Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2018-20843

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-24 Jun, 2019 | 16:06
Updated At-30 May, 2025 | 19:39
Rejected At-
Credits

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:24 Jun, 2019 | 16:06
Updated At:30 May, 2025 | 19:39
Rejected At:
▼CVE Numbering Authority (CNA)

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/4040-1/
vendor-advisory
x_refsource_UBUNTU
https://usn.ubuntu.com/4040-2/
vendor-advisory
x_refsource_UBUNTU
https://www.debian.org/security/2019/dsa-4472
vendor-advisory
x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Jun/39
mailing-list
x_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
mailing-list
x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
vendor-advisory
x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
vendor-advisory
x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
vendor-advisory
x_refsource_SUSE
https://security.gentoo.org/glsa/201911-08
vendor-advisory
x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://github.com/libexpat/libexpat/issues/186
x_refsource_MISC
https://github.com/libexpat/libexpat/pull/262
x_refsource_MISC
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
x_refsource_MISC
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
x_refsource_MISC
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190703-0001/
x_refsource_CONFIRM
https://support.f5.com/csp/article/K51011533
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.tenable.com/security/tns-2021-11
x_refsource_CONFIRM
Hyperlink: https://usn.ubuntu.com/4040-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://usn.ubuntu.com/4040-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.debian.org/security/2019/dsa-4472
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: https://seclists.org/bugtraq/2019/Jun/39
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: https://security.gentoo.org/glsa/201911-08
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
Hyperlink: https://github.com/libexpat/libexpat/issues/186
Resource:
x_refsource_MISC
Hyperlink: https://github.com/libexpat/libexpat/pull/262
Resource:
x_refsource_MISC
Hyperlink: https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Resource:
x_refsource_MISC
Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Resource:
x_refsource_MISC
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20190703-0001/
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.f5.com/csp/article/K51011533
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.tenable.com/security/tns-2021-11
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://usn.ubuntu.com/4040-1/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://usn.ubuntu.com/4040-2/
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.debian.org/security/2019/dsa-4472
vendor-advisory
x_refsource_DEBIAN
x_transferred
https://seclists.org/bugtraq/2019/Jun/39
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
mailing-list
x_refsource_MLIST
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
vendor-advisory
x_refsource_FEDORA
x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
vendor-advisory
x_refsource_SUSE
x_transferred
https://security.gentoo.org/glsa/201911-08
vendor-advisory
x_refsource_GENTOO
x_transferred
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
https://github.com/libexpat/libexpat/issues/186
x_refsource_MISC
x_transferred
https://github.com/libexpat/libexpat/pull/262
x_refsource_MISC
x_transferred
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
x_refsource_MISC
x_transferred
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
x_refsource_MISC
x_transferred
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20190703-0001/
x_refsource_CONFIRM
x_transferred
https://support.f5.com/csp/article/K51011533
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
x_transferred
https://www.tenable.com/security/tns-2021-11
x_refsource_CONFIRM
x_transferred
Hyperlink: https://usn.ubuntu.com/4040-1/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://usn.ubuntu.com/4040-2/
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.debian.org/security/2019/dsa-4472
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: https://seclists.org/bugtraq/2019/Jun/39
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201911-08
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/libexpat/libexpat/issues/186
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/libexpat/libexpat/pull/262
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20190703-0001/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.f5.com/csp/article/K51011533
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.tenable.com/security/tns-2021-11
Resource:
x_refsource_CONFIRM
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-611CWE-611 Improper Restriction of XML External Entity Reference
Type: CWE
CWE ID: CWE-611
Description: CWE-611 Improper Restriction of XML External Entity Reference
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:24 Jun, 2019 | 17:15
Updated At:30 May, 2025 | 20:15

