Vulnerabilities (CVE)

Filtered by vendor Oracle Subscribe
Total 9220 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22978 3 Netapp, Oracle, Vmware 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security 2023-02-04 7.5 HIGH 9.8 CRITICAL
In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass
CVE-2021-4197 5 Broadcom, Debian, Linux and 2 more 14 Brocade Fabric Operating System Firmware, Debian Linux, Linux Kernel and 11 more 2023-02-03 7.2 HIGH 7.8 HIGH
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system.
CVE-2019-2920 2 Canonical, Oracle 2 Ubuntu Linux, Mysql 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 5.3.13 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2019-2922 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2923 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2019-2924 3 Canonical, Netapp, Oracle 6 Ubuntu Linux, Active Iq Unified Manager, Oncommand Insight and 3 more 2023-02-03 5.0 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2020-1747 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more 2023-02-03 10.0 HIGH 9.8 CRITICAL
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
CVE-2020-8287 5 Debian, Fedoraproject, Nodejs and 2 more 5 Debian Linux, Fedora, Node.js and 2 more 2023-02-03 6.4 MEDIUM 6.5 MEDIUM
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.
CVE-2020-4788 3 Fedoraproject, Ibm, Oracle 7 Fedora, Aix, Power9 and 4 more 2023-02-03 1.9 LOW 4.7 MEDIUM
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.
CVE-2021-21781 2 Linux, Oracle 4 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 1 more 2023-02-03 2.1 LOW 3.3 LOW
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process’s memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11
CVE-2020-11023 7 Debian, Drupal, Fedoraproject and 4 more 55 Debian Linux, Drupal, Fedora and 52 more 2023-02-03 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2022-22976 3 Netapp, Oracle, Vmware 3 Active Iq Unified Manager, Financial Services Crime And Compliance Management Studio, Spring Security 2023-02-03 4.3 MEDIUM 5.3 MEDIUM
Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE.
CVE-2020-28052 3 Apache, Bouncycastle, Oracle 20 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 17 more 2023-02-02 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
CVE-2021-3744 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2023-02-02 2.1 LOW 5.5 MEDIUM
A flaw was found in the Linux kernel. A memory leak in the ccp-ops crypto driver can allow attackers to cause a denial of service. This vulnerability is similar with the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
CVE-2021-3520 3 Lz4 Project, Netapp, Oracle 5 Lz4, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 2 more 2023-02-02 7.5 HIGH 9.8 CRITICAL
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The greatest impact of this flaw is to availability, with some potential impact to confidentiality and integrity as well.
CVE-2021-3772 5 Debian, Linux, Netapp and 2 more 26 Debian Linux, Linux Kernel, E-series Santricity Os Controller and 23 more 2023-02-02 5.8 MEDIUM 6.5 MEDIUM
A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses.
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 32 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 29 more 2023-02-02 7.2 HIGH 7.8 HIGH
CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector
CVE-2019-3900 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2023-02-02 6.8 MEDIUM 7.7 HIGH
An infinite loop issue was found in the vhost_net kernel module while handling incoming packets in handle_rx(). The infinite loop could occur if one end sends packets faster than the other end can process them. A guest user, maybe a remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.
CVE-2018-16865 5 Canonical, Debian, Oracle and 2 more 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more 2023-02-02 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if systemd-journal-remote is used, may use this flaw to crash systemd-journald or execute code with journald privileges.
CVE-2018-16864 5 Canonical, Debian, Oracle and 2 more 11 Ubuntu Linux, Debian Linux, Communications Session Border Controller and 8 more 2023-02-02 4.6 MEDIUM 7.8 HIGH
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges.