 | CVE-2020-29582 | Incorrect Default Permissions vulnerability in multiple products In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation. | 5.3 |
| 2021-02-03 | CVE-2020-28895 | Integer Overflow or Wraparound vulnerability in multiple products In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). | 7.3 |
| 2021-01-29 | CVE-2021-3345 | Out-of-bounds Write vulnerability in multiple products _gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value. | 7.8 |
| 2021-01-27 | CVE-2021-3326 | Reachable Assertion vulnerability in multiple products The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | 7.5 |
| 2021-01-27 | CVE-2021-26117 | Improper Authentication vulnerability in multiple products The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server. | 7.5 |
| 2021-01-26 | CVE-2021-3156 | Off-by-one Error vulnerability in multiple products Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. local low complexity sudo-project fedoraproject debian netapp mcafee synology beyondtrust oracle CWE-193 | 7.8 |