Oracle

Real User Experience Insight

16 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2021-2351

Exploit
  • EPSS 3.54%
  • Published 21.07.2021 15:15:21
  • Last modified 21.11.2024 06:02:56

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracl...

8.6

CVE-2021-3517

  • EPSS 0.09%
  • Published 19.05.2021 14:15:07
  • Last modified 21.11.2024 06:21:44

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-o...

8.8

CVE-2021-3518

  • EPSS 0.25%
  • Published 18.05.2021 12:15:08
  • Last modified 21.11.2024 06:21:44

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, inte...

5.9

CVE-2021-3537

  • EPSS 0.11%
  • Published 14.05.2021 20:15:16
  • Last modified 21.11.2024 06:21:47

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could...

5.8

CVE-2021-29425

Exploit
  • EPSS 0.48%
  • Published 13.04.2021 07:15:12
  • Last modified 21.11.2024 06:01:04

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but ...

6.5

CVE-2020-24977

Exploit
  • EPSS 0.55%
  • Published 04.09.2020 00:15:10
  • Last modified 21.11.2024 05:16:15

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

7.5

CVE-2019-20388

  • EPSS 0.56%
  • Published 21.01.2020 23:15:13
  • Last modified 21.11.2024 04:38:21

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5

CVE-2020-7595

  • EPSS 0.47%
  • Published 21.01.2020 23:15:13
  • Last modified 21.11.2024 05:37:26

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5

CVE-2019-19956

  • EPSS 0.15%
  • Published 24.12.2019 16:15:11
  • Last modified 21.11.2024 04:35:44

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

6.1

CVE-2019-10219

  • EPSS 1.67%
  • Published 08.11.2019 15:15:11
  • Last modified 07.07.2025 14:15:21

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.