Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-29921

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-06 May, 2021 | 00:00
Updated At-03 Aug, 2024 | 22:18
Rejected At-
Credits

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:06 May, 2021 | 00:00
Updated At:03 Aug, 2024 | 22:18
Rejected At:
▼CVE Numbering Authority (CNA)

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sickcodes
N/A
https://docs.python.org/3/library/ipaddress.html
N/A
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
N/A
https://sick.codes/sick-2021-014
N/A
https://www.oracle.com//security-alerts/cpujul2021.html
N/A
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
N/A
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
N/A
https://bugs.python.org/issue36384
N/A
https://github.com/python/cpython/pull/12577
N/A
https://github.com/python/cpython/pull/25099
N/A
https://security.netapp.com/advisory/ntap-20210622-0003/
N/A
https://www.oracle.com/security-alerts/cpuoct2021.html
N/A
https://www.oracle.com/security-alerts/cpujan2022.html
N/A
https://www.oracle.com/security-alerts/cpuapr2022.html
N/A
https://www.oracle.com/security-alerts/cpujul2022.html
N/A
https://security.gentoo.org/glsa/202305-02
vendor-advisory
Hyperlink: https://github.com/sickcodes
Resource: N/A
Hyperlink: https://docs.python.org/3/library/ipaddress.html
Resource: N/A
Hyperlink: https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
Resource: N/A
Hyperlink: https://sick.codes/sick-2021-014
Resource: N/A
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource: N/A
Hyperlink: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
Resource: N/A
Hyperlink: https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
Resource: N/A
Hyperlink: https://bugs.python.org/issue36384
Resource: N/A
Hyperlink: https://github.com/python/cpython/pull/12577
Resource: N/A
Hyperlink: https://github.com/python/cpython/pull/25099
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20210622-0003/
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpujul2022.html
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/202305-02
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/sickcodes
x_transferred
https://docs.python.org/3/library/ipaddress.html
x_transferred
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
x_transferred
https://sick.codes/sick-2021-014
x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html
x_transferred
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
x_transferred
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
x_transferred
https://bugs.python.org/issue36384
x_transferred
https://github.com/python/cpython/pull/12577
x_transferred
https://github.com/python/cpython/pull/25099
x_transferred
https://security.netapp.com/advisory/ntap-20210622-0003/
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_transferred
https://www.oracle.com/security-alerts/cpujan2022.html
x_transferred
https://www.oracle.com/security-alerts/cpuapr2022.html
x_transferred
https://www.oracle.com/security-alerts/cpujul2022.html
x_transferred
https://security.gentoo.org/glsa/202305-02
vendor-advisory
x_transferred
Hyperlink: https://github.com/sickcodes
Resource:
x_transferred
Hyperlink: https://docs.python.org/3/library/ipaddress.html
Resource:
x_transferred
Hyperlink: https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
Resource:
x_transferred
Hyperlink: https://sick.codes/sick-2021-014
Resource:
x_transferred
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_transferred
Hyperlink: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
Resource:
x_transferred
Hyperlink: https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
Resource:
x_transferred
Hyperlink: https://bugs.python.org/issue36384
Resource:
x_transferred
Hyperlink: https://github.com/python/cpython/pull/12577
Resource:
x_transferred
Hyperlink: https://github.com/python/cpython/pull/25099
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20210622-0003/
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujul2022.html
Resource:
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202305-02
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:06 May, 2021 | 13:15
Updated At:03 May, 2023 | 11:15

In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Python Software Foundation
python
>>python>>Versions from 3.8.0(inclusive) to 3.8.12(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.9.0(inclusive) to 3.9.5(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_cloud_native_core_automated_test_suite>>1.8.0
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_cloud_native_core_binding_support_function>>1.11.0
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_cloud_native_core_network_slice_selection_function>>1.8.0
cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>graalvm>>20.3.2
cpe:2.3:a:oracle:graalvm:20.3.2:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>graalvm>>21.1.0
cpe:2.3:a:oracle:graalvm:21.1.0:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>zfs_storage_appliance_kit>>8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://bugs.python.org/issue36384cve@mitre.org
Issue Tracking
Patch
Vendor Advisory
https://docs.python.org/3/library/ipaddress.htmlcve@mitre.org
Vendor Advisory
https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rstcve@mitre.org
Third Party Advisory
https://github.com/python/cpython/pull/12577cve@mitre.org
Patch
Third Party Advisory
https://github.com/python/cpython/pull/25099cve@mitre.org
Patch
Third Party Advisory
https://github.com/sickcodescve@mitre.org
Third Party Advisory
https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.mdcve@mitre.org
Exploit
Third Party Advisory
https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.htmlcve@mitre.org
Vendor Advisory
https://security.gentoo.org/glsa/202305-02cve@mitre.org
N/A
https://security.netapp.com/advisory/ntap-20210622-0003/cve@mitre.org
Third Party Advisory
https://sick.codes/sick-2021-014cve@mitre.org
Exploit
Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.htmlcve@mitre.org
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlcve@mitre.org
N/A
https://www.oracle.com/security-alerts/cpuoct2021.htmlcve@mitre.org
Patch
Third Party Advisory
Hyperlink: https://bugs.python.org/issue36384
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Vendor Advisory
Hyperlink: https://docs.python.org/3/library/ipaddress.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://github.com/python/cpython/blob/63298930fb531ba2bb4f23bc3b915dbf1e17e9e1/Misc/NEWS.d/3.8.0a4.rst
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/python/cpython/pull/12577
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/python/cpython/pull/25099
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/sickcodes
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://github.com/sickcodes/security/blob/master/advisories/SICK-2021-014.md
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://python-security.readthedocs.io/vuln/ipaddress-ipv4-leading-zeros.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/202305-02
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20210622-0003/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://sick.codes/sick-2021-014
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujan2022.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujul2022.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: cve@mitre.org
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

