Vulnerabilities > Oracle > Timesten IN Memory Database > High

DATE CVE VULNERABILITY TITLE RISK
2021-11-08 CVE-2021-41772 Improper Input Validation vulnerability in multiple products
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
network
low complexity
golang fedoraproject oracle CWE-20
7.5
2021-08-07 CVE-2021-29923 Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation.
network
low complexity
golang oracle fedoraproject
7.5
2020-10-01 CVE-2020-11979 As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
network
low complexity
apache gradle fedoraproject oracle
7.5
2020-08-30 CVE-2020-7712 OS Command Injection vulnerability in multiple products
This affects the package json before 10.0.0.
network
low complexity
joyent oracle CWE-78
7.2
2019-07-19 CVE-2019-1010239 NULL Pointer Dereference vulnerability in multiple products
DaveGamble/cJSON cJSON 1.7.8 is affected by: Improper Check for Unusual or Exceptional Conditions.
network
low complexity
cjson-project oracle CWE-476
7.5
2018-11-16 CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue.
network
low complexity
dell oracle
7.5
2018-08-31 CVE-2018-11054 Integer Overflow or Wraparound vulnerability in multiple products
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability.
network
low complexity
dell oracle CWE-190
7.5
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
7.5