105 matches found
CVE-2019-5443
Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.
CVE-2021-35940
The connected docs confirm a concrete issue in the Apache Portable Runtime (APR) regarding CVE-2017-12613: an out-of-bounds array read in apr_time_exp*() that was fixed in APR 1.6.3. The APR 1.7.x branch did not carry that fix, and APR 1.7.0 regressed to be vulnerable to the same issue. A patch f...
CVE-2021-4184
Wireshark CVE-2021-4184 is an infinite-loop DoS in the BitTorrent DHT dissector. Affected: Wireshark 3.6.0 and 3.4.0–3.4.10. Root cause: BitTorrent DHT parser infinite loop leading to application halt/crash via crafted capture files or packet injections. Publicly stated fixes exist in later Wires...
CVE-2020-35169
CVE-2020-35169 is tied to Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.5.2) with an Improper Input Validation vulnerability. Public sources in the connected documents confirm high-severity impact (CVSS v3.1: 9.8, network access, no authentication, high c...
CVE-2021-4181
CVE-2021-4181 is a crash in the Wireshark Sysdig Event dissector (affects Wireshark 3.6.0 and 3.4.0–3.4.10) that could cause denial of service via crafted capture files or packet injections. Connected documents confirm a DoS impact with a crash/infinite loop in dissectors. Public details do not s...
CVE-2021-4185
CVE-2021-4185 affects Wireshark’s RTMPT dissector and enables denial of service via crafted captures or packet injection by triggering an infinite loop. Public details confirm vulnerable versions include Wireshark 3.6.0 and 3.4.0–3.4.10. Advisories note remediation through updates; for example, D...
CVE-2021-4182
Wireshark CVE-2021-4182 concerns a crash in the RFC 7468 dissector on Wireshark versions 3.6.0 and 3.4.0 up to 3.4.10, allowing denial of service via specially crafted captures or packet injections. The vulnerability is a crash/DoS in parsing (no explicit exploit details provided in the sources)....
CVE-2022-21375
CVE-2022-21375 affects Oracle Solaris 11 kernel. A local, low-privilege attacker with logon can cause a hang or frequent crash (DoS) on the Solaris host. CVSS 3.1 base score 5.5 (A). References indicate Oracle CPU patches in Jan 2022 (and related advisories) as remediation. No exploitation detail...
CVE-2021-42717
CVE-2021-42717 affects ModSecurity 3.x up to 3.0.5 (and 2.x up to 2.9.4). The flaw: excessive nesting of JSON objects causes severe resource exhaustion (DoS), with small-ish requests (e.g., ~300 KB) able to tie up workers and consume CPU. Mitigations documented across multiple sources include upg...
CVE-2002-0655
OpenSSL CVE-2002-0655 affects 0.9.6d and earlier and 0.9.7-beta2 and earlier; on 64-bit platforms it mishandles ASCII representations of integers, enabling denial of service and potentially arbitrary code execution. Public sources in the connected docs corroborate multiple related CVEs (0655, 065...
CVE-2020-26185
Dell BSAFE Micro Edition Suite (Dell) is affected by a Buffer Over-Read Vulnerability in versions prior to 4.5.1. Public docs consistently cite a remote-exploitable issue that can crash an application and cause denial of service. The CVSS data in the sources show a high impact (availability impac...
CVE-2002-0659
CVE-2002-0659 affects the OpenSSL ASN.1 parser in: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier. The vulnerability allows remote denial of service via invalid ASN.1 encodings. The OpenSSL family also contains related issues (e.g., CVE-2002-0655 and CVE-2002-0656) that have been exploit...
CVE-2020-35166
CVE-2020-35166 affects Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.6) with an Observable Timing Discrepancy Vulnerability. The Initial Description specifies the affected products/versions and that the vulnerability is timing-related, implying potential ...
CVE-2020-35163
Technical details about CVE-2020-35163 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2020-35164
Summary (CVE-2020-35164) Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) have an observable timing discrepancy vulnerability. Connected sources (PT-2022-8918) corroborate affected versions and advise upgrading to 4.1.5+ and 4.6+ r...
CVE-2020-35168
CVE-2020-35168 affects Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) with an Observable Timing Discrepancy vulnerability. The initial document provides CVSS metrics indicating high impact (network attack, no user interaction) wi...
CVE-2024-20991
CVE-2024-20991 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware, specifically version 12.2.1.4.0. The issue, described across multiple sources, enables an unauthenticated attacker with network access via HTTP to read a subset of Oracle HTTP Server data due to insufficient pro...
