Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2021-02-23 CVE-2021-22112 Spring Security 5.4.x prior to 5.4.4, 5.3.x prior to 5.3.8.RELEASE, 5.2.x prior to 5.2.9.RELEASE, and older unsupported versions can fail to save the SecurityContext if it is changed more than once in a single request.A malicious user cannot cause the bug to happen (it must be programmed in).
network
low complexity
vmware pivotal-software oracle
8.8
2021-02-18 CVE-2020-28491 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.
network
low complexity
fasterxml quarkus oracle CWE-770
7.5
2021-02-17 CVE-2021-22174 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle CWE-770
7.5
2021-02-17 CVE-2021-22173 Memory Leak vulnerability in multiple products
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark fedoraproject oracle CWE-401
7.5
2021-02-16 CVE-2021-23840 Integer Overflow or Wraparound vulnerability in multiple products
Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform.
7.5
2021-02-15 CVE-2021-23337 Code Injection vulnerability in multiple products
Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
network
low complexity
lodash oracle netapp siemens CWE-94
7.2
2021-02-15 CVE-2021-21702 NULL Pointer Dereference vulnerability in multiple products
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
network
low complexity
php debian netapp oracle CWE-476
7.5
2021-02-12 CVE-2020-13949 Resource Exhaustion vulnerability in multiple products
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
network
low complexity
apache oracle CWE-400
7.5
2021-02-03 CVE-2020-28895 Integer Overflow or Wraparound vulnerability in multiple products
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc().
network
low complexity
windriver oracle CWE-190
7.3
2021-01-29 CVE-2021-3345 Out-of-bounds Write vulnerability in multiple products
_gcry_md_block_write in cipher/hash-common.c in Libgcrypt version 1.9.0 has a heap-based buffer overflow when the digest final function sets a large count value.
local
low complexity
gnupg oracle CWE-787
7.8