CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2315
https://notcve.org/view.php?id=CVE-2021-2315
22 Apr 2021 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2020-5360
https://notcve.org/view.php?id=CVE-2020-5360
16 Dec 2020 — Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5, son susceptibles a una Vulnerabilidad de Lectura Insuficiente del Búfer. Un atacante remoto no autenticado podría explotar esta vulnerabilidad resultando en un comportamiento indefinido o u... • https://www.dell.com/support/kbdoc/en-us/000181098/dsa-2020-114-dell-bsafe-micro-edition-suite-multiple-security-vulnerabilities • CWE-125: Out-of-bounds Read CWE-127: Buffer Under-read •
CVSS: 7.5EPSS: 19%CPEs: 38EXPL: 2CVE-2020-1967 – Segmentation fault in SSL_check_chain
https://notcve.org/view.php?id=CVE-2020-1967
21 Apr 2020 — Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL ver... • https://packetstorm.news/files/id/157527 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2545
https://notcve.org/view.php?id=CVE-2020-2545
15 Jan 2020 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-2530
https://notcve.org/view.php?id=CVE-2020-2530
15 Jan 2020 — Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 0CVE-2019-10082 – httpd: read-after-free in h2 connection shutdown
https://notcve.org/view.php?id=CVE-2019-10082
27 Aug 2019 — In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown. En Apache HTTP Server versiones 2.4.18 hasta 2.4.39, usando la entrada de red difusa, el manejo de la sesión http/2 podría ser hecha para leer la memoria después de ser liberada, durante el apagado de la conexión. A read-after-free vulnerability was discovered in Apache httpd, in mod_http2. A specially crafted http/2 client session could cau... • https://httpd.apache.org/security/vulnerabilities_24.html • CWE-416: Use After Free •
CVSS: 7.2EPSS: 85%CPEs: 20EXPL: 0CVE-2019-10097 – httpd: null-pointer dereference in mod_remoteip
https://notcve.org/view.php?id=CVE-2019-10097
27 Aug 2019 — In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients. En Apache HTTP Server versiones 2.4.32 hasta 2.4.39, cuando mod_remoteip se configuró para usar un servidor proxy intermediario de confianza que utiliza el protocolo "PROXY", u... • https://access.redhat.com/errata/RHSA-2019:4126 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2751
https://notcve.org/view.php?id=CVE-2019-2751
23 Jul 2019 — Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impac... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 7.8EPSS: 70%CPEs: 19EXPL: 1CVE-2018-20843 – expat: large number of colons in input makes parser consume high amount of resources, leading to DoS
https://notcve.org/view.php?id=CVE-2018-20843
24 Jun 2019 — In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). En libexpat en Expat anterior a versión 2.2.7, una entrada XML incluyendo nombres XML que contienen una gran cantidad de "dos puntos", podría hacer que el analizador XML consuma una gran cantidad de recursos de RAM y CPU durante el procesamiento (lo suficiente como ... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html • CWE-400: Uncontrolled Resource Consumption CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.9EPSS: 0%CPEs: 26EXPL: 0CVE-2019-0197 – httpd: mod_http2: possible crash on late upgrade
https://notcve.org/view.php?id=CVE-2019-0197
11 Jun 2019 — A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue. Una vulnerabilidad fue encontrada en Apache HTTP Server 2.4.34 hasta 2.4.38 y clasi... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •