Oracle

Timesten In-memory Database

28 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-41772

  • EPSS 0.06%
  • Veröffentlicht 08.11.2021 06:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:44

Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.

5.9

CVE-2021-36221

  • EPSS 0.18%
  • Veröffentlicht 08.08.2021 06:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:20

Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort.

7.5

CVE-2021-29923

Exploit
  • EPSS 0.12%
  • Veröffentlicht 07.08.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 06:01:59

Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretati...

5.1

CVE-2021-2351

Exploit
  • EPSS 3.54%
  • Veröffentlicht 21.07.2021 15:15:21
  • Zuletzt bearbeitet 21.11.2024 06:02:56

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...

6.5

CVE-2021-34558

  • EPSS 1.48%
  • Veröffentlicht 15.07.2021 14:15:19
  • Zuletzt bearbeitet 21.11.2024 06:10:40

The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

5.5

CVE-2021-36374

  • EPSS 0.18%
  • Veröffentlicht 14.07.2021 07:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:38

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. ...

5.5

CVE-2021-36373

  • EPSS 0.15%
  • Veröffentlicht 14.07.2021 07:15:08
  • Zuletzt bearbeitet 21.11.2024 06:13:37

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prio...

7.5

CVE-2020-11979

  • EPSS 0.61%
  • Veröffentlicht 01.10.2020 20:15:13
  • Zuletzt bearbeitet 21.11.2024 04:59:02

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without ...

7.2

CVE-2020-7712

Exploit
  • EPSS 0.39%
  • Veröffentlicht 30.08.2020 08:15:11
  • Zuletzt bearbeitet 21.11.2024 05:37:39

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

6.3

CVE-2020-1945

  • EPSS 0.02%
  • Veröffentlicht 14.05.2020 16:15:12
  • Zuletzt bearbeitet 21.11.2024 05:11:42

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files fr...