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.07.8HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 7.8
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CPE Matches
libexpat_project
libexpat_project
>>libexpat>>Versions before 2.2.7(exclusive)
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>18.10
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
Canonical Ltd.
canonical
>>ubuntu_linux>>19.04
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Debian GNU/Linux
debian
>>debian_linux>>9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Fedora Project
fedoraproject
>>fedora>>30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.0
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
openSUSE
opensuse
>>leap>>15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>hospitality_res_3700>>Versions from 5.7(inclusive) to 5.7.6(inclusive)
cpe:2.3:a:oracle:hospitality_res_3700:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>12.1.3.0
cpe:2.3:a:oracle:http_server:12.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>http_server>>12.2.1.4.0
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>outside_in_technology>>8.5.4
cpe:2.3:a:oracle:outside_in_technology:8.5.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>outside_in_technology>>8.5.5
cpe:2.3:a:oracle:outside_in_technology:8.5.5:*:*:*:*:*:*:*
Tenable, Inc.
tenable
>>nessus>>Versions before 8.15.0(exclusive)
cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE-611Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-611
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226cve@mitre.org
Issue Tracking
Third Party Advisory
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changescve@mitre.org
Release Notes
Third Party Advisory
https://github.com/libexpat/libexpat/issues/186cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262cve@mitre.org
Exploit
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6cve@mitre.org
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.htmlcve@mitre.org
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/cve@mitre.org
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/cve@mitre.org
N/A
https://seclists.org/bugtraq/2019/Jun/39cve@mitre.org
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201911-08cve@mitre.org
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190703-0001/cve@mitre.org
Third Party Advisory
https://support.f5.com/csp/article/K51011533cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/4040-1/cve@mitre.org
Third Party Advisory
https://usn.ubuntu.com/4040-2/cve@mitre.org
Third Party Advisory
https://www.debian.org/security/2019/dsa-4472cve@mitre.org
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2021-11cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Third Party Advisory
https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changesaf854a3a-2127-422b-91ae-364da2661108
Release Notes
Third Party Advisory
https://github.com/libexpat/libexpat/issues/186af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
Third Party Advisory
https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6af854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/06/msg00028.htmlaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/af854a3a-2127-422b-91ae-364da2661108
N/A
https://seclists.org/bugtraq/2019/Jun/39af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201911-08af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190703-0001/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.f5.com/csp/article/K51011533af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://usn.ubuntu.com/4040-1/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://usn.ubuntu.com/4040-2/af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.debian.org/security/2019/dsa-4472af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Third Party Advisory
https://www.tenable.com/security/tns-2021-11af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
Source: cve@mitre.org
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Source: cve@mitre.org
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/issues/186
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/pull/262
Source: cve@mitre.org
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Jun/39
Source: cve@mitre.org
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201911-08
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190703-0001/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K51011533
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4040-1/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4040-2/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4472
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2021-11
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00039.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5226
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/blob/R_2_2_7/expat/Changes
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/issues/186
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/pull/262
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Third Party Advisory
Hyperlink: https://github.com/libexpat/libexpat/pull/262/commits/11f8838bf99ea0a6f0b76f9760c43704d00c4ff6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEJJSQSG3KSUQY4FPVHZ7ZTT7FORMFVD/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IDAUGEB3TUP6NEKJDBUBZX7N5OAUOOOK/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://seclists.org/bugtraq/2019/Jun/39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.gentoo.org/glsa/201911-08
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20190703-0001/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.f5.com/csp/article/K51011533
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4040-1/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://usn.ubuntu.com/4040-2/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.debian.org/security/2019/dsa-4472
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.tenable.com/security/tns-2021-11
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1207Records found
CVE-2021-3803
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.86%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in fb55/nth-check

nth-check is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-nth-check_projectfb55Debian GNU/Linux
Product-debian_linuxnth-checkfb55/nth-check
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-3737
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.42%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.

