Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-20031

Summary
Assigner-flexera
Assigner Org ID-44d08088-2bea-4760-83a6-1e9be26b15ab
Published At-21 Mar, 2019 | 20:47
Updated At-05 Aug, 2024 | 11:51
Rejected At-
Credits

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:flexera
Assigner Org ID:44d08088-2bea-4760-83a6-1e9be26b15ab
Published At:21 Mar, 2019 | 20:47
Updated At:05 Aug, 2024 | 11:51
Rejected At:
▼CVE Numbering Authority (CNA)

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

Affected Products
Vendor
Flexera Software LLC
Product
FlexNet Publisher
Versions
Affected
  • 11.16.1.0 and earlier
Problem Types
TypeCWE IDDescription
textN/ADoS
Type: text
CWE ID: N/A
Description: DoS
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/109155
vdb-entry
x_refsource_BID
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://secuniaresearch.flexerasoftware.com/advisories/85979/
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/109155
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
Hyperlink: https://secuniaresearch.flexerasoftware.com/advisories/85979/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/109155
vdb-entry
x_refsource_BID
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
x_transferred
https://secuniaresearch.flexerasoftware.com/advisories/85979/
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/109155
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://secuniaresearch.flexerasoftware.com/advisories/85979/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:PSIRT-CNA@flexerasoftware.com
Published At:21 Mar, 2019 | 21:29
Updated At:11 Apr, 2022 | 20:41

A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
flexera
flexera
>>flexnet_publisher>>Versions up to 11.16.1.0(inclusive)
cpe:2.3:a:flexera:flexnet_publisher:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_lsms>>Versions from 13.1(inclusive) to 13.4(inclusive)
cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/109155PSIRT-CNA@flexerasoftware.com
Broken Link
https://secuniaresearch.flexerasoftware.com/advisories/85979/PSIRT-CNA@flexerasoftware.com
Not Applicable
Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPSIRT-CNA@flexerasoftware.com
Patch
Third Party Advisory
Hyperlink: http://www.securityfocus.com/bid/109155
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Broken Link
Hyperlink: https://secuniaresearch.flexerasoftware.com/advisories/85979/
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Not Applicable
Vendor Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: PSIRT-CNA@flexerasoftware.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

552Records found
CVE-2020-11996
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-33.30% / 96.77%
||
7 Day CHG-1.75%
Published-26 Jun, 2020 | 16:27
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationNetApp, Inc.openSUSEDebian GNU/LinuxOracle Corporation
Product-ubuntu_linuxdebian_linuxmysql_enterprise_monitorsiebel_ui_frameworkoncommand_system_managertomcatworkload_managerleapApache Tomcat
CVE-2001-0517
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.72% / 71.65%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2013-2388
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.70% / 71.21%
||
7 Day CHG~0.00%
Published-17 Apr, 2013 | 14:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Mid Tier File Management.

Action-Not Available
Vendor-n/aOracle Corporation
Product-e-business_suiten/a
CVE-2012-0072
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.87% / 74.36%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2017-15707
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-6.2||MEDIUM
EPSS-2.51% / 84.78%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationOracle Corporation
Product-strutsagile_plm_frameworkoncommand_balancewebcenter_portalweblogic_serverretail_xstore_point_of_servicefinancial_services_hedge_management_and_ifrs_valuationsretail_order_brokerjd_edwards_enterpriseone_toolsfinancial_services_market_risk_measurement_and_managementglobal_lifecycle_management_opatchautoenterprise_manager_for_virtualizationApache Struts
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0486
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.77% / 72.47%
||
7 Day CHG~0.00%
Published-18 Jan, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2022-29885
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-64.71% / 98.39%
||
7 Day CHG-0.48%
Published-12 May, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EncryptInterceptor does not provide complete protection on insecure networks

The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-hospitality_cruise_shipboard_property_management_systemdebian_linuxtomcatApache Tomcat
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2011-3534
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-1.22% / 78.23%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd).

Action-Not Available
Vendor-n/aOracle Corporation
Product-solarisn/a
CVE-2022-25314
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.39%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 04:25
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Action-Not Available
Vendor-libexpat_projectn/aSiemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-debian_linuxzfs_storage_appliance_kitlibexpatsinema_remote_connect_serverhttp_serverfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-25647
Matching Score-8
Assigner-Snyk
ShareView Details
Matching Score-8
Assigner-Snyk
CVSS Score-7.7||HIGH
EPSS-1.67% / 81.35%
||
7 Day CHG~0.00%
Published-01 May, 2022 | 15:30
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Deserialization of Untrusted Data

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Action-Not Available
Vendor-n/aNetApp, Inc.Google LLCDebian GNU/LinuxOracle Corporation
Product-debian_linuxgraalvmretail_order_brokerfinancial_services_crime_and_compliance_management_studioactive_iq_unified_managergsoncom.google.code.gson:gson
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2022-24839
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.36%
||
7 Day CHG-0.02%
Published-11 Apr, 2022 | 21:25
Updated-23 Apr, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)

org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library `org.cyberneko.html` is no longer maintained. Nokogiri uses its own fork of this library located at https://github.com/sparklemotion/nekohtml and this CVE applies only to that fork. Other forks of nekohtml may have a similar vulnerability.

