Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-2181

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-16 Sep, 2016 | 00:00
Updated At-05 Aug, 2024 | 23:17
Rejected At-
Credits

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:16 Sep, 2016 | 00:00
Updated At:05 Aug, 2024 | 23:17
Rejected At:
▼CVE Numbering Authority (CNA)

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/92982
vdb-entry
https://www.tenable.com/security/tns-2016-20
N/A
http://www.splunk.com/view/SP-CAAAPUE
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.html
vendor-advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
N/A
http://www.splunk.com/view/SP-CAAAPSV
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
N/A
https://www.tenable.com/security/tns-2016-16
N/A
https://www.tenable.com/security/tns-2016-21
N/A
http://www.securitytracker.com/id/1036690
vdb-entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
N/A
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
N/A
https://bto.bluecoat.com/security-advisory/sa132
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
vendor-advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
N/A
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
vendor-advisory
http://www.ubuntu.com/usn/USN-3087-1
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
vendor-advisory
http://www.ubuntu.com/usn/USN-3087-2
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
vendor-advisory
http://seclists.org/fulldisclosure/2017/Jul/31
mailing-list
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
vendor-advisory
https://support.f5.com/csp/article/K59298921
N/A
http://www.debian.org/security/2016/dsa-3673
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
vendor-advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
N/A
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
N/A
Hyperlink: http://www.securityfocus.com/bid/92982
Resource:
vdb-entry
Hyperlink: https://www.tenable.com/security/tns-2016-20
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Resource:
vendor-advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1036690
Resource:
vdb-entry
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Resource:
vendor-advisory
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource: N/A
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Resource:
vendor-advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Resource:
vendor-advisory
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Resource:
mailing-list
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Resource:
vendor-advisory
Hyperlink: https://support.f5.com/csp/article/K59298921
Resource: N/A
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Resource:
vendor-advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Resource:
vendor-advisory
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Resource: N/A
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/92982
vdb-entry
x_transferred
https://www.tenable.com/security/tns-2016-20
x_transferred
http://www.splunk.com/view/SP-CAAAPUE
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
x_transferred
http://rhn.redhat.com/errata/RHSA-2016-1940.html
vendor-advisory
x_transferred
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
x_transferred
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
x_transferred
http://www.splunk.com/view/SP-CAAAPSV
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21995039
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_transferred
https://www.tenable.com/security/tns-2016-16
x_transferred
https://www.tenable.com/security/tns-2016-21
x_transferred
http://www.securitytracker.com/id/1036690
vdb-entry
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
x_transferred
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
x_transferred
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
x_transferred
https://bto.bluecoat.com/security-advisory/sa132
x_transferred
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
x_transferred
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
vendor-advisory
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10215
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-3087-1
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
vendor-advisory
x_transferred
http://www.ubuntu.com/usn/USN-3087-2
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
vendor-advisory
x_transferred
http://seclists.org/fulldisclosure/2017/Jul/31
mailing-list
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
vendor-advisory
x_transferred
https://support.f5.com/csp/article/K59298921
x_transferred
http://www.debian.org/security/2016/dsa-3673
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
vendor-advisory
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
vendor-advisory
x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
x_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
x_transferred
Hyperlink: http://www.securityfocus.com/bid/92982
Resource:
vdb-entry
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-20
Resource:
x_transferred
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Resource:
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Resource:
x_transferred
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Resource:
x_transferred
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Resource:
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Resource:
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-16
Resource:
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2016-21
Resource:
x_transferred
Hyperlink: http://www.securitytracker.com/id/1036690
Resource:
vdb-entry
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Resource:
x_transferred
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Resource:
x_transferred
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Resource:
x_transferred
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Resource:
x_transferred
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Resource:
vendor-advisory
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Resource:
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Resource:
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Resource:
mailing-list
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Resource:
vendor-advisory
x_transferred
Hyperlink: https://support.f5.com/csp/article/K59298921
Resource:
x_transferred
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Resource:
vendor-advisory
x_transferred
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Resource:
x_transferred
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Resource:
x_transferred
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:16 Sep, 2016 | 05:59
Updated At:12 Apr, 2025 | 10:46