Action-Not Available
Vendor-n/aCanonical Ltd.NetApp, Inc.Red Hat, Inc.Python Software FoundationOracle CorporationFedora Project
Product-ubuntu_linuxcodeready_linux_builder_for_ibm_z_systemscodeready_linux_builder_for_power_little_endianenterprise_linuxhcicommunications_cloud_native_core_network_exposure_functioncommunications_cloud_native_core_policypythonmanagement_services_for_element_softwarecodeready_linux_builderxcp_nfsontap_select_deploy_administration_utilityfedoraenterprise_linux_for_ibm_z_systemscommunications_cloud_native_core_binding_support_functionnetapp_xcp_smbenterprise_linux_for_power_little_endianpython
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3761
Matching Score-8
Assigner-Cloudflare, Inc.
ShareView Details
Matching Score-8
Assigner-Cloudflare, Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.71%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 14:05
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values

Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a BGP hijack which during normal operations would be rejected as "RPKI invalid". Additionally, in certain deployments RTR session flapping in and of itself also could cause BGP routing churn, causing availability issues.

Action-Not Available
Vendor-Debian GNU/LinuxCloudflare, Inc.
Product-octorpkidebian_linuxoctorpki
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-3749
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-8.37% / 91.93%
||
7 Day CHG-0.21%
Published-31 Aug, 2021 | 10:36
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in axios/axios

axios is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-axiosaxiosOracle CorporationSiemens AG
Product-sinec_insgoldengateaxiosaxios/axios
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-3805
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.59%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prototype Pollution in mariocasciaro/object-path

object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Action-Not Available
Vendor-object-path_projectmariocasciaroDebian GNU/Linux
Product-object-pathdebian_linuxmariocasciaro/object-path
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2021-3807
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-7.5||HIGH
EPSS-0.21% / 44.09%
||
7 Day CHG~0.00%
Published-17 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in chalk/ansi-regex

ansi-regex is vulnerable to Inefficient Regular Expression Complexity

Action-Not Available
Vendor-ansi-regex_projectchalkOracle Corporation
Product-ansi-regexcommunications_cloud_native_core_policychalk/ansi-regex
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-36090
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.28% / 50.88%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 07:15
Updated-04 Aug, 2024 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Commons Compress 1.0 to 1.20 denial of service vulnerability

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software FoundationOracle Corporation
Product-healthcare_data_repositorypeoplesoft_enterprise_peopletoolsprimavera_unifierprimavera_gatewaycommunications_session_route_managerbanking_platformcommunications_session_report_managerbanking_party_managementbanking_apisbanking_enterprise_default_managementbanking_paymentscommunications_cloud_native_core_unified_data_repositoryfinancial_services_analytical_applications_infrastructureflexcube_universal_bankingcommunications_unified_inventory_managementbusiness_process_management_suiteoncommand_insightcommunications_cloud_native_core_automated_test_suitecommunications_cloud_native_core_service_communication_proxybanking_digital_experiencecommunications_billing_and_revenue_managementutilities_testing_acceleratorcommunications_messaging_serverfinancial_services_crime_and_compliance_management_studioactive_iq_unified_managerfinancial_services_enterprise_case_managementbanking_trade_financecommunications_diameter_intelligence_hubcommons_compressinsurance_policy_administrationcommunications_element_managercommerce_guided_searchbanking_treasury_managementwebcenter_portalApache Commons Compress
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CVE-2021-35583
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Windows). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-NetApp, Inc.Oracle Corporation
Product-snapcentermysql_serveroncommand_insightMySQL Server
CVE-2021-35574
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.57% / 80.79%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-communications_cloud_native_core_policyoutside_in_technologyOutside In Technology
CVE-2021-35662
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35620
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.83%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Server
CVE-2021-3580
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.10%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 00:00
Updated-19 Nov, 2024 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

Action-Not Available
Vendor-nettle_projectn/aRed Hat, Inc.NetApp, Inc.Debian GNU/Linux
Product-nettledebian_linuxontap_select_deploy_administration_utilityenterprise_linuxnettle
CWE ID-CWE-20
Improper Input Validation
CVE-2021-35656
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35660
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35659
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-36222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.58% / 89.92%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:28
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

Action-Not Available
Vendor-n/aOracle CorporationDebian GNU/LinuxMIT (Massachusetts Institute of Technology)NetApp, Inc.
Product-debian_linuxoncommand_insightactive_iq_unified_manageroncommand_workflow_automationkerberos_5snapcentermysql_servern/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-36160
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.07% / 90.38%
||
7 Day CHG+1.03%
Published-16 Sep, 2021 | 14:40
Updated-01 May, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mod_proxy_uwsgi out of bound read

A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).