Action-Not Available
Vendor-Sparkle MotionOracle Corporation
Product-nekohtmlweblogic_servernekohtml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-23990
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.52% / 87.18%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 18:02
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Action-Not Available
Vendor-libexpat_projectn/aTenable, Inc.Siemens AGOracle CorporationDebian GNU/LinuxFedora Project
Product-nessusdebian_linuxlibexpatsinema_remote_connect_servercommunications_metasolv_solutionfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-24729
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 61.69%
||
7 Day CHG~0.00%
Published-16 Mar, 2022 | 00:00
Updated-23 Apr, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Regular expression Denial of Service in dialog plugin

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.

Action-Not Available
Vendor-ckeditorckeditorOracle CorporationFedora ProjectThe Drupal Association
Product-application_expresspeoplesoft_enterprise_peopletoolsfinancial_services_trade-based_anti_money_launderingcommerce_merchandisingfinancial_services_analytical_applications_infrastructurefedoradrupalckeditorfinancial_services_behavior_detection_platformckeditor4
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-23308
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.46%
||
7 Day CHG~0.00%
Published-26 Feb, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectApple Inc.libxml2 (XMLSoft)Debian GNU/Linux
Product-h410sactive_iq_unified_managerdebian_linuxh500s_firmwarecommunications_cloud_native_core_binding_support_functionbootstrap_osh410c_firmwareh410ch700sh500smysql_workbenchh700e_firmwarezfs_storage_appliance_kitontap_select_deploy_administration_utilitycommunications_cloud_native_core_network_function_cloud_native_environmenth500e_firmwaresolidfire\,_enterprise_sds_\&_hci_storage_nodetvosclustered_data_ontap_antivirus_connectorclustered_data_ontaph300ecommunications_cloud_native_core_network_repository_functioncommunications_cloud_native_core_unified_data_repositoryh300e_firmwaremacoswatchossolidfire_\&_hci_management_nodeh700eipadosmac_os_xhci_compute_nodeh500eh700s_firmwaresmi-s_providerfedoracommunications_cloud_native_core_network_slice_selection_functionh410s_firmwaresnapmanagerlibxml2h300s_firmwaremanageability_software_development_kitsnapdriveiphone_osh300sn/a
CWE ID-CWE-416
Use After Free
CVE-2022-22719
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-27.79% / 96.28%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 10:15
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_lua Use of uninitialized value of in r:parsebody

A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitmac_os_xmacosApache HTTP Server
CWE ID-CWE-665
Improper Initialization
CVE-2022-21634
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.50% / 64.80%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-24 Sep, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: LLVM Interpreter). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-graalvmGraalVM Enterprise Edition
CVE-2022-21716
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.65%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 00:00
Updated-22 Apr, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Overflow in Twisted

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.

Action-Not Available
Vendor-twistedtwistedFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kittwistedtwisted
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-21293
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.01%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejrefedorae-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21349
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.21%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-24 Sep, 2024 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkjdkcloud_insightsoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerjrehci_management_nodee-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicesoncommand_insightJava SE JDK and JRE
CVE-2022-21570
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.77%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 21:08
Updated-24 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 3.7.1.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle Coherence. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Coherence. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-coherenceCoherence
CVE-2011-2230
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5||MEDIUM
EPSS-0.50% / 64.90%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 22:36
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_servern/a
CVE-2022-21426
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.47%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-24 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-azulDebian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-solidfire_\&_hci_management_nodeactive_iq_unified_managerjdkcloud_insights_acquisition_unitsantricity_unified_managerdebian_linuxgraalvmzulujree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsolidfire\,_enterprise_sds_\&_hci_storage_nodehci_compute_node_firmwareoncommand_insightJava SE JDK and JRE
CVE-2022-21441
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.26% / 78.56%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 20:37
Updated-24 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3/IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2022-21514
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.97% / 75.77%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 21:06
Updated-24 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-solarisSolaris Operating System
CVE-2022-21283
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.35%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle CorporationFedora Project
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejrefedorae-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21365
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-19 Nov, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21251
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.62% / 81.11%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-24 Sep, 2024 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Installed Base. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-installed_baseInstalled Base
CVE-2022-21277
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:22
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21366
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21340
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-8.27% / 91.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:24
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21299
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.92%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-13 Feb, 2025 | 16:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxOracle CorporationNetApp, Inc.
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21294
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:23
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21360
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2022-21341
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.22%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 11:25
Updated-03 Aug, 2024 | 02:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxNetApp, Inc.Oracle Corporation
Product-openjdkactive_iq_unified_managerjdkcloud_insights_acquisition_unitoncommand_workflow_automationsolidfiresantricity_unified_managerdebian_linuxgraalvmsnapmanagerhci_management_nodejree-series_santricity_os_controller7-mode_transition_toole-series_santricity_storage_managere-series_santricity_web_servicescloud_secure_agentsantricity_storage_pluginoncommand_insightJava SE JDK and JRE
CVE-2021-43859
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.67% / 81.35%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 12:08
Updated-23 May, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service by injecting highly recursive collections or maps in XStream

XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible.