The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
OpenSSL
openssl
>>openssl>>1.0.1
cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1a
cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1b
cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1c
cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1d
cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1e
cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1f
cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1g
cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1h
cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1i
cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1j
cpe:2.3:a:openssl:openssl:1.0.1j:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1k
cpe:2.3:a:openssl:openssl:1.0.1k:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1l
cpe:2.3:a:openssl:openssl:1.0.1l:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1m
cpe:2.3:a:openssl:openssl:1.0.1m:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1n
cpe:2.3:a:openssl:openssl:1.0.1n:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1o
cpe:2.3:a:openssl:openssl:1.0.1o:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1p
cpe:2.3:a:openssl:openssl:1.0.1p:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1q
cpe:2.3:a:openssl:openssl:1.0.1q:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1r
cpe:2.3:a:openssl:openssl:1.0.1r:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1s
cpe:2.3:a:openssl:openssl:1.0.1s:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.1t
cpe:2.3:a:openssl:openssl:1.0.1t:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2
cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2a
cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2b
cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2c
cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2d
cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2e
cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2f
cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2g
cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*
OpenSSL
openssl
>>openssl>>1.0.2h
cpe:2.3:a:openssl:openssl:1.0.2h:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>linux>>6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>linux>>7
cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759secalert@redhat.com
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlsecalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2017/Jul/31secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2016/dsa-3673secalert@redhat.com
N/A
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-ensecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlsecalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlsecalert@redhat.com
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlsecalert@redhat.com
Third Party Advisory
http://www.securityfocus.com/bid/92982secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036690secalert@redhat.com
N/A
http://www.splunk.com/view/SP-CAAAPSVsecalert@redhat.com
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUEsecalert@redhat.com
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-3087-2secalert@redhat.com
N/A
https://bto.bluecoat.com/security-advisory/sa132secalert@redhat.com
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfsecalert@redhat.com
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770secalert@redhat.com
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312secalert@redhat.com
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215secalert@redhat.com
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascsecalert@redhat.com
N/A
https://support.f5.com/csp/article/K59298921secalert@redhat.com
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24secalert@redhat.com
N/A
https://www.tenable.com/security/tns-2016-16secalert@redhat.com
Third Party Advisory
https://www.tenable.com/security/tns-2016-20secalert@redhat.com
N/A
https://www.tenable.com/security/tns-2016-21secalert@redhat.com
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2016-1940.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2017/Jul/31af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21995039af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2016/dsa-3673af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-enaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.htmlaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/92982af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1036690af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.splunk.com/view/SP-CAAAPSVaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.splunk.com/view/SP-CAAAPUEaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ubuntu.com/usn/USN-3087-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-3087-2af854a3a-2127-422b-91ae-364da2661108
N/A
https://bto.bluecoat.com/security-advisory/sa132af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770af854a3a-2127-422b-91ae-364da2661108
N/A
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10215af854a3a-2127-422b-91ae-364da2661108
N/A
https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.ascaf854a3a-2127-422b-91ae-364da2661108
N/A
https://support.f5.com/csp/article/K59298921af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tenable.com/security/tns-2016-16af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.tenable.com/security/tns-2016-20af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.tenable.com/security/tns-2016-21af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/92982
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036690
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://support.f5.com/csp/article/K59298921
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2016-20
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2016-1940.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2017/Jul/31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21995039
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.debian.org/security/2016/dsa-3673
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/92982
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securitytracker.com/id/1036690
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.splunk.com/view/SP-CAAAPSV
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.splunk.com/view/SP-CAAAPUE
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: http://www.ubuntu.com/usn/USN-3087-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-3087-2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bto.bluecoat.com/security-advisory/sa132
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=1fb9fdc3027b27d8eb6a1e6a846435b070980770
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10215
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://support.f5.com/csp/article/K59298921
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-16
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2016-20
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.tenable.com/security/tns-2016-21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

582Records found
CVE-2012-5081
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-81.84% / 99.15%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 21:29
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2012-5373
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.51% / 65.46%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkopenjdkjren/a
CVE-2012-3222
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-17 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2012-3170
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2012-3169
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.20%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170.

Action-Not Available
Vendor-n/aOracle Corporation
Product-siebel_crmn/a
CVE-2021-37714
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.73%
||
7 Day CHG+0.04%
Published-18 Aug, 2021 | 15:10
Updated-04 Aug, 2024 | 01:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes.

Action-Not Available
Vendor-jsoupquarkusjhyNetApp, Inc.Oracle Corporation
Product-peoplesoft_enterprise_peopletoolsprimavera_unifierquarkuscommunications_messaging_serverfinancial_services_crime_and_compliance_management_studiostream_analyticshospitality_token_proxy_servicewebcenter_portalbanking_trade_financeflexcube_universal_bankingmiddleware_common_libraries_and_toolsjsoupmanagement_services_for_element_software_and_netapp_hcibanking_treasury_managementretail_customer_management_and_segmentation_foundationbusiness_process_management_suitejsoup
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-248
Uncaught Exception
CVE-2021-37137
Matching Score-8
Assigner-JFrog
ShareView Details
Matching Score-8
Assigner-JFrog
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.41%
||
7 Day CHG~0.00%
Published-19 Oct, 2021 | 00:00
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.

Action-Not Available
Vendor-quarkusThe Netty ProjectNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerbanking_apispeoplesoft_enterprise_peopletoolsdebian_linuxbanking_digital_experiencequarkusnettycommunications_cloud_native_core_binding_support_functioncommerce_guided_searchcommunications_brm_-_elastic_charging_enginewebcenter_portaloncommand_insightNetty
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-2686
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-54.66% / 97.95%
||
7 Day CHG~0.00%
Published-08 Feb, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the TLS 1.1 and 1.2 implementations in OpenSSL 1.0.1 before 1.0.1d allows remote attackers to cause a denial of service (application crash) via crafted CBC data.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
CVE-2012-3155
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.78% / 72.79%
||
7 Day CHG~0.00%
Published-16 Oct, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-java_system_application_serverglassfish_servern/a
CVE-2012-2739
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.04% / 76.59%
||
7 Day CHG~0.00%
Published-28 Nov, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdkopenjdkjren/a
CVE-2021-3749
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.93%
||
7 Day CHG-0.21%
Published-31 Aug, 2021 | 10:36
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-axiosaxiosOracle CorporationSiemens AG
Product-sinec_insgoldengateaxiosaxios/axios
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2016-5488
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.20% / 78.03%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2021-3807
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-ansi-regex_projectchalkOracle Corporation
Product-ansi-regexcommunications_cloud_native_core_policychalk/ansi-regex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-35586
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.80%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2021-36090
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.88%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 07:15
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Commons Compress 1.0 to 1.20 denial of service vulnerability

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationOracle Corporation
Product-healthcare_data_repositorypeoplesoft_enterprise_peopletoolsprimavera_unifierprimavera_gatewaycommunications_session_route_managerbanking_platformcommunications_session_report_managerbanking_party_managementbanking_apisbanking_enterprise_default_managementbanking_paymentscommunications_cloud_native_core_unified_data_repositoryfinancial_services_analytical_applications_infrastructureflexcube_universal_bankingcommunications_unified_inventory_managementbusiness_process_management_suiteoncommand_insightcommunications_cloud_native_core_automated_test_suitecommunications_cloud_native_core_service_communication_proxybanking_digital_experiencecommunications_billing_and_revenue_managementutilities_testing_acceleratorcommunications_messaging_serverfinancial_services_crime_and_compliance_management_studioactive_iq_unified_managerfinancial_services_enterprise_case_managementbanking_trade_financecommunications_diameter_intelligence_hubcommons_compressinsurance_policy_administrationcommunications_element_managercommerce_guided_searchbanking_treasury_managementwebcenter_portalApache Commons Compress
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2010-1849
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-07 Jun, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Action-Not Available
Vendor-mysqln/aOracle Corporation
Product-mysqln/a
CVE-2021-35583
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-snapcentermysql_serveroncommand_insightMySQL Server
CVE-2021-35574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.57% / 80.79%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_cloud_native_core_policyoutside_in_technologyOutside In Technology
CVE-2021-35662
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35620
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2005-3206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-27.03% / 96.18%
||
7 Day CHG~0.00%
Published-14 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2005-3207
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-39.46% / 97.19%
||
7 Day CHG~0.00%
Published-14 Oct, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.

Action-Not Available
Vendor-n/aOracle Corporation
Product-formsn/a
CVE-2021-35656
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35660
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35659
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.00%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2012-2199
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5||MEDIUM
EPSS-0.59% / 68.33%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.

