Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-12 CVE-2021-23440 Type Confusion vulnerability in multiple products
This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1.
network
low complexity
set-value-project oracle CWE-843
critical
 9.8
9.8
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
 9.8
9.8
2021-08-16 CVE-2021-32827 Cross-site Scripting vulnerability in multiple products
MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS.
network
low complexity
mock-server oracle CWE-79
critical
 9.6
9.6
2021-08-16 CVE-2021-22931 Improper Input Validation vulnerability in multiple products
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
network
low complexity
nodejs netapp oracle siemens CWE-20
critical
 9.8
9.8
2021-06-10 CVE-2021-26691 Out-of-bounds Write vulnerability in multiple products
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
network
low complexity
apache debian fedoraproject oracle netapp CWE-787
critical
 9.8
9.8
2021-06-02 CVE-2021-3520 There's a flaw in lz4.
network
low complexity
lz4-project netapp oracle splunk
critical
 9.8
9.8
2021-05-12 CVE-2020-35198 Integer Overflow or Wraparound vulnerability in multiple products
An issue was discovered in Wind River VxWorks 7.
network
low complexity
windriver oracle CWE-190
critical
 9.8
9.8
2021-05-06 CVE-2021-29921 In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string.
network
low complexity
python oracle
critical
 9.8
9.8
2021-04-23 CVE-2021-26291 Origin Validation Error vulnerability in multiple products
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.
network
low complexity
apache quarkus oracle CWE-346
critical
 9.1
9.1
2021-03-25 CVE-2021-21783 Integer Overflow or Wraparound vulnerability in multiple products
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.
network
low complexity
genivia oracle CWE-190
critical
 9.8
9.8