Action-Not Available
Vendor-xstreamx-streamOracle CorporationFedora ProjectJenkinsDebian GNU/Linux
Product-xstreamcommerce_guided_searchcommunications_brm_-_elastic_charging_enginecommunications_diameter_intelligence_hubcommunications_cloud_native_core_automated_test_suitecommunications_policy_managementretail_xstore_point_of_serviceflexcube_private_bankingdebian_linuxfedorajenkinsxstream
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-42717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.22% / 83.83%
||
7 Day CHG+0.59%
Published-07 Dec, 2021 | 21:08
Updated-03 Jul, 2025 | 20:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.

Action-Not Available
Vendor-trustwaveowaspn/aF5, Inc.Debian GNU/LinuxOracle Corporation
Product-debian_linuxhttp_serverzfs_storage_appliance_kitnginx_modsecurity_wafmodsecurityn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-41524
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-8.62% / 92.07%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 08:40
Updated-04 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
null pointer dereference in h2 fuzzing

While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing, allowing an external source to DoS the server. This requires a specially crafted request. The vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Fedora ProjectOracle Corporation
Product-http_serverinstantis_enterprisetrackfedoracloud_backupApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42340
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.46% / 87.09%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 19:55
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS via memory leak with WebSocket connections

The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.

Action-Not Available
Vendor-The Apache Software FoundationNetApp, Inc.Debian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerretail_store_inventory_managementhospitality_cruise_shipboard_property_management_systemtaleo_platformsd-wan_edgeretail_customer_insightshciretail_data_extractor_for_merchandisingretail_financial_integrationretail_eftlinkagile_engineering_data_managementmanagement_services_for_element_softwaredebian_linuxmiddleware_common_libraries_and_toolstomcatpayment_interfacebig_data_spatial_and_graphmanaged_file_transferApache Tomcat
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-4181
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.49%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitwiresharkWireshark
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-4184
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationDebian GNU/LinuxFedora Project
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitwiresharkWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-4182
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 12.13%
||
7 Day CHG~0.00%
Published-30 Dec, 2021 | 00:00
Updated-03 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

Action-Not Available
Vendor-Wireshark FoundationOracle CorporationFedora Project
Product-wiresharkhttp_serverfedorazfs_storage_appliance_kitWireshark
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2017-10348
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.23%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2017-10355
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-6.89% / 91.01%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2017-10108
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.Phoenix Contact GmbH & Co. KG
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationjdkactive_iq_unified_managersatellitesteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapfl_mguard_dmoncommand_performance_managerjreelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2017-10276
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-6.5||MEDIUM
EPSS-0.70% / 71.05%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: FTS). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-mysqlMySQL Server
CVE-2017-10349
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.23%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2017-10203
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.71% / 81.57%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-mysql_connector\/netMySQL Connectors
CVE-2017-10053
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 72.35%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.Phoenix Contact GmbH & Co. KG
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstationjdkactive_iq_unified_managersatellitevasa_providersteelstore_cloud_integrated_storagedebian_linuxenterprise_linux_servercloud_backupenterprise_linux_server_ausoncommand_insightfl_mguard_dmoncommand_performance_managerjreelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_managerstorage_replication_adapter_for_clustered_data_ontapjrockite-series_santricity_os_controllerJava
CVE-2017-10350
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-0.56% / 67.23%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Debian GNU/LinuxRed Hat, Inc.Oracle CorporationNetApp, Inc.
Product-enterprise_linux_desktoponcommand_unified_manageroncommand_balanceplug-in_for_symantec_netbackupenterprise_linux_server_tusenterprise_linux_eusenterprise_linux_workstatione-series_santricity_web_servicesjdke-series_santricity_management_plug-insactive_iq_unified_managersatellitesteelstore_cloud_integrated_storageenterprise_linux_servercloud_backupdebian_linuxenterprise_linux_server_ausoncommand_insightvasa_provider_for_clustered_data_ontapjreoncommand_performance_managerelement_softwaresnapmanagervirtual_storage_consoleoncommand_shifte-series_santricity_storage_manageroncommand_workflow_automationstorage_replication_adapter_for_clustered_data_ontape-series_santricity_os_controllerJava
CVE-2017-10264
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-5.3||MEDIUM
EPSS-1.47% / 80.14%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel UI Framework. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

Action-Not Available
Vendor-Oracle Corporation
Product-siebel_ui_frameworkSiebel UI Framework
  • Previous
  • 1
  • 2
  • ...
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • Next
Details not found