Action-Not Available
Vendor-n/aOracle CorporationIBM Corporation
Product-websphere_mqsolarisn/a
CVE-2021-36222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.58% / 89.92%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:28
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxMIT (Massachusetts Institute of Technology)NetApp, Inc.
Product-debian_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationkerberos_5snapcentermysql_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36160
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.07% / 90.38%
||
7 Day CHG+1.03%
Published-16 Sep, 2021 | 14:40
Updated-01 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_uwsgi out of bound read

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software FoundationDebian GNU/LinuxNetApp, Inc.Broadcom Inc.
Product-communications_cloud_native_core_network_function_cloud_native_environmentbrocade_fabric_operating_system_firmwaredebian_linuxfedorapeoplesoft_enterprise_peopletoolshttp_servercloud_backupenterprise_manager_base_platformzfs_storage_appliance_kitinstantis_enterprisetrackstoragegridclustered_data_ontapApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-35654
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.64% / 81.18%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-essbase_administration_servicesHyperion Essbase Administration Services
CVE-2012-1702
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.84% / 73.74%
||
7 Day CHG~0.00%
Published-17 Jan, 2013 | 01:30
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aCanonical Ltd.Red Hat, Inc.Oracle CorporationMariaDB Foundation
Product-enterprise_linux_desktopubuntu_linuxenterprise_linux_eusenterprise_linux_workstationmariadbmysqlenterprise_linux_servern/a
CVE-2021-35661
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35573
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35657
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-36690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.77%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Action-Not Available
Vendor-sqliten/aApple Inc.Oracle Corporation
Product-iphone_oswatchostvossqlitezfs_storage_appliance_kitmacosn/a
CVE-2021-35561
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Utility). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2021-35572
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35559
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.33%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-04 Aug, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JREjdkjava_sejre
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2012-1746
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.87% / 74.33%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747.

Action-Not Available
Vendor-n/aOracle CorporationMicrosoft Corporation
Product-database_serverwindowsn/a
CVE-2021-35565
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.08%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkdebian_linuxgraalvmsnapmanagerhci_management_nodee-series_santricity_os_controlleractive_iq_unified_managere-series_santricity_storage_managerfedorae-series_santricity_web_servicesoncommand_workflow_automationsolidfiresantricity_unified_manageroncommand_insightJava SE JDK and JRE
CVE-2005-1746
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.86% / 74.05%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_serverweblogic_portaln/a
CVE-2005-1749
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.83% / 73.63%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_serverweblogic_portaln/a
CVE-2005-1748
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.75% / 72.10%
||
7 Day CHG~0.00%
Published-24 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.

Action-Not Available
Vendor-n/aBEA Systems, Inc.Oracle Corporation
Product-weblogic_serverweblogic_portaln/a
CVE-2021-34798
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.97% / 93.14%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxThe Apache Software FoundationOracle CorporationTenable, Inc.Broadcom Inc.Siemens AGFedora Project
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backuptenable.scstoragegridsinema_serverruggedcom_nmshttp_serverclustered_data_ontapdebian_linuxsinec_nmssinema_remote_connect_serverinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_base_platformbrocade_fabric_operating_system_firmwareApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-34141
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-17 Dec, 2021 | 18:43
Updated-04 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this reported code behavior is "completely harmless."

Action-Not Available
Vendor-numpyn/aOracle Corporation
Product-communications_cloud_native_core_policynumpyn/a
CWE ID-CWE-697
Incorrect Comparison
CVE-2012-1747
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.55%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2012-1724
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-16 Jun, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect availability, related to JAXP.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2012-1738
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.19% / 77.92%
||
7 Day CHG~0.00%
Published-17 Jul, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server.

Action-Not Available
Vendor-n/aOracle Corporation
Product-iplanet_web_serversun_products_suite_java_system_web_servern/a
CVE-2021-33813
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 11:18
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request.

Action-Not Available
Vendor-jdomn/aThe Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-debian_linuxsolrcommunications_messaging_serverfedoratikajdomn/a
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2012-0050
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-1.70% / 81.51%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4108.

Action-Not Available
Vendor-n/aOpenSSL
Product-openssln/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 11
  • 12
  • Next
Details not found