Oracle

HTTP Server

103 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-4182

Exploit
  • EPSS 0.05%
  • Published 30.12.2021 22:15:10
  • Last modified 21.11.2024 06:37:05

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

5.5

CVE-2021-4183

Exploit
  • EPSS 0.05%
  • Published 30.12.2021 22:15:10
  • Last modified 21.11.2024 06:37:05

Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file

7.5

CVE-2021-4184

Exploit
  • EPSS 0.06%
  • Published 30.12.2021 22:15:10
  • Last modified 21.11.2024 06:37:05

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5

CVE-2021-4185

Exploit
  • EPSS 0.07%
  • Published 30.12.2021 22:15:10
  • Last modified 21.11.2024 06:37:05

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

8.2

CVE-2021-44224

  • EPSS 10.7%
  • Published 20.12.2021 12:15:07
  • Last modified 21.11.2024 06:30:37

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix D...

9.8

CVE-2021-44790

Exploit
  • EPSS 87.09%
  • Published 20.12.2021 12:15:07
  • Last modified 01.05.2025 15:38:06

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This...

7.1

CVE-2021-43818

  • EPSS 3.56%
  • Published 13.12.2021 18:15:08
  • Last modified 21.11.2024 06:29:51

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that ...

7.5

CVE-2021-42717

Exploit
  • EPSS 2.22%
  • Published 07.12.2021 22:15:06
  • Last modified 03.07.2025 20:59:18

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP ...

5.3

CVE-2021-25219

  • EPSS 0.52%
  • Published 27.10.2021 21:15:07
  • Last modified 21.11.2024 05:54:34

In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken ...

7.1

CVE-2021-35666

  • EPSS 1.18%
  • Published 20.10.2021 11:17:22
  • Last modified 21.11.2024 06:12:46

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTT...