CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35650
https://notcve.org/view.php?id=CVE-2021-35650
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35649
https://notcve.org/view.php?id=CVE-2021-35649
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Secure Global Desktop accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Secure Global Desktop. CVSS 3.1 Base Score 5.4 (Confidentiality and Availability impacts). • https://www.oracle.com/security-alerts/cpuoct2021.html •
CVSS: 9.0EPSS: 96%CPEs: 26EXPL: 8CVE-2021-40438 – Apache HTTP Server-Side Request Forgery (SSRF)
https://notcve.org/view.php?id=CVE-2021-40438
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. • https://github.com/sixpacksecurity/CVE-2021-40438 https://github.com/xiaojiangxl/CVE-2021-40438 https://github.com/Kashkovsky/CVE-2021-40438 https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit https://github.com/BabyTeam1024/CVE-2021-40438 https://github.com/gassara-kys/CVE-2021-40438 https://github.com/Cappricio-Securities/CVE-2021-40438 https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt https://cert-portal.siemens.com/productcert/pdf/ • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2447
https://notcve.org/view.php?id=CVE-2021-2447
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. While the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. • https://www.oracle.com/security-alerts/cpujul2021.html •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2446
https://notcve.org/view.php?id=CVE-2021-2446
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Secure Global Desktop. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Secure Global Desktop, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Secure Global Desktop. • https://www.oracle.com/security-alerts/cpujul2021.html •