Vulnerabilities > Oracle > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-20 | CVE-2021-44224 | NULL Pointer Dereference vulnerability in multiple products A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). | 8.2 |
2021-12-14 | CVE-2021-4104 | Deserialization of Untrusted Data vulnerability in multiple products JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. | 7.5 |
2021-12-13 | CVE-2021-43818 | lxml is a library for processing XML and HTML in the Python language. | 7.1 |
2021-12-07 | CVE-2021-42717 | Uncontrolled Recursion vulnerability in multiple products ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. | 7.5 |
2021-11-08 | CVE-2021-41772 | Improper Input Validation vulnerability in multiple products Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | 7.5 |
2021-11-04 | CVE-2021-43396 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. | 7.5 |
2021-10-25 | CVE-2021-21703 | Out-of-bounds Write vulnerability in multiple products In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user. | 7.0 |
2021-10-20 | CVE-2021-35599 | Unspecified vulnerability in Oracle Zero Downtime DB Migration to Cloud 21C Vulnerability in the Zero Downtime DB Migration to Cloud component of Oracle Database Server. | 8.2 |
2021-10-20 | CVE-2021-35560 | Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). | 7.5 |
2021-10-20 | CVE-2021-35562 | Unspecified vulnerability in Oracle Universal Work Queue Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). | 8.1 |