CVE-2012-2751
CVE-2012-2751 relates to ModSecurity prior to 2.6.6 when used with PHP. The issue arises in how single quotes in Content-Disposition are handled inside multipart/form-data requests, allowing remote attackers to bypass filtering rules and potentially perform XSS. The vulnerability is noted to exis...
CVE-2020-29508
CVE-2020-29508 affects Dell BSAFE Crypto-C Micro Edition (versions prior to 4.1.5) and Dell BSAFE Micro Edition Suite (versions prior to 4.6). The root cause is an Improper Input Validation vulnerability. Public references (CNVD/NVD/CVE records and Nessus-related entries) confirm the affected pro...
CVE-2020-2545
CVE-2020-2545 affects Oracle Fusion Middleware Oracle HTTP Server (OSSL Module). Vulnerable in Oracle HTTP Server versions 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0. An unauthenticated attacker with network access via HTTPS can exploit this to cause partial denial of service (DO S) on Oracle HTTP Se...
CVE-2007-0280
CVE-2007-0280 describes a buffer overflow in Oracle Process Mgmt & Notification (OPMN01) affecting Oracle HTTP Server 9.0.1.5; Application Server 9.0.4.3 and 10.1.2.x; and Collaboration Suite 9.0.4.2 and 10.1.2. Oracle notes in the description that OPMN01 is believed to be the ONS buffer overflow...
CVE-2020-35167
Technical details for CVE-2020-35167 are not publicly available in the provided documents. Monitor for updates and additional sources.
CVE-2021-2315
CVE-2021-2315 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware. Affected versions: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. Description: unauthenticated attackers can access via HTTP and may compromise data, with possible unauthorized update/insert/delete and read access. Exploita...
CVE-2007-0279
Technical details about CVE-2007-0279 are not publicly available in the provided connected documents; the materials reference Oracle HTTP Server and related components with unspecified vulnerabilities. Monitor for updates for further specifics.
CVE-2020-2530
CVE-2020-2530 affects Oracle Fusion Middleware Oracle HTTP Server (Web Listener). Connected sources specify affected versions: 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability is an authentication bypass in the Web Listener, allowing an unauthenticated, network-accessing attacker (via HT...
CVE-2007-0282
Concrete details exist in connected documents for the Oracle Process Mgmt & Notification (OPMN) component: a format string vulnerability in the OPMN daemon used by Oracle Grid/Enterprise components (e.g., 10.2.0.1) that can be exploited by crafting the URI in an HTTP request to port 6003, enablin...
CVE-2020-29506
Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.5.2) contain an Observable Timing Discrepancy Vulnerability. The issue is documented with concrete vulnerable components and affected versions; upgrading to 4.1.5 and 4.5.2 respectively...
CVE-2006-0435
The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...
CVE-2020-5360
CVE-2020-5360 refers to a buffer under-read vulnerability in Dell BSAFE Micro Edition Suite, before version 4.5. The NVD entry notes unauthenticated remote exploitation with network access potentially causing undefined behavior or a crash (availability impact). Corporate context in connected docu...
CVE-2019-2751
CVE-2019-2751 affects Oracle Fusion Middleware Oracle HTTP Server (OHS Config MBeans) with affected versions 12.1.3.0.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated attacker with network access via HTTPS to read/modify data, enabling unauthorized access to Oracle HTTP Server data. ...
CVE-2021-35666
CVE-2021-35666 affects the Oracle HTTP Server (OSSL Module) in Oracle Fusion Middleware, specifically version 11.1.1.9.0. The vulnerability allows an unauthenticated, network-accessible attacker over HTTPS to compromise Oracle HTTP Server, potentially gaining unauthorized access to data. Multiple...
CVE-2019-2414
CVE-2019-2414 affects Oracle Fusion Middleware's Oracle HTTP Server Web Listener. Affected version shown as 12.2.1.3 (NVD). A Nessus plugin references 12.1.2.3 in the January 2019 CPU. The vulnerability is exploitable by a low-privilege user with valid logon, potentially enabling takeover of the ...
CVE-2025-21498
CVE-2025-21498 affects Oracle HTTP Server (Oracle Fusion Middleware Core) with 12.2.1.4.0. The vulnerability allows an unauthenticated attacker over HTTP to read a subset of Oracle HTTP Server data. CVSS 3.1 base score is 5.3 (Confidentiality only), with network attack vector and no user interact...
