Filtered by vendor Oracle
Subscriptions
Filtered by product Timesten In-memory Database
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1945 | 6 Apache, Canonical, Fedoraproject and 3 more | 54 Ant, Ubuntu Linux, Fedora and 51 more | 2024-08-04 | 6.3 Medium |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | ||||
| CVE-2021-41772 | 4 Fedoraproject, Golang, Oracle and 1 more | 8 Fedora, Go, Timesten In-memory Database and 5 more | 2024-08-04 | 7.5 High |
| Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. | ||||
| CVE-2021-36373 | 3 Apache, Oracle, Redhat | 33 Ant, Agile Plm, Banking Trade Finance and 30 more | 2024-08-04 | 5.5 Medium |
| When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | ||||
| CVE-2021-36374 | 2 Apache, Oracle | 36 Ant, Agile Engineering Data Management, Agile Plm and 33 more | 2024-08-04 | 5.5 Medium |
| When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. | ||||
| CVE-2021-36221 | 6 Debian, Fedoraproject, Golang and 3 more | 15 Debian Linux, Fedora, Go and 12 more | 2024-08-04 | 5.9 Medium |
| Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. | ||||
| CVE-2021-34558 | 5 Fedoraproject, Golang, Netapp and 2 more | 19 Fedora, Go, Cloud Insights Telegraf and 16 more | 2024-08-04 | 6.5 Medium |
| The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | ||||
| CVE-2021-29923 | 4 Fedoraproject, Golang, Oracle and 1 more | 13 Fedora, Go, Timesten In-memory Database and 10 more | 2024-08-03 | 7.5 High |
| Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. | ||||
| CVE-2021-2351 | 1 Oracle | 111 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 108 more | 2024-08-03 | 8.3 High |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||