Oracle

Instantis Enterprisetrack

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-22222

  • EPSS 0.4%
  • Veröffentlicht 07.06.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 05:49:44

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

7

CVE-2021-25329

  • EPSS 0.8%
  • Veröffentlicht 01.03.2021 12:15:14
  • Zuletzt bearbeitet 21.11.2024 05:54:45

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnera...

7.5

CVE-2021-25122

  • EPSS 2.56%
  • Veröffentlicht 01.03.2021 12:15:13
  • Zuletzt bearbeitet 21.11.2024 05:54:23

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and use...

8.2

CVE-2020-11987

  • EPSS 0.63%
  • Veröffentlicht 24.02.2021 18:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:03

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arb...

7.5

CVE-2020-17527

  • EPSS 11.07%
  • Veröffentlicht 03.12.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:17

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request asso...

7.5

CVE-2019-17566

  • EPSS 0.82%
  • Veröffentlicht 12.11.2020 18:15:12
  • Zuletzt bearbeitet 21.11.2024 04:32:32

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make ...

4.3

CVE-2020-13943

  • EPSS 9.57%
  • Veröffentlicht 12.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:02:11

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subs...

7.5

CVE-2020-9490

  • EPSS 75.82%
  • Veröffentlicht 07.08.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:40:45

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via ...

7.5

CVE-2020-11993

Exploit
  • EPSS 38.85%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 01.05.2025 15:40:19

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLev...

9.8

CVE-2020-11984

Exploit
  • EPSS 76.31%
  • Veröffentlicht 07.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:59:02

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE