Filtered by vendor Oracle Subscriptions
Filtered by product Http Server Subscriptions
Total 102 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-4183 3 Fedoraproject, Oracle, Wireshark 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more 2024-11-21 5.5 Medium
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
CVE-2021-4182 3 Fedoraproject, Oracle, Wireshark 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more 2024-11-21 7.5 High
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-4181 4 Debian, Fedoraproject, Oracle and 1 more 5 Debian Linux, Fedora, Http Server and 2 more 2024-11-21 7.5 High
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-4034 7 Canonical, Oracle, Polkit Project and 4 more 37 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 34 more 2024-11-21 7.8 High
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVE-2021-44790 8 Apache, Apple, Debian and 5 more 20 Http Server, Mac Os X, Macos and 17 more 2024-11-21 9.8 Critical
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
CVE-2021-44224 7 Apache, Apple, Debian and 4 more 15 Http Server, Mac Os X, Macos and 12 more 2024-11-21 8.2 High
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
CVE-2021-43818 6 Debian, Fedoraproject, Lxml and 3 more 16 Debian Linux, Fedora, Lxml and 13 more 2024-11-21 8.2 High
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5 to receive a patch. There are no known workarounds available.
CVE-2021-42717 4 Debian, F5, Oracle and 1 more 5 Debian Linux, Nginx Modsecurity Waf, Http Server and 2 more 2024-11-21 7.5 High
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4.
CVE-2021-41617 6 Fedoraproject, Netapp, Openbsd and 3 more 15 Fedora, Active Iq Unified Manager, Aff 500f and 12 more 2024-11-21 7.0 High
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.
CVE-2021-40438 10 Apache, Broadcom, Debian and 7 more 25 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 22 more 2024-11-21 9.0 Critical
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-39275 7 Apache, Debian, Fedoraproject and 4 more 14 Http Server, Debian Linux, Fedora and 11 more 2024-11-21 9.8 Critical
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-36160 7 Apache, Broadcom, Debian and 4 more 16 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 13 more 2024-11-21 7.5 High
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
CVE-2021-35940 2 Apache, Oracle 2 Portable Runtime, Http Server 2024-11-21 7.1 High
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.
CVE-2021-35666 1 Oracle 1 Http Server 2024-11-21 5.9 Medium
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2021-34798 9 Apache, Broadcom, Debian and 6 more 21 Http Server, Brocade Fabric Operating System Firmware, Debian Linux and 18 more 2024-11-21 7.5 High
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVE-2021-2480 1 Oracle 1 Http Server 2024-11-21 3.7 Low
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2021-2315 1 Oracle 1 Http Server 2024-11-21 5.4 Medium
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
CVE-2021-25219 7 Debian, Fedoraproject, Isc and 4 more 24 Debian Linux, Fedora, Bind and 21 more 2024-11-21 5.3 Medium
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch, exploitation of broken authoritative servers using a flaw in response processing can cause degradation in BIND resolver performance. The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely, which may cause significant delays in client query processing.
CVE-2020-5360 2 Dell, Oracle 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more 2024-11-21 7.5 High
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
CVE-2020-35169 2 Dell, Oracle 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more 2024-11-21 9.1 Critical
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.