Action-Not Available
Vendor-Fedora ProjectOracle CorporationThe Apache Software FoundationDebian GNU/LinuxNetApp, Inc.Broadcom Inc.
Product-communications_cloud_native_core_network_function_cloud_native_environmentbrocade_fabric_operating_system_firmwaredebian_linuxfedorapeoplesoft_enterprise_peopletoolshttp_servercloud_backupenterprise_manager_base_platformzfs_storage_appliance_kitinstantis_enterprisetrackstoragegridclustered_data_ontapApache HTTP Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-35654
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.64% / 81.18%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Essbase Administration Services. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-essbase_administration_servicesHyperion Essbase Administration Services
CVE-2021-35661
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-3610
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.76%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 00:00
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability was found in ImageMagick in versions prior to 7.0.11-14 in ReadTIFFImage() in coders/tiff.c. This issue is due to an incorrect setting of the pixel array size, which can lead to a crash and segmentation fault.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora ProjectImageMagick Studio LLC
Product-enterprise_linuxfedoraimagemagickImageMagick
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-35573
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2023-46849
Matching Score-8
Assigner-OpenVPN Inc.
ShareView Details
Matching Score-8
Assigner-OpenVPN Inc.
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.62%
||
7 Day CHG~0.00%
Published-11 Nov, 2023 | 00:05
Updated-11 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

Action-Not Available
Vendor-openvpnOpenVPNFedora ProjectDebian GNU/Linux
Product-openvpn_access_serverfedoradebian_linuxopenvpnOpenVPN 2 (Community)Access Server
CWE ID-CWE-369
Divide By Zero
CVE-2021-35657
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:51
Updated-25 Sep, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-3673
Matching Score-8
Assigner-Fedora Project
ShareView Details
Matching Score-8
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.45% / 62.50%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 18:09
Updated-03 Aug, 2024 | 17:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Radare2 in version 5.3.1. Improper input validation when reading a crafted LE binary can lead to resource exhaustion and DoS.

Action-Not Available
Vendor-n/aFedora ProjectRadare2 (r2)
Product-fedoraradare2radare2
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-252
Unchecked Return Value
CVE-2021-36690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.77%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 00:00
Updated-04 Aug, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A segmentation fault can occur in the sqlite3.exe command-line component of SQLite 3.36.0 via the idxGetTableInfo function when there is a crafted SQL query. NOTE: the vendor disputes the relevance of this report because a sqlite3.exe user already has full privileges (e.g., is intentionally allowed to execute commands). This report does NOT imply any problem in the SQLite library.

Action-Not Available
Vendor-sqliten/aApple Inc.Oracle Corporation
Product-iphone_oswatchostvossqlitezfs_storage_appliance_kitmacosn/a
CVE-2021-35572
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.80% / 82.03%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 10:50
Updated-25 Sep, 2024 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS Base Score depend on the software that uses Outside In Technology. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology, but if data is not received over a network the CVSS score may be lower. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-outside_in_technologyOutside In Technology
CVE-2021-35063
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.90% / 74.74%
||
7 Day CHG~0.00%
Published-22 Jul, 2021 | 17:01
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."

