23 matches found
CVE-2020-9484
CVE-2020-9484 is a deserialization flaw in Apache Tomcat that, under a specific FileStore PersistenceManager configuration and a crafted request, can trigger remote code execution. Affected are Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107 when the...
CVE-2021-25329
The CVE-2021-25329 entry is tied to an incomplete fix for CVE-2020-9484 in Apache Tomcat. In affected releases (Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, and 7.0.0 to 7.0.107) a configuration edge case that was deemed highly unlikely could leave the Tomcat instance vulnerab...
CVE-2021-25122
CVE-2021-25122 affects Apache Tomcat across multiple lines: 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, and 8.5.0 to 8.5.61. The issue allows duplicating request headers and a limited amount of request body from one request to another, enabling cross-user visibility of results (information disclosur...
CVE-2020-35169
CVE-2020-35169 is tied to Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.5.2) with an Improper Input Validation vulnerability. Public sources in the connected documents confirm high-severity impact (CVSS v3.1: 9.8, network access, no authentication, high c...
CVE-2022-21565
CVE-2022-21565 affects the Oracle Database Server Java VM component. Affected: 12.1.0.2, 19c, 21c. Vulnerability allows a low-privilege user with Create Procedure privilege and network access via Oracle Net to compromise the Java VM, potentially leading to unauthorized creation, deletion, or modi...
CVE-2023-21934
The CVE-2023-21934 issue affects Oracle Database Server (Java VM component) in 19c and 21c. The root cause is described in connected sources as insufficient input validation in the Java VM, enabling a low-privileged user with network access via TLS to compromise the Java VM and potentially read, ...
CVE-2022-21498
CVE-2022-21498 affects the Java VM component of Oracle Database Server. Affected: Oracle Database Server versions 12.1.0.2, 19c, and 21c. Root cause: a vulnerability in the Java VM that allows a low-privileged user with Create Procedure privilege and network access via multiple protocols to compr...
CVE-2022-21411
CVE-2022-21411 : Oracle Database Server’s RDBMS Gateway / Generic ODBC Connectivity component is affected. Affected versions are 12.1.0.2, 19c, and 21c . The vulnerability allows a low-privilege attacker with Create Session privilege and network access via Oracle Net to compromise the RDBMS Gatew...
CVE-2023-21829
CVE-2023-21829 affects Oracle Database Server, specifically the RDBMS Security component. Connected sources confirm affected versions are 19c and 21c. A low-privileged attacker with Create Session privilege and network access via Oracle Net can compromise RDBMS Security, with human interaction re...
CVE-2021-35558
CVE-2021-35558 affects Oracle Database Server Core RDBMS. Oracle warns that versions 12.1.0.2, 12.2.0.1, 19c and 21c are affected and an attacker with Create Table privilege and network access could cause partial DOS. Connected IBM EMPTORIS bulletins show affected IBM products and remediations: E...
CVE-2020-26185
Dell BSAFE Micro Edition Suite (Dell) is affected by a Buffer Over-Read Vulnerability in versions prior to 4.5.1. Public docs consistently cite a remote-exploitable issue that can crash an application and cause denial of service. The CVSS data in the sources show a high impact (availability impac...
CVE-2022-21432
CVE-2022-21432 affects Oracle Database Server - Enterprise Edition RDBMS Security. Affected are 12.1.0.2, 19c and 21c; exploitation requires a high-privilege DBA and network access via Oracle Net, enabling partial denial of service. Severity in the CVSS 3.1 base is 2.7 (LOW) with AV:N/AC:L/PR:H/U...
CVE-2020-35166
CVE-2020-35166 affects Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.6) with an Observable Timing Discrepancy Vulnerability. The Initial Description specifies the affected products/versions and that the vulnerability is timing-related, implying potential ...
CVE-2021-35557
CVE-2021-35557 affects the Oracle Database Server Core RDBMS. Affected versions are 12.1.0.2, 12.2.0.1, 19c and 21c. The flaw allows a low-privileged attacker with Create Table privilege and network access via Oracle Net to compromise the Core RDBMS, yielding a partial denial of service (availabi...
CVE-2020-35163
Technical details about CVE-2020-35163 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2020-35164
Summary (CVE-2020-35164) Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) have an observable timing discrepancy vulnerability. Connected sources (PT-2022-8918) corroborate affected versions and advise upgrading to 4.1.5+ and 4.6+ r...
CVE-2021-35551
CVE-2021-35551 affects Oracle Database Server in the RDBMS Security component for 12.2.0.1, 19c, and 21c. The flaw lets a high-privilege DBA with network access via Oracle Net cause a denial of service (hang/crash) and unauthorized data updates/inserts/deletes in RDBMS Security. The issue’s root ...
CVE-2020-35168
CVE-2020-35168 affects Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) with an Observable Timing Discrepancy vulnerability. The initial document provides CVSS metrics indicating high impact (network attack, no user interaction) wi...
CVE-2020-29508
CVE-2020-29508 affects Dell BSAFE Crypto-C Micro Edition (versions prior to 4.1.5) and Dell BSAFE Micro Edition Suite (versions prior to 4.6). The root cause is an Improper Input Validation vulnerability. Public references (CNVD/NVD/CVE records and Nessus-related entries) confirm the affected pro...
CVE-2020-35167
Technical details for CVE-2020-35167 are not publicly available in the provided documents. Monitor for updates and additional sources.
CVE-2020-29506
Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.5.2) contain an Observable Timing Discrepancy Vulnerability. The issue is documented with concrete vulnerable components and affected versions; upgrading to 4.1.5 and 4.5.2 respectively...
CVE-2020-29507
CVE-2020-29507 affects Dell BSAFE Crypto-C Micro Edition (before 4.1.4) and Dell BSAFE Micro Edition Suite (before 4.4). The vulnerability is described as an Improper Input Validation issue. Public references in the connected documents confirm affected versions and provide remediation guidance: u...
CVE-2023-21827
The CVE-2023-21827 entry describes a vulnerability in the Oracle Database Data Redaction component affecting Oracle Database Server 19c and 21c. The flaw allows a low-privileged attacker with Create Session privilege and network access via Oracle Net to read a subset of Data Redaction data. The a...