CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2334
https://notcve.org/view.php?id=CVE-2021-2334
Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition Data Redaction accessible data. • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2333
https://notcve.org/view.php?id=CVE-2021-2333
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Alter User privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML DB accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2329
https://notcve.org/view.php?id=CVE-2021-2329
Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2326
https://notcve.org/view.php?id=CVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Database Vault. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Database Vault accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-34558 – golang: crypto/tls: certificate of wrong type is causing TLS client to panic
https://notcve.org/view.php?id=CVE-2021-34558
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. El paquete crypto/tls de Go versiones hasta 1.16.5, no afirma apropiadamente que el tipo de clave pública en un certificado X.509 coincida con el tipo esperado cuando se hace un intercambio de claves basado en RSA, permitiendo a un servidor TLS malicioso causar el pánico en un cliente TLS A flaw was found in golang. A panic can be triggered by an attacker in a privileged network position without access to the server certificate's private key, as long as a trusted ECDSA or Ed25519 certificate for the server exists (or can be issued), or the client is configured with Config.InsecureSkipVerify. Clients that disable all TLS_RSA cipher suites (that is, TLS 1.0–1.2 cipher suites without ECDHE), as well as TLS 1.3-only clients, are unaffected. • https://golang.org/doc/devel/release#go1.16.minor https://groups.google.com/g/golang-announce https://groups.google.com/g/golang-announce/c/n9FxMelZGAQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BA7MFVXRBEKRTLSLYDICTYCGEMK2HZ7 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XBQUFVI5TMV4KMKI7GKA223LHGPQISE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6BTC3JQUASFN5U2XA4UZIGAPZQBD5JSS https:/&# • CWE-20: Improper Input Validation CWE-295: Improper Certificate Validation •