VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Oracle
> Retail Eftlink
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2021-12-18
CVE-2021-45105
Uncontrolled Recursion vulnerability in multiple products
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups.
network
high complexity
apache
netapp
debian
sonicwall
oracle
CWE-674
5.9
5.9
2021-10-14
CVE-2021-42340
Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache
netapp
debian
oracle
CWE-772
7.5
7.5
2021-07-15
CVE-2021-34429
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints.
network
low complexity
eclipse
netapp
oracle
5.3
5.3
2021-07-14
CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache
oracle
5.5
5.5
2021-07-14
CVE-2021-36374
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache
oracle
5.5
5.5
2020-11-28
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
network
high complexity
eclipse
netapp
oracle
apache
debian
4.8
4.8
2020-10-01
CVE-2020-11979
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache
gradle
fedoraproject
oracle
7.5
7.5
2020-04-27
CVE-2020-9488
Improper Certificate Validation vulnerability in multiple products
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.
network
high complexity
apache
oracle
debian
qos
CWE-295
3.7
3.7
2019-11-08
CVE-2019-10219
Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat
netapp
oracle
CWE-79
6.1
6.1
2017-10-04
CVE-2017-12617
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g.
network
high complexity
apache
canonical
oracle
debian
netapp
redhat
CWE-434
8.1
8.1