Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-09-22 CVE-2021-38153 Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
high complexity
apache quarkus oracle CWE-203
5.9
2021-08-31 CVE-2021-3634 Out-of-bounds Write vulnerability in multiple products
A flaw has been found in libssh in versions prior to 0.9.6.
6.5
2021-08-23 CVE-2021-39140 Infinite Loop vulnerability in multiple products
XStream is a simple library to serialize objects to XML and back again.
network
high complexity
xstream debian fedoraproject netapp oracle CWE-835
6.3
2021-08-23 CVE-2021-37750 NULL Pointer Dereference vulnerability in multiple products
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
6.5
2021-08-16 CVE-2021-22939 Improper Certificate Validation vulnerability in multiple products
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.
network
low complexity
nodejs oracle netapp siemens debian CWE-295
5.3
2021-08-13 CVE-2021-37695 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor debian fedoraproject oracle
5.4
2021-08-12 CVE-2021-32808 ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle
5.4
2021-08-12 CVE-2021-32809 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
2021-08-08 CVE-2021-36221 Race Condition vulnerability in multiple products
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.
network
high complexity
golang fedoraproject debian oracle siemens CWE-362
5.9
2021-08-05 CVE-2021-22922 Improper Handling of Exceptional Conditions vulnerability in multiple products
When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them.
6.5