Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
7.5
2021-10-14 CVE-2021-42340 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak.
network
low complexity
apache netapp debian oracle CWE-772
7.5
7.5
2021-10-06 CVE-2021-20264 Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Openjdk 1.8.0/11
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers.
local
low complexity
oracle CWE-732
7.8
7.8
2021-10-05 CVE-2021-41524 NULL Pointer Dereference vulnerability in multiple products
While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server.
network
low complexity
apache fedoraproject oracle netapp CWE-476
7.5
7.5
2021-10-05 CVE-2021-41773 Path Traversal vulnerability in multiple products
A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49.
network
low complexity
apache fedoraproject oracle netapp CWE-22
7.5
7.5
2021-10-04 CVE-2021-32626 Heap-based Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
low complexity
redis fedoraproject netapp debian oracle CWE-122
8.8
8.8
2021-10-04 CVE-2021-32627 Integer Overflow to Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
high complexity
redis fedoraproject debian netapp oracle CWE-680
7.5
7.5
2021-10-04 CVE-2021-32628 Integer Overflow to Buffer Overflow vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
high complexity
redis fedoraproject debian netapp oracle CWE-680
7.5
7.5
2021-10-04 CVE-2021-32675 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Redis is an open source, in-memory database that persists on disk.
network
low complexity
redis fedoraproject debian netapp oracle CWE-770
7.5
7.5