Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-07-14 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
5.5
2021-07-14 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs.
local
low complexity
apache oracle
5.5
5.5
2021-07-13 CVE-2021-31810 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1.
network
low complexity
ruby-lang debian oracle
5.8
5.8
2021-07-12 CVE-2021-30640 Improper Encoding or Escaping of Output vulnerability in multiple products
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm.
network
high complexity
apache oracle debian CWE-116
6.5
6.5
2021-07-12 CVE-2021-33037 HTTP Request Smuggling vulnerability in multiple products
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy.
network
low complexity
apache debian oracle mcafee CWE-444
5.3
5.3
2021-07-12 CVE-2021-30129 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.
network
low complexity
apache oracle CWE-772
6.5
6.5
2021-07-09 CVE-2021-3541 XML Entity Expansion vulnerability in multiple products
A flaw was found in libxml2.
network
low complexity
xmlsoft redhat oracle netapp CWE-776
6.5
6.5
2021-06-28 CVE-2021-32723 Prism is a syntax highlighting library.
network
low complexity
prismjs oracle
6.5
6.5
2021-06-25 CVE-2021-3314 Cross-site Scripting vulnerability in Oracle Glassfish Server
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS.
network
low complexity
oracle CWE-79
6.1
6.1
2021-06-12 CVE-2021-31811 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file.
local
low complexity
apache fedoraproject oracle CWE-770
5.5
5.5