CVE-2020-29507
CVE-2020-29507 affects Dell BSAFE Crypto-C Micro Edition (before 4.1.4) and Dell BSAFE Micro Edition Suite (before 4.4). The vulnerability is described as an Improper Input Validation issue. Public references in the connected documents confirm affected versions and provide remediation guidance: u...
CVE-2022-21593
Oracle Fusion Middleware’s Oracle HTTP Server (OHS Config MBeans) is affected for versions 12.2.1.3.0 and 12.2.1.4.0. The CVE-2022-21593 vulnerability enables an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, potentially gaining unauthorized access to data...
CVE-2020-26184
CVE-2020-26184 affects Dell BSAFE Micro Edition Suite prior to 4.5.1. The vulnerability is improper certificate validation in the library/component, with a CVSSv3 base score of 7.5 (HIGH) and network vector with no privileges required. Affected versions must be updated to 4.5.1 or later to resolv...
CVE-2006-5348
Technical details for CVE-2006-5348 are not publicly provided in the supplied documents. Available records reference the vulnerability but do not specify affected products, root cause, or fixes. Monitor for updates.
CVE-2006-5354
Technical details for CVE-2006-5354 are not publicly provided in the supplied documents. No affected products, impact, or remediation are specified here; monitor for updates and additional technical disclosures.
CVE-2020-2952
CVE-2020-2952 affects Oracle Fusion Middleware’s Oracle HTTP Server (Web Listener) version 11.1.1.9.0. The vulnerability enables an unauthenticated, network-accessible attacker over HTTP to modify or delete data and to read data from the Oracle HTTP Server, as indicated by the CVSS 3.0 base metri...
CVE-2023-22019
CVE-2023-22019 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware, specifically version 12.2.1.4.0. The vulnerability enables an unauthenticated attacker with network access via HTTP to compromise the server and potentially access all Oracle HTTP Server data. CVSS 3.1 base ...
CVE-2006-5349
Technical details for CVE-2006-5349 are not publicly available in the provided documents; the entries describe an unspecified vulnerability affecting Oracle HTTP Server 9.2.0.7 on HP Tru64 UNIX without concrete details. Monitor for updates.
CVE-2006-5350
CVE-2006-5350 affects Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite/Applications 11.5.10CU2; the vulnerability impact is unspecified in the provided documents, with local attack vectors indicated. No concrete root-cause, exploit details, or remediation are given in the connected sources....
CVE-2007-0281
Public documents provided do not include concrete technical details (affected product, root cause, exploit vectors, or remediation) for CVE-2007-0281; monitor for updates.
CVE-2004-2115
Oracle HTTP Server 1.3.22 (based on Apache) is affected by CVE-2004-2115, a cross-site scripting (XSS) vulnerability in which remote attackers can inject and execute arbitrary script as other users via the isqlplus request’s (action, username, or password) parameters. The CVE entry cites this as ...
CVE-2018-2760
The CVE-2018-2760 entry concerns Oracle Fusion Middleware’s Oracle HTTP Server, specifically the OSSL Module subcomponent. Affected versions are 12.1.3 and 12.2.1.2. The vulnerability is described as difficult to exploit and allows an unauthenticated attacker who can reach the server over HTTPS t...
CVE-1999-1068
Oracle Webserver 2.1 is affected when serving PL/SQL stored procedures. A long HTTP GET request can trigger a denial-of-service by crashing the remote web server, via the cgi /ews-bin/fnord pathway. The vulnerability is documented in CVE-1999-1068 and is reflected in the Nessus plugin OWS_OVERFLO...
CVE-2006-5346
The CVE-2006-5346 entry describes an unspecified vulnerability in Oracle HTTP Server 9.2.0.7 (used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite/Applications 11.5.10CU2) with unknown impact and remote attack vectors related to htdigest (aka OHS02). The connected documents corr...
CVE-2006-5347
CVE-2006-5347 affects Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2. The vulnerability is described as unspecified with unknown impact and remote attack vectors related to HTTPS/SSL (aka Vuln# OHS04); no remediation details are provided in the connected documents.
CVE-2018-2561
CVE-2018-2561 affects the Oracle HTTP Server component of Oracle Fusion Middleware (Web Listener). Affected supported versions are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. The vulnerability is exploitable by an unauthenticated, network-accessing attacker over HTTP and can le...
CVE-2021-2480
CVE-2021-2480 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware. Affected: 11.1.1.9.0. Description indicates an unauthenticated attacker with network access via HTTP can compromise Oracle HTTP Server, with potential unauthorized update/insert/delete of accessible data. The...