Action-Not Available
Vendor-oisfn/aDebian GNU/LinuxFedora Project
Product-debian_linuxfedorasuricatan/a
CVE-2021-34798
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.97% / 93.14%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-04 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference in httpd core

Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-NetApp, Inc.Debian GNU/LinuxThe Apache Software FoundationOracle CorporationTenable, Inc.Broadcom Inc.Siemens AGFedora Project
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backuptenable.scstoragegridsinema_serverruggedcom_nmshttp_serverclustered_data_ontapdebian_linuxsinec_nmssinema_remote_connect_serverinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_base_platformbrocade_fabric_operating_system_firmwareApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2006-5873
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.51% / 80.47%
||
7 Day CHG~0.00%
Published-12 Dec, 2006 | 00:00
Updated-07 Aug, 2024 | 20:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

Action-Not Available
Vendor-l2tpnsn/aDebian GNU/Linux
Product-l2tpnsdebian_linuxn/a
CVE-2012-1610
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.03% / 91.11%
||
7 Day CHG~0.00%
Published-05 Jun, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the GetEXIFProperty function in magick/property.c in ImageMagick before 6.7.6-4 allows remote attackers to cause a denial of service (out-of-bounds read) via a large component count for certain EXIF tags in a JPEG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0259.

Action-Not Available
Vendor-n/aCanonical Ltd.openSUSEImageMagick Studio LLCDebian GNU/Linux
Product-debian_linuxopensuseimagemagickubuntu_linuxn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-34555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.68% / 70.68%
||
7 Day CHG~0.00%
Published-10 Jun, 2021 | 14:56
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a multi-value From header field.

Action-Not Available
Vendor-trusteddomainn/aFedora Project
Product-fedoraopendmarcn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2023-45363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.68% / 93.41%
||
7 Day CHG+0.27%
Published-09 Oct, 2023 | 00:00
Updated-15 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWikimedia Foundation
Product-debian_linuxmediawikin/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-33623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.26% / 78.53%
||
7 Day CHG~0.00%
Published-28 May, 2021 | 00:00
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The trim-newlines package before 3.0.1 and 4.x before 4.0.1 for Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.

Action-Not Available
Vendor-trim-newlines_projectn/aNetApp, Inc.Debian GNU/Linux
Product-e-series_performance_analyzerdebian_linuxtrim-newlinesn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-33582
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.73% / 87.52%
||
7 Day CHG~0.00%
Published-01 Sep, 2021 | 05:32
Updated-03 Aug, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.

Action-Not Available
Vendor-cyrusn/aDebian GNU/LinuxFedora Project
Product-imapdebian_linuxfedoran/a
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2021-33196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.97%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 00:00
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's header) can cause a NewReader or OpenReader panic.

Action-Not Available
Vendor-n/aDebian GNU/LinuxGo
Product-godebian_linuxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2021-32920
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.69%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 15:14
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.

Action-Not Available
Vendor-prosodyn/aDebian GNU/LinuxFedora Project
Product-prosodydebian_linuxfedoran/a
CVE-2021-32785
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.03%
||
7 Day CHG-0.01%
Published-22 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Format string bug in the Redis cache implementation

mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled.

Action-Not Available
Vendor-openidczmartzoneNetApp, Inc.The Apache Software FoundationDebian GNU/Linux
Product-mod_auth_openidchttp_serverdebian_linuxcloud_backupmod_auth_openidc
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-33646
Matching Score-8
Assigner-openEuler
ShareView Details
Matching Score-8
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.09%
||
7 Day CHG+0.03%
Published-09 Aug, 2022 | 00:00
Updated-02 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

Action-Not Available
Vendor-feepn/aOpenAtom FoundationFedora ProjectHuawei Technologies Co., Ltd.
Product-openeulerfedoralibtarlibtar
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-33194
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.04% / 8.64%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 14:49
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input.

Action-Not Available
Vendor-n/aFedora ProjectGo
Product-gofedoran/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2021-33645
Matching Score-8
Assigner-openEuler
ShareView Details
Matching Score-8
Assigner-openEuler
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.09%
||
7 Day CHG+0.03%
Published-09 Aug, 2022 | 00:00
Updated-02 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

Action-Not Available
Vendor-feepn/aOpenAtom FoundationFedora ProjectHuawei Technologies Co., Ltd.
Product-openeulerfedoralibtarlibtar
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-32675
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-04 Oct, 2021 | 17:50
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DoS vulnerability in Redis

Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.

