CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35558
https://notcve.org/view.php?id=CVE-2021-35558
20 Oct 2021 — Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35557
https://notcve.org/view.php?id=CVE-2021-35557
20 Oct 2021 — Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Table privilege with network access via Oracle Net to compromise Core RDBMS. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.1 Base Score 4.3 (Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-35551
https://notcve.org/view.php?id=CVE-2021-35551
20 Oct 2021 — Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 19c and 21c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of RDBMS Security as well as unauthorized update, insert or delete access to some of R... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2332
https://notcve.org/view.php?id=CVE-2021-2332
20 Oct 2021 — Vulnerability in the Oracle LogMiner component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle LogMiner. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle LogMiner accessible data as well as unauthorized read access to a subset of ... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 6CVE-2021-35576 – Oracle Unified Audit Policy Bypass
https://notcve.org/view.php?id=CVE-2021-35576
20 Oct 2021 — Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Editi... • https://packetstorm.news/files/id/170354 •
CVSS: 5.9EPSS: 0%CPEs: 9EXPL: 0CVE-2021-36221 – golang: net/http/httputil: panic due to racy read of persistConn after handler panic
https://notcve.org/view.php?id=CVE-2021-36221
08 Aug 2021 — Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. Go versiones anteriores a 1.15.15 y 1.16.x versiones anteriores a 1.16.7, presenta una condición de carrera que puede conllevar un pánico de net/http/httputil ReverseProxy al abortar ErrAbortHandler A race condition flaw was found in Go. The incoming requests body weren't closed after the handler panic and as a consequence this could lead to ReverseProxy cras... • https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2CVE-2021-29923 – golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet
https://notcve.org/view.php?id=CVE-2021-29923
07 Aug 2021 — Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. Go versiones anteriores a 1.17, no considera apropiadamente los caracteres cero extraños al principio de un octeto de dirección IP, lo que (en algunas situaciones) permite a atacantes omitir el control de acceso qu... • https://defcon.org/html/defcon-29/dc-29-speakers.html#kaoudis • CWE-20: Improper Input Validation •
CVSS: 8.3EPSS: 3%CPEs: 248EXPL: 6CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation
https://notcve.org/view.php?id=CVE-2021-2351
20 Jul 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful atta... • https://packetstorm.news/files/id/165258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 7.2EPSS: 1%CPEs: 3EXPL: 0CVE-2021-2337
https://notcve.org/view.php?id=CVE-2021-2337
20 Jul 2021 — Vulnerability in the Oracle XML DB component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Any Procedure, Create Public Synonym privilege with network access via Oracle Net to compromise Oracle XML DB. Successful attacks of this vulnerability can result in takeover of Oracle XML DB. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 3.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-2336
https://notcve.org/view.php?id=CVE-2021-2336
20 Jul 2021 — Vulnerability in the Oracle Database - Enterprise Edition Data Redaction component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition Data Redaction. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result... • https://www.oracle.com/security-alerts/cpujul2021.html •