Filtered by vendor Oracle Subscriptions
Filtered by product Http Server Subscriptions
Total 101 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-21716 5 Debian, Fedoraproject, Oracle and 2 more 6 Debian Linux, Fedora, Http Server and 3 more 2024-11-25 7.5 High
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds.
CVE-2024-20991 1 Oracle 1 Http Server 2024-11-21 5.3 Medium
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
CVE-2023-22019 1 Oracle 1 Http Server 2024-11-21 7.5 High
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
CVE-2022-25315 6 Debian, Fedoraproject, Libexpat Project and 3 more 12 Debian Linux, Fedora, Libexpat and 9 more 2024-11-21 9.8 Critical
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25314 6 Debian, Fedoraproject, Libexpat Project and 3 more 8 Debian Linux, Fedora, Libexpat and 5 more 2024-11-21 7.5 High
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25313 6 Debian, Fedoraproject, Libexpat Project and 3 more 8 Debian Linux, Fedora, Libexpat and 5 more 2024-11-21 6.5 Medium
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25236 5 Debian, Libexpat Project, Oracle and 2 more 11 Debian Linux, Libexpat, Http Server and 8 more 2024-11-21 9.8 Critical
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25235 6 Debian, Fedoraproject, Libexpat Project and 3 more 12 Debian Linux, Fedora, Libexpat and 9 more 2024-11-21 9.8 Critical
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-23943 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-11-21 9.8 Critical
Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions.
CVE-2022-22721 6 Apache, Apple, Debian and 3 more 11 Http Server, Mac Os X, Macos and 8 more 2024-11-21 9.1 Critical
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-22720 6 Apache, Apple, Debian and 3 more 16 Http Server, Mac Os X, Macos and 13 more 2024-11-21 9.8 Critical
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
CVE-2022-22719 6 Apache, Apple, Debian and 3 more 9 Http Server, Mac Os X, Macos and 6 more 2024-11-21 7.5 High
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
CVE-2022-21593 1 Oracle 1 Http Server 2024-11-21 7.1 High
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).
CVE-2022-21375 1 Oracle 3 Http Server, Solaris, Zfs Storage Appliance Kit 2024-11-21 5.5 Medium
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-21271 2 Netapp, Oracle 19 7-mode Transition Tool, Active Iq Unified Manager, Cloud Insights Acquisition Unit and 16 more 2024-11-21 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2022-0391 5 Fedoraproject, Netapp, Oracle and 2 more 12 Fedora, Active Iq Unified Manager, Hci and 9 more 2024-11-21 7.5 High
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14.
CVE-2021-4185 4 Debian, Fedoraproject, Oracle and 1 more 5 Debian Linux, Fedora, Http Server and 2 more 2024-11-21 7.5 High
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-4184 4 Debian, Fedoraproject, Oracle and 1 more 5 Debian Linux, Fedora, Http Server and 2 more 2024-11-21 7.5 High
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
CVE-2021-4183 3 Fedoraproject, Oracle, Wireshark 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more 2024-11-21 5.5 Medium
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
CVE-2021-4182 3 Fedoraproject, Oracle, Wireshark 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more 2024-11-21 7.5 High
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file