Oracle

Enterprise Manager Ops Center

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2020-13950

  • EPSS 17.37%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:02:13

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service

7.3

CVE-2020-35452

  • EPSS 14.97%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:27:18

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particula...

7.5

CVE-2021-26690

  • EPSS 71.33%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:40

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service

9.8

CVE-2021-26691

  • EPSS 42.56%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 05:56:41

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow

5.3

CVE-2021-30641

  • EPSS 24.56%
  • Veröffentlicht 10.06.2021 07:15:07
  • Zuletzt bearbeitet 21.11.2024 06:04:21

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

7.5

CVE-2021-22222

  • EPSS 0.4%
  • Veröffentlicht 07.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:44

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

8.8

CVE-2021-29505

  • EPSS 90.77%
  • Veröffentlicht 28.05.2021 21:15:08
  • Zuletzt bearbeitet 30.05.2025 00:15:20

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input str...

8.8

CVE-2021-3518

  • EPSS 0.25%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Veröffentlicht 14.05.2021 20:15:16
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

4.3

CVE-2021-23839

  • EPSS 0.29%
  • Veröffentlicht 16.02.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 05:51:55

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clie...