Oracle

Real User Experience Insight

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2021-2351

Exploit
  • EPSS 3.54%
  • Veröffentlicht 21.07.2021 15:15:21
  • Zuletzt bearbeitet 21.11.2024 06:02:56

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Veröffentlicht 19.05.2021 14:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

8.8

CVE-2021-3518

  • EPSS 0.25%
  • Veröffentlicht 18.05.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Veröffentlicht 14.05.2021 20:15:16
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

5.8

CVE-2021-29425

Exploit
  • EPSS 0.48%
  • Veröffentlicht 13.04.2021 07:15:12
  • Zuletzt bearbeitet 21.11.2024 06:01:04

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...

6.5

CVE-2020-24977

Exploit
  • EPSS 0.55%
  • Veröffentlicht 04.09.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

7.5

CVE-2019-20388

  • EPSS 0.56%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 04:38:21

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5

CVE-2020-7595

  • EPSS 0.47%
  • Veröffentlicht 21.01.2020 23:15:13
  • Zuletzt bearbeitet 21.11.2024 05:37:26

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5

CVE-2019-19956

  • EPSS 0.15%
  • Veröffentlicht 24.12.2019 16:15:11
  • Zuletzt bearbeitet 21.11.2024 04:35:44

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Veröffentlicht 08.11.2019 15:15:11
  • Zuletzt bearbeitet 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.