CVSS: 8.3EPSS: 1%CPEs: 248EXPL: 6CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation
https://notcve.org/view.php?id=CVE-2021-2351
20 Jul 2021 — Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful atta... • https://packetstorm.news/files/id/165258 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2348
https://notcve.org/view.php?id=CVE-2021-2348
20 Jul 2021 — Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Commerce Guided Search / Oracle C... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2346
https://notcve.org/view.php?id=CVE-2021-2346
20 Jul 2021 — Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Gu... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-2345
https://notcve.org/view.php?id=CVE-2021-2345
20 Jul 2021 — Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Tools and Frameworks). The supported version that is affected is 11.3.1.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Commerce Guided Search / Oracle Commerce Experience Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Gu... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 7.5EPSS: 0%CPEs: 72EXPL: 0CVE-2021-36090 – Apache Commons Compress 1.0 to 1.20 denial of service vulnerability
https://notcve.org/view.php?id=CVE-2021-36090
13 Jul 2021 — When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. Al leer un archivo ZIP especialmente diseñado, Compress puede asignar grandes cantidades de memoria que finalmente conllevan a un error de falta de memoria incluso para entradas muy pequeñas. Esto podría ser usado para montar un ata... • http://www.openwall.com/lists/oss-security/2021/07/13/4 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 54EXPL: 0CVE-2021-35517 – Apache Commons Compress 1.1 to 1.20 denial of service vulnerability
https://notcve.org/view.php?id=CVE-2021-35517
13 Jul 2021 — When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. Cuando se lee un archivo TAR especialmente diseñado, Compress puede asignar grandes cantidades de memoria que finalmente conllevan a un error de falta de memoria incluso para entradas muy pequeñas. Esto podría ser usado para montar ... • http://www.openwall.com/lists/oss-security/2021/07/13/3 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2021-35516 – Apache Commons Compress 1.6 to 1.20 denial of service vulnerability
https://notcve.org/view.php?id=CVE-2021-35516
13 Jul 2021 — When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Al leer un archivo 7Z especialmente diseñado, Compress puede asignar grandes cantidades de memoria que finalmente conllevan a un error de falta de memoria incluso para entradas muy pequeñas. Esto podría ser usado para montar un at... • http://www.openwall.com/lists/oss-security/2021/07/13/2 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2021-35515 – Apache Commons Compress 1.6 to 1.20 denial of service vulnerability
https://notcve.org/view.php?id=CVE-2021-35515
13 Jul 2021 — When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Cuando se lee un archivo 7Z especialmente diseñado, la construcción de la lista de códecs que descomprimen una entrada puede resultar en un bucle infinito. Esto podría ser usado para montar un ataque de denegación de servicio contra los servicios que usan el paque... • http://www.openwall.com/lists/oss-security/2021/07/13/1 • CWE-834: Excessive Iteration CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO
https://notcve.org/view.php?id=CVE-2021-29425
13 Apr 2021 — In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como... • https://issues.apache.org/jira/browse/IO-556 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2021-20190 – jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing
https://notcve.org/view.php?id=CVE-2021-20190
19 Jan 2021 — A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en jackson-databind versiones anteriores a 2.9.10.7. FasterXML maneja inapropiadamente la interacción entre los gadgets de serialización y escritura. • https://bugzilla.redhat.com/show_bug.cgi?id=1916633 • CWE-502: Deserialization of Untrusted Data •