638Records found
CVE-2004-2771
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.68%
||
7 Day CHG~0.00%
Published-24 Dec, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.

Action-Not Available
Vendor-bsd_mailx_projectheirloomn/aRed Hat, Inc.Oracle Corporation
Product-enterprise_linuxlinuxbsd_mailxmailxn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2012-0555
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.33%
||
7 Day CHG~0.00%
Published-03 May, 2012 | 18:17
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0556, and CVE-2012-0557.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2005-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.83% / 92.67%
||
7 Day CHG~0.00%
Published-06 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Action-Not Available
Vendor-n/aPython Software Foundation
Product-pythonn/a
CVE-2019-3773
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.65%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-17 Sep, 2024 | 03:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Web Services XML External Entity Injection (XXE)

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-flexcube_private_bankingfinancial_services_analytical_applications_infrastructurespring_web_servicesSpring Web Services
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-3772
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-9.8||CRITICAL
EPSS-2.75% / 85.43%
||
7 Day CHG~0.00%
Published-18 Jan, 2019 | 22:00
Updated-16 Sep, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Integration XML External Entity Injection (XXE)

Spring Integration (spring-integration-xml and spring-integration-ws modules), versions 4.3.18, 5.0.10, 5.1.1, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.

Action-Not Available
Vendor-Oracle CorporationVMware (Broadcom Inc.)
Product-spring_integrationretail_customer_management_and_segmentation_foundationSpring Integration
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2004-1362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.00% / 87.97%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_database_controloracle8ioracle10genterprise_managere-business_suitecollaboration_suiteapplication_serverenterprise_manager_grid_controloracle9in/a
CVE-2004-1370
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.81% / 82.09%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

Action-Not Available
Vendor-n/aOracle Corporation
Product-enterprise_manager_database_controloracle8ioracle10genterprise_managere-business_suitecollaboration_suiteapplication_serverenterprise_manager_grid_controloracle9in/a
CVE-2004-1363
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-27.66% / 96.25%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_database_controlenterprise_managere-business_suitecollaboration_suiteapplication_serverenterprise_manager_grid_controln/a
CWE ID-CWE-131
Incorrect Calculation of Buffer Size
CVE-2011-3544
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-93.04% / 99.77%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-03-24||Apply updates per vendor instructions.

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

Action-Not Available
Vendor-n/aSUSERed Hat, Inc.Oracle CorporationCanonical Ltd.
Product-ubuntu_linuxlinux_enterprise_javajrelinux_enterprise_serversatellite_with_embedded_oraclejdkn/aJava SE JDK and JRE
CWE ID-CWE-284
Improper Access Control
CVE-2004-0835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.65% / 87.39%
||
7 Day CHG~0.00%
Published-16 Oct, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities.

Action-Not Available
Vendor-mysqln/aDebian GNU/LinuxOracle Corporation
Product-mysqldebian_linuxn/a
CVE-2001-1274
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.53% / 90.73%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MySQL before 3.23.31 allows attackers to cause a denial of service and possibly gain privileges.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2011-2299
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.11%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP).

Action-Not Available
Vendor-n/aOracle Corporation
Product-xcpsparc_enterprise_m8000_serversparc_enterprise_m5000_serversparc_enterprise_m9000_serversparc_enterprise_m3000_serversparc_enterprise_m4000_servern/a
CVE-2001-0591
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.00%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverjspn/a
CVE-2011-2245
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.11%
||
7 Day CHG~0.00%
Published-20 Jul, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2011-2307
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.11%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers to affect confidentiality, integrity, and availability, related to Sun Integrated Lights Out Manager (ILOM).

Action-Not Available
Vendor-n/aOracle Corporation
Product-sysfwnetra_sparc_t3-1bsun_fire_x4470_m2sun_fire_x4270_m2netra_sparc_t3-1sparc_t3-1sun_fire_x4170_m2sun_fire_x4470sparc_t3-4sparc_t3-1bsun_blade_x6270_m2sparc_t3-2n/a
CVE-2011-2310
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.11%
||
7 Day CHG~0.00%
Published-18 Oct, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Waveset component in Oracle Sun Products Suite 8.1.0 and 8.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Administration.

