Oracle

HTTP Server

103 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2020-24977

Exploit
  • EPSS 0.55%
  • Published 04.09.2020 00:15:10
  • Last modified 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

7.5

CVE-2020-1967

Exploit
  • EPSS 66.69%
  • Published 21.04.2020 14:15:11
  • Last modified 21.11.2024 05:11:45

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occur...

6.5

CVE-2020-2952

  • EPSS 1.4%
  • Published 15.04.2020 14:15:37
  • Last modified 21.11.2024 05:26:43

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP...

5.3

CVE-2020-2545

  • EPSS 3.92%
  • Published 15.01.2020 17:15:16
  • Last modified 21.11.2024 05:25:29

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker wit...

6.1

CVE-2020-2530

  • EPSS 1.12%
  • Published 15.01.2020 17:15:15
  • Last modified 21.11.2024 05:25:27

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker wi...

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

9.1

CVE-2019-10082

  • EPSS 47.89%
  • Published 26.09.2019 16:15:10
  • Last modified 21.11.2024 04:18:21

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.

7.2

CVE-2019-10097

  • EPSS 26.43%
  • Published 26.09.2019 16:15:10
  • Last modified 21.11.2024 04:18:23

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulner...

9.8

CVE-2019-5482

  • EPSS 10.79%
  • Published 16.09.2019 19:15:10
  • Last modified 21.11.2024 04:45:01

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

5.9

CVE-2019-2751

  • EPSS 1.42%
  • Published 23.07.2019 23:15:39
  • Last modified 21.11.2024 04:41:28

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker wi...