Filtered by vendor Oracle Subscriptions
Filtered by product Enterprise Manager Ops Center Subscriptions
Total 107 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-13871 6 Debian, Fedoraproject, Netapp and 3 more 12 Debian Linux, Fedora, Cloud Backup and 9 more 2024-08-04 7.5 High
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.
CVE-2020-11984 8 Apache, Canonical, Debian and 5 more 16 Http Server, Ubuntu Linux, Debian Linux and 13 more 2024-08-04 9.8 Critical
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11993 8 Apache, Canonical, Debian and 5 more 16 Http Server, Ubuntu Linux, Debian Linux and 13 more 2024-08-04 7.5 High
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
CVE-2020-11656 5 Netapp, Oracle, Siemens and 2 more 12 Ontap Select Deploy Administration Utility, Communications Messaging Server, Communications Network Charging And Control and 9 more 2024-08-04 9.8 Critical
In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.
CVE-2020-11655 7 Canonical, Debian, Netapp and 4 more 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more 2024-08-04 7.5 High
SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
CVE-2020-11022 9 Debian, Drupal, Fedoraproject and 6 more 88 Debian Linux, Drupal, Fedora and 85 more 2024-08-04 6.9 Medium
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-9490 7 Apache, Canonical, Debian and 4 more 28 Http Server, Ubuntu Linux, Debian Linux and 25 more 2024-08-04 7.5 High
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
CVE-2020-9327 6 Canonical, Netapp, Oracle and 3 more 12 Ubuntu Linux, Cloud Backup, Communications Messaging Server and 9 more 2024-08-04 7.5 High
In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-7595 8 Canonical, Debian, Fedoraproject and 5 more 35 Ubuntu Linux, Debian Linux, Fedora and 32 more 2024-08-04 7.5 High
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-1945 6 Apache, Canonical, Fedoraproject and 3 more 54 Ant, Ubuntu Linux, Fedora and 51 more 2024-08-04 6.3 Medium
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
CVE-2020-1934 7 Apache, Canonical, Debian and 4 more 13 Http Server, Ubuntu Linux, Debian Linux and 10 more 2024-08-04 5.3 Medium
In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-1927 9 Apache, Broadcom, Canonical and 6 more 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more 2024-08-04 6.1 Medium
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.
CVE-2021-45105 6 Apache, Debian, Netapp and 3 more 131 Log4j, Debian Linux, Cloud Manager and 128 more 2024-08-04 5.9 Medium
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CVE-2021-40438 10 Apache, Broadcom, Debian and 7 more 25 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 22 more 2024-08-04 9.0 Critical
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-33503 4 Fedoraproject, Oracle, Python and 1 more 10 Fedora, Enterprise Manager Ops Center, Instantis Enterprisetrack and 7 more 2024-08-03 7.5 High
An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
CVE-2021-31618 4 Apache, Debian, Fedoraproject and 1 more 6 Http Server, Debian Linux, Fedora and 3 more 2024-08-03 7.5 High
Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server. This issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.
CVE-2021-30641 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-08-03 5.3 Medium
Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'
CVE-2021-29505 6 Debian, Fedoraproject, Netapp and 3 more 23 Debian Linux, Fedora, Snapmanager and 20 more 2024-08-03 7.5 High
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
CVE-2021-26690 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-08-03 7.5 High
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service
CVE-2021-26691 6 Apache, Debian, Fedoraproject and 3 more 10 Http Server, Debian Linux, Fedora and 7 more 2024-08-03 9.8 Critical
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow