CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35650
https://notcve.org/view.php?id=CVE-2021-35650
20 Oct 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop ac... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35649
https://notcve.org/view.php?id=CVE-2021-35649
20 Oct 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial... • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 9.0EPSS: 94%CPEs: 26EXPL: 11CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
16 Sep 2021 — A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the ht... • https://github.com/sixpacksecurity/CVE-2021-40438 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 1%CPEs: 1EXPL: 0CVE-2021-2447
https://notcve.org/view.php?id=CVE-2021-2447
20 Jul 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop.... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0CVE-2021-2446
https://notcve.org/view.php?id=CVE-2021-2446
20 Jul 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successf... • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 5.3EPSS: 2%CPEs: 42EXPL: 0CVE-2021-33037 – Incorrect Transfer-Encoding handling with HTTP/1.0
https://notcve.org/view.php?id=CVE-2021-33037
12 Jul 2021 — Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding. ... • https://kc.mcafee.com/corporate/index?page=content&id=SB10366 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2021-2248
https://notcve.org/view.php?id=CVE-2021-2248
22 Apr 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 9.6EPSS: 2%CPEs: 1EXPL: 0CVE-2021-2221
https://notcve.org/view.php?id=CVE-2021-2221
22 Apr 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successf... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2021-2177
https://notcve.org/view.php?id=CVE-2021-2177
22 Apr 2021 — Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Deskto... • https://www.oracle.com/security-alerts/cpuapr2021.html •
CVSS: 7.4EPSS: 0%CPEs: 56EXPL: 0CVE-2021-3450 – CA certificate check bypass with X509_V_FLAG_X509_STRICT
https://notcve.org/view.php?id=CVE-2021-3450
25 Mar 2021 — The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectivel... • http://www.openwall.com/lists/oss-security/2021/03/27/1 • CWE-295: Improper Certificate Validation •