Filtered by vendor Oracle
Subscriptions
Total
9866 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27223 | 6 Apache, Debian, Eclipse and 3 more | 22 Nifi, Solr, Spark and 19 more | 2024-08-04 | 5.3 Medium |
| In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values. | ||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2024-08-04 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | ||||
| CVE-2020-26870 | 4 Cure53, Debian, Microsoft and 1 more | 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more | 2024-08-04 | 6.1 Medium |
| Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. | ||||
| CVE-2020-26420 | 3 Fedoraproject, Oracle, Wireshark | 3 Fedora, Zfs Storage Appliance Kit, Wireshark | 2024-08-04 | 3.1 Low |
| Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||||
| CVE-2020-26421 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2024-08-04 | 4.2 Medium |
| Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||||
| CVE-2020-26418 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2024-08-04 | 3.1 Low |
| Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||||
| CVE-2020-26575 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Zfs Storage Appliance and 2 more | 2024-08-04 | 7.5 High |
| In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | ||||
| CVE-2020-26422 | 2 Oracle, Wireshark | 2 Zfs Storage Appliance Kit, Wireshark | 2024-08-04 | 3.7 Low |
| Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2020-26419 | 3 Fedoraproject, Oracle, Wireshark | 3 Fedora, Zfs Storage Appliance Kit, Wireshark | 2024-08-04 | 3.1 Low |
| Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. | ||||
| CVE-2020-26237 | 4 Debian, Highlightjs, Oracle and 1 more | 4 Debian Linux, Highlight.js, Mysql Enterprise Monitor and 1 more | 2024-08-04 | 5.8 Medium |
| Highlight.js is a syntax highlighter written in JavaScript. Highlight.js versions before 9.18.2 and 10.1.2 are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable. The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector. If your website or application does not render user provided data it should be unaffected. Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release. | ||||
| CVE-2020-26217 | 6 Apache, Debian, Netapp and 3 more | 23 Activemq, Debian Linux, Snapmanager and 20 more | 2024-08-04 | 8 High |
| XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. | ||||
| CVE-2020-26116 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-08-04 | 7.2 High |
| http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | ||||
| CVE-2020-26137 | 5 Canonical, Debian, Oracle and 2 more | 8 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 5 more | 2024-08-04 | 6.5 Medium |
| urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | ||||
| CVE-2020-25866 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Zfs Storage Appliance Kit and 1 more | 2024-08-04 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs. | ||||
| CVE-2020-25863 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-08-04 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | ||||
| CVE-2020-25862 | 5 Debian, Fedoraproject, Opensuse and 2 more | 5 Debian Linux, Fedora, Leap and 2 more | 2024-08-04 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. This was addressed in epan/dissectors/packet-tcp.c by changing the handling of the invalid 0xFFFF checksum. | ||||
| CVE-2020-25649 | 7 Apache, Fasterxml, Fedoraproject and 4 more | 50 Iotdb, Jackson-databind, Fedora and 47 more | 2024-08-04 | 7.5 High |
| A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | ||||
| CVE-2020-25648 | 4 Fedoraproject, Mozilla, Oracle and 1 more | 7 Fedora, Network Security Services, Communications Offline Mediation Controller and 4 more | 2024-08-04 | 7.5 High |
| A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. | ||||
| CVE-2020-25638 | 5 Debian, Hibernate, Oracle and 2 more | 14 Debian Linux, Hibernate Orm, Communications Cloud Native Core Console and 11 more | 2024-08-04 | 7.4 High |
| A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | ||||
| CVE-2020-25020 | 2 Mpxj, Oracle | 2 Mpxj, Primavera Unifier | 2024-08-04 | 9.8 Critical |
| MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components. | ||||