Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-16 CVE-2021-33813 XXE vulnerability in multiple products
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.
network
low complexity
jdom apache debian fedoraproject oracle CWE-611
7.5
2021-06-15 CVE-2021-31618 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well.
network
low complexity
apache fedoraproject debian oracle CWE-476
7.5
2021-06-11 CVE-2021-22901 Use After Free vulnerability in multiple products
curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection.
network
high complexity
haxx oracle netapp siemens splunk CWE-416
8.1
2021-06-10 CVE-2020-13950 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-10 CVE-2020-35452 Out-of-bounds Write vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest.
network
low complexity
apache debian fedoraproject oracle CWE-787
7.3
2021-06-10 CVE-2021-26690 NULL Pointer Dereference vulnerability in multiple products
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
network
low complexity
apache debian fedoraproject oracle CWE-476
7.5
2021-06-08 CVE-2021-33560 Information Exposure Through Discrepancy vulnerability in multiple products
Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately.
network
low complexity
gnupg debian fedoraproject oracle CWE-203
7.5
2021-06-07 CVE-2021-22222 Infinite Loop vulnerability in multiple products
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark oracle debian CWE-835
7.5
2021-06-03 CVE-2020-28469 Resource Exhaustion vulnerability in multiple products
This affects the package glob-parent before 5.1.2.
network
low complexity
gulpjs oracle CWE-400
7.5
2021-06-01 CVE-2021-31684 Out-of-bounds Write vulnerability in multiple products
A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
network
low complexity
json-smart-project oracle CWE-787
7.5