Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
2021-02-15 CVE-2021-21702 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
network
low complexity
php debian netapp oracle CWE-476
7.5
2021-02-12 CVE-2020-13949 Resource Exhaustion vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
network
low complexity
apache oracle CWE-400
7.5
2021-02-03 CVE-2020-28895 Integer Overflow or Wraparound vulnerability in multiple products
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc().
network
low complexity
windriver oracle CWE-190
7.3
2021-01-29 CVE-2021-3345 Out-of-bounds Write vulnerability in multiple products
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value.
local
low complexity
gnupg oracle CWE-787
7.8
2021-01-27 CVE-2021-3326 Reachable Assertion vulnerability in multiple products
The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
network
low complexity
gnu netapp oracle fujitsu debian CWE-617
7.5
2021-01-27 CVE-2021-26117 Improper Authentication vulnerability in multiple products
The optional ActiveMQ LDAP login module can be configured to use anonymous access to the LDAP server.
network
low complexity
apache netapp debian oracle CWE-287
7.5
2021-01-26 CVE-2021-3156 Off-by-one Error vulnerability in multiple products
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
7.8
2021-01-26 CVE-2020-9492 Incorrect Authorization vulnerability in multiple products
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
network
low complexity
apache oracle CWE-863
8.8