Lucene search
+L
OracleCommunications User Data Repository

6 matches found

CVE
CVE
added 2016/07/19 1:0 a.m.1533 views

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

8.1CVSS8AI score0.55724EPSS
CVE
CVE
added 2021/12/18 11:55 a.m.1190 views

CVE-2021-45105

Summary of CVE-2021-45105 (Log4j2) : Affected Log4j 2.x versions 2.0-alpha1 through 2.16.0 (except 2.12.3 and 2.3.1) are vulnerable to denial of service via uncontrolled recursion triggered by self-referential lookups in Thread Context Map data. The root cause is improper handling of self-referen...

5.9CVSS7.7AI score0.99999EPSS
In wildWeb
CVE
CVE
added 2014/03/18 1:0 a.m.661 views

CVE-2014-2532

OpenSSH CVE-2014-2532 affects sshd prior to 6.6, where AcceptEnv lines with wildcards can be bypassed by using a substring before the wildcard, allowing remote attackers to bypass environment restrictions. Affected component: sshd in OpenSSH. Impact cited: potential info disclosure and environmen...

5.8CVSS5.2AI score0.04751EPSS
CVE
CVE
added 2015/01/28 7:0 p.m.602 views

CVE-2015-0235

CVE-2015-0235 (GHOST) is a heap-based buffer overflow in glibc’s __nss_hostname_digits_dots() used by gethostbyname/gethostbyname2. Affected glibc versions include 2.2 up to 2.17; patched in glibc-2.18 and later. Exploitation could allow remote or context-dependent arbitrary code execution depend...

10CVSS7.7AI score0.94859EPSS
In wild
CVE
CVE
added 2016/07/19 1:0 a.m.461 views

CVE-2016-5385

CVE-2016-5385 affects PHP up to 7.0.8, where PHP did not protect against the HTTP_PROXY namespace clash, potentially allowing a remote attacker to redirect a script’s outbound HTTP traffic to an attacker‑controlled proxy via a crafted Proxy header. Public analyses reference CGI/CGI‑like environme...

8.1CVSS8AI score0.50427EPSS
CVE
CVE
added 2017/01/30 9:0 p.m.199 views

CVE-2016-2518

CVE-2016-2518 affects NTP ntpd: MATCH_ASSOC() can trigger an out-of-bounds reference when handling addpeer with a large hmode. Affected versions are ntpd before 4.2.8p9 and 4.3.x before 4.3.92. Impact is a potential crash/denial of service via crafted packets. Mitigation: upgrade to fixed release...

5.3CVSS6.2AI score0.15081EPSS