Action-Not Available
Vendor-n/aOracle Corporation
Product-sun_products_suiten/a
CVE-2003-1193
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 61.37%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9iapplication_server_portaln/a
CVE-2003-1229
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.59% / 80.91%
||
7 Day CHG~0.00%
Published-17 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejava_web_startjssen/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2010-5325
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-5.96% / 90.30%
||
7 Day CHG~0.00%
Published-15 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the unhtmlify function in foomatic-rip in foomatic-filters before 4.0.6 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a long job title.

Action-Not Available
Vendor-n/aRed Hat, Inc.The Linux FoundationOracle Corporation
Product-enterprise_linuxenterprise_linux_serverfoomatic-filtersenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-2153
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 84.89%
||
7 Day CHG~0.00%
Published-16 Nov, 2005 | 21:17
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2003-0632
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.82% / 85.59%
||
7 Day CHG~0.00%
Published-02 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-applicationse-business_suiten/a
CVE-2003-0634
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.65% / 85.17%
||
7 Day CHG~0.00%
Published-02 Aug, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9in/a
CVE-2002-1631
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.94% / 90.28%
||
7 Day CHG~0.00%
Published-26 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2002-1921
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.36%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2002-1809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.98% / 92.27%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the Windows binary release of MySQL 3.23.2 through 3.23.52 has a NULL root password, which could allow remote attackers to gain unauthorized root access to the MySQL database.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2010-4418
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.11% / 77.21%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.50.11 through 8.50.15 and 8.51GA through 8.51.05 allows remote attackers to affect confidentiality, integrity, and availability, related to PIA Core Technology.

Action-Not Available
Vendor-n/aOracle Corporation
Product-peoplesoft_enterprisepeoplesoft_and_jdedwards_product_suiten/a
CVE-2002-1374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.36% / 95.99%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Action-Not Available
Vendor-symantec_veritasn/aOracle Corporation
Product-netbackup_global_data_managermysqlnetbackup_advanced_reportern/a
CVE-2002-1639
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.09% / 83.33%
||
7 Day CHG~0.00%
Published-28 Mar, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to obtain sensitive information via a request to the oracle.apps.cz.servlet.UiServlet servlet with the test parameter set to "version" or "host".

Action-Not Available
Vendor-n/aOracle Corporation
Product-configuratorn/a
CVE-2002-1376
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.02% / 86.08%
||
7 Day CHG~0.00%
Published-17 Dec, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-symantec_veritasn/aOracle Corporation
Product-netbackup_global_data_managermysqlnetbackup_advanced_reportern/a
CVE-2002-1264
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.64% / 90.82%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2002-1923
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.36%
||
7 Day CHG~0.00%
Published-28 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2002-1375
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.03% / 94.30%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Action-Not Available
Vendor-symantec_veritasn/aOracle Corporation
Product-netbackup_global_data_managermysqlnetbackup_advanced_reportern/a
CVE-2002-0561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.96% / 91.05%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2002-0567
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.76% / 81.83%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9idatabase_servern/a
CVE-2002-0571
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.71%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2002-0564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2010-3593
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.29% / 78.78%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Health Sciences - Oracle Argus Safety component in Oracle Industry Applications 5.0, 5.0.1, 5.0.2, and 5.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Login and LDAP.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_applicationsargus_safetyn/a
CVE-2010-3600
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-76.97% / 98.92%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Client System Analyzer component in Oracle Database Server 11.1.0.7 and 11.2.0.1 and Enterprise Manager Grid Control 10.2.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable third party coordinator that this issue involves an exposed JSP script that accepts XML uploads in conjunction with NULL bytes in an unspecified parameter that allow execution of arbitrary code.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controln/a
CVE-2002-0858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.77%
||
7 Day CHG~0.00%
Published-20 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9in/a
CVE-2002-0559
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.41% / 96.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2002-0656
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-82.49% / 99.18%
||
7 Day CHG~0.00%
Published-31 Jul, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Action-Not Available
Vendor-n/aOpenSSLOracle CorporationApple Inc.
Product-http_serverapplication_serveropensslcorporate_time_outlook_connectormac_os_xn/a
CVE-2021-2463
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-1.91% / 82.50%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:45
Updated-25 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). Supported versions that are affected are 11.0.0, 11.1.0, 11.2.0 and 11.3.0-11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. Successful attacks of this vulnerability can result in takeover of Oracle Commerce Platform. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-commerce_platformCommerce Platform
CVE-2002-0842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-38.35% / 97.13%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2002-0857
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.13%
||
7 Day CHG~0.00%
Published-20 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8idatabase_servern/a
CVE-2002-0843
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.53% / 84.84%
||
7 Day CHG~0.00%
Published-05 Oct, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-oracle8iapplication_serverdatabase_serverhttp_servern/a
CVE-2002-0965
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-77.67% / 98.95%
||
7 Day CHG+5.32%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2002-0569
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.18% / 83.66%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2010-2390
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.14%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controlfusion_middlewaren/a
CVE-2002-0947
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-8.59% / 92.04%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverreportsn/a
CVE-2001-1453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.66% / 93.40%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found