Action-Not Available
Vendor-Redis Inc.Oracle CorporationNetApp, Inc.Debian GNU/LinuxFedora Project
Product-communications_operations_monitordebian_linuxmanagement_services_for_netapp_hcifedoraredismanagement_services_for_element_softwareredis
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-32918
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.87% / 85.74%
||
7 Day CHG~0.00%
Published-13 May, 2021 | 15:11
Updated-03 Aug, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.

Action-Not Available
Vendor-prosodyluan/aDebian GNU/LinuxFedora Project
Product-prosodyluadebian_linuxfedoran/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2021-31871
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.90%
||
7 Day CHG~0.00%
Published-30 Apr, 2021 | 05:18
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

Action-Not Available
Vendor-klibc_projectn/aDebian GNU/Linux
Product-debian_linuxklibcn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31957
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-3.84% / 87.71%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ASP.NET Core Denial of Service Vulnerability

ASP.NET Core Denial of Service Vulnerability

Action-Not Available
Vendor-Fedora ProjectMicrosoft Corporation
Product-.netvisual_studio_2019fedora.net_coreMicrosoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2019 version 16.10 (includes 16.0 - 16.9).NET 5.0Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Visual Studio 2019 for Mac version 8.10.NET Core 3.1
CVE-2021-31292
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.38%
||
7 Day CHG~0.00%
Published-26 Jul, 2021 | 00:00
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows attackers to trigger a heap-based buffer overflow and cause a denial of service (DOS) via crafted metadata.

Action-Not Available
Vendor-n/aExiv2Fedora ProjectDebian GNU/Linux
Product-exiv2debian_linuxfedoran/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2021-31684
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.18%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

Action-Not Available
Vendor-json-smart_projectn/aOracle Corporation
Product-utilities_frameworkjson-smart-v2json-smart-v1n/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-32558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.99% / 75.95%
||
7 Day CHG~0.00%
Published-27 Jul, 2021 | 05:19
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Sangoma Asterisk 13.x before 13.38.3, 16.x before 16.19.1, 17.x before 17.9.4, and 18.x before 18.5.1, and Certified Asterisk before 16.8-cert10. If the IAX2 channel driver receives a packet that contains an unsupported media format, a crash can occur.

Action-Not Available
Vendor-n/aDebian GNU/LinuxDigium, Inc.
Product-certified_asteriskasteriskdebian_linuxn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2021-31618
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-12.64% / 93.71%
||
7 Day CHG-4.61%
Published-15 Jun, 2021 | 00:00
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NULL pointer dereference on specially crafted HTTP/2 request

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.

Action-Not Available
Vendor-The Apache Software FoundationFedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxinstantis_enterprisetrackfedorazfs_storage_appliance_kitenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-32566
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.88% / 87.78%
||
7 Day CHG~0.00%
Published-30 Jun, 2021 | 07:15
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Specific sequence of HTTP/2 frames can cause ATS to crash

Improper Input Validation vulnerability in HTTP/2 of Apache Traffic Server allows an attacker to DOS the server. This issue affects Apache Traffic Server 7.0.0 to 7.1.12, 8.0.0 to 8.1.1, 9.0.0 to 9.0.1.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxtraffic_serverApache Traffic Server
CWE ID-CWE-20
Improper Input Validation
CVE-2009-4537
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.72% / 87.51%
||
7 Day CHG~0.00%
Published-12 Jan, 2010 | 17:00
Updated-07 Aug, 2024 | 07:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to (1) cause a denial of service (temporary network outage) via a packet with a crafted size, in conjunction with certain packets containing A characters and certain packets containing E characters; or (2) cause a denial of service (system crash) via a packet with a crafted size, in conjunction with certain packets containing '\0' characters, related to the value of the status register and erroneous behavior associated with the RxMaxSize register. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-1389.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDebian GNU/Linux
Product-debian_linuxlinux_kerneln/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 24
  • 25
  • Next
Details not found