CVE-2022-1292

all versions

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by so

7.3HIGH

CVE-2022-22721

all versions

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow hap

9.1CRITICAL

CVE-2022-22720

all versions

Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, e

9.8CRITICAL

CVE-2021-4160

all versions

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of t

5.9MEDIUM

CVE-2021-45105

all versions

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-40438

all versions

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue a

9.0CRITICAL

CVE-2021-2351

all versions

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-33503

all versions

An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component

7.5HIGH

CVE-2021-31618

all versions

Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as config

7.5HIGH

CVE-2021-30641

all versions

Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'

5.3MEDIUM

CVE-2021-26691

all versions

In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overf

9.8CRITICAL

CVE-2021-26690

all versions

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dere

7.5HIGH

CVE-2020-35452

all versions

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There

7.3HIGH

CVE-2020-13950

all versions

Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted

7.5HIGH

CVE-2019-17567

all versions

Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin

5.3MEDIUM

CVE-2021-22222

all versions

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture

7.5HIGH

CVE-2021-29505

all versions

XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may al

7.5HIGH

CVE-2021-3518

all versions

There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an applic

8.8HIGH

CVE-2021-3537

all versions

A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content,

5.9MEDIUM

CVE-2021-23841

all versions

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and seria

5.9MEDIUM

CVE-2021-23840

all versions

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the

7.5HIGH

CVE-2021-23839

all versions

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and m

3.7LOW

CVE-2021-23336

all versions

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and bef

5.9MEDIUM

CVE-2021-2015

all versions

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affecte

8.2HIGH

CVE-2021-1999

all versions

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version

5.0MEDIUM

CVE-2021-1993

all versions

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c

4.8MEDIUM

CVE-2021-3177

all versions

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in ce

9.8CRITICAL

CVE-2020-1971

all versions

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPar

5.9MEDIUM

CVE-2020-24977

all versions

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The

6.5MEDIUM

CVE-2020-9490

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would re

7.5HIGH

CVE-2020-11993

all versions

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patter

7.5HIGH

CVE-2020-11984

all versions

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

9.8CRITICAL

CVE-2020-15358

all versions

In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because o

5.5MEDIUM

CVE-2020-14422

all versions

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which mig

5.9MEDIUM

CVE-2020-13871

all versions

SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late

7.5HIGH

CVE-2020-1945

all versions

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.

6.3MEDIUM

CVE-2020-11022

all versions

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery

6.9MEDIUM

CVE-2020-1967

all versions

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL

7.5HIGH

CVE-2020-11656

all versions

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs

9.8CRITICAL

CVE-2020-11655

all versions

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query bec

7.5HIGH

CVE-2020-1927

all versions

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fo

6.1MEDIUM

CVE-2020-1934

all versions

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.3MEDIUM

CVE-2020-9327

all versions

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of

7.5HIGH

CVE-2020-7595

all versions

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

7.5HIGH

CVE-2019-20388

all versions

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

7.5HIGH

CVE-2019-1551

all versions

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms

5.3MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-10097

all versions

In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY"

7.2HIGH

CVE-2019-10092

all versions

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attac

6.1MEDIUM

CVE-2019-10082

all versions

In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after be

9.1CRITICAL

CVE-2019-5482

all versions

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8CRITICAL

CVE-2019-5481

all versions

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

9.8CRITICAL

CVE-2019-13990

all versions

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a jo

9.8CRITICAL

CVE-2019-2728

all versions

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking

4.3MEDIUM

CVE-2019-5443

all versions

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will mak

7.8HIGH

CVE-2019-0197

all versions

A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enable

4.2MEDIUM

CVE-2019-5436

all versions

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.

7.8HIGH

CVE-2019-2726

all versions

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services I

6.3MEDIUM

CVE-2019-5427

all versions

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections again

7.5HIGH

CVE-2019-11358

all versions

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2019-0211

all versions

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child pr

7.8HIGH

CVE-2019-0217

all versions

In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could al

7.5HIGH

CVE-2019-1559

all versions

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to

5.9MEDIUM

CVE-2019-3822

all versions

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing N

9.8CRITICAL

CVE-2019-0190

all versions

A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would

7.5HIGH

CVE-2018-17199

all versions

In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This c

7.5HIGH

CVE-2018-17189

all versions

In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream f

5.3MEDIUM

CVE-2018-15769

all versions

RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a

7.5HIGH

CVE-2018-5407

all versions

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a sid

4.7MEDIUM

CVE-2018-0734

all versions

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variati

5.9MEDIUM

CVE-2018-0735

all versions

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use varia

5.9MEDIUM

CVE-2018-15756

all versions

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t

7.5HIGH

CVE-2018-11763

all versions

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thre

5.9MEDIUM

CVE-2018-11058

all versions

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edi

9.8CRITICAL

CVE-2018-11057

all versions

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channe

5.9MEDIUM

CVE-2018-11056

all versions

RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0

6.5MEDIUM

CVE-2018-11055

all versions

RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing

5.5MEDIUM

CVE-2018-11054

all versions

RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously

7.5HIGH

CVE-2018-2976

all versions

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking

8.2HIGH

CVE-2018-11040

all versions

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications

7.5HIGH

CVE-2018-11039

all versions

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applica

5.9MEDIUM

CVE-2018-1000301

all versions

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that

9.1CRITICAL

CVE-2018-1258

all versions

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when

8.8HIGH

CVE-2018-1257

all versions

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows application

6.5MEDIUM

CVE-2018-2742

all versions

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework)

7.3HIGH

CVE-2018-1272

all versions

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side

7.5HIGH

CVE-2018-1271

all versions

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications

5.9MEDIUM

CVE-2018-1270

all versions

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications

9.8CRITICAL

CVE-2018-1000122

all versions

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cau

9.1CRITICAL

CVE-2018-1000121

all versions

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a

7.5HIGH

CVE-2018-1000120

all versions

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a de

9.8CRITICAL

CVE-2015-9251

all versions

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the

6.1MEDIUM

CVE-2016-8610

all versions

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define

7.5HIGH

CVE-2016-3494

all versions

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,

6.5MEDIUM

CVE-2016-0635

all versions

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,

8.8HIGH

CVE-2016-5387

all versions

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presenc

8.1HIGH

CVE-2016-5385

all versions

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applicati

8.1HIGH

CVE-2015-7940

all versions

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remo

CVE-2015-3237

all versions

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information

CVE-2015-3153

<= 12.1.3

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, w

CVE-2014-8109

< 12.1.4

mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration i

CVE-2014-3581

< 12.1.4

The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11

CVE-2014-0226

all versions

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of servi

CVE-2013-5704

< 12.1.4

The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by plac

CVE-2014-1491

< 12.1.4

Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thund

CVE-2014-1490

< 12.1.4

Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox

CVE-2013-1620

all versions

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a nonc