Skip to main content

Secure Global Desktop

32 CVEs product

Monthly

CVE-2021-35650 MEDIUM PATCH This Month

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Secure Global Desktop
NVD
CVSS 3.1
4.6
EPSS
0.6%
CVE-2021-35649 MEDIUM PATCH This Month

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Secure Global Desktop
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-40438 CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux Enterprise Linux Enterprise Linux Eus +35
NVD
CVSS 3.1
9.0
EPSS
100.0%
CVE-2021-2447 CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.9
EPSS
1.1%
CVE-2021-2446 CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2021-33037 Maven MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache Information Disclosure Tomee +20
NVD
CVSS 3.1
5.3
EPSS
75.4%
CVE-2021-2248 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-2221 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
9.6
EPSS
2.0%
CVE-2021-2177 CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
CVSS 3.1
10.0
EPSS
2.5%
CVE-2021-3450 Cargo HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd Santricity Smi S Provider Firmware Storagegrid Firmware +29
NVD
CVSS 3.1
7.4
EPSS
18.3%
CVE-2021-3449 Cargo MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service Debian Linux Freebsd +103
NVD
CVSS 3.1
5.9
EPSS
62.9%
CVE-2019-17091 Maven MEDIUM POC PATCH This Month

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Java Mojarra Mojarra Javaserver Faces Application Testing Suite +20
NVD GitHub
CVSS 3.1
6.1
EPSS
2.5%
CVE-2019-10092 MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server Leap Debian Linux +7
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
81.5%
CVE-2019-0227 Maven HIGH POC PATCH THREAT This Week

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available.

SSRF Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +34
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
86.5%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2019-3823 HIGH POC PATCH This Week

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcurl Ubuntu Linux Debian Linux +4
NVD
CVSS 3.0
7.5
EPSS
4.3%
CVE-2019-3822 CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2018-19439 MEDIUM POC THREAT This Month

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle XSS Secure Global Desktop
NVD
CVSS 3.0
6.1
EPSS
20.5%
CVE-2018-0735 MEDIUM PATCH This Month

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux Debian Linux Node Js +18
NVD
CVSS 3.1
5.9
EPSS
4.8%
CVE-2018-11784 Maven MEDIUM POC PATCH THREAT This Month

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Tomcat Open Redirect Debian Linux Ubuntu Linux +12
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
94.5%
CVE-2018-11763 MEDIUM PATCH This Month

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Http Server Ubuntu Linux Enterprise Linux +6
NVD
CVSS 3.0
5.9
EPSS
51.0%
CVE-2018-8032 Maven MEDIUM PATCH This Month

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Axis Agile Engineering Data Management Agile Product Lifecycle Management +35
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2018-1304 Maven MEDIUM PATCH This Month

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Tomcat Jboss Enterprise Application Platform Jboss Enterprise Web Server +7
NVD
CVSS 3.0
5.9
EPSS
17.4%
CVE-2017-9788 CRITICAL PATCH Act Now

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 49.5%.

Denial Of Service Apache Http Server Debian Linux Mac Os X +13
NVD
CVSS 3.0
9.1
EPSS
49.5%
CVE-2017-7668 HIGH PATCH Act Now

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 62.8%.

Buffer Overflow Apache Http Server Clustered Data Ontap Oncommand Unified Manager +11
NVD
CVSS 3.1
7.5
EPSS
62.8%
CVE-2017-3167 CRITICAL PATCH Act Now

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Http Server Clustered Data Ontap Oncommand Unified Manager +12
NVD
CVSS 3.1
9.8
EPSS
9.6%
CVE-2016-5580 CRITICAL PATCH Act Now

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Secure Global Desktop
NVD
CVSS 3.0
9.6
EPSS
0.5%
CVE-2016-3613 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Oracle Secure Global Desktop
NVD
CVSS 3.0
9.8
EPSS
5.2%
CVE-2016-0501 MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Secure Global Desktop
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2014-0226 MEDIUM POC PATCH THREAT This Month

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.4%.

Race Condition Denial Of Service Buffer Overflow RCE Apache +6
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
75.4%
Threat
5.1
CVE-2014-0098 MEDIUM PATCH This Month

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.0%.

Denial Of Service Apache Http Server Secure Global Desktop Ubuntu Linux +1
NVD VulDB
CVSS 2.0
5.0
EPSS
41.0%
CVE-2013-2064 MEDIUM This Month

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Debian Linux Secure Global Desktop Ubuntu Linux Opensuse +2
NVD
CVSS 2.0
6.8
EPSS
0.9%
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Secure Global Desktop
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Secure Global Desktop
NVD
EPSS 100% CVSS 9.0
CRITICAL POC KEV PATCH THREAT Act Now

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.4.48 and earlier. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Rocky Linux +37
NVD
EPSS 1% CVSS 9.9
CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
EPSS 2% CVSS 9.6
CRITICAL Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Secure Global Desktop
NVD
EPSS 75% CVSS 5.3
MEDIUM PATCH This Month

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Tomcat Request Smuggling Apache +22
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
EPSS 2% CVSS 9.6
CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Information Disclosure Secure Global Desktop
NVD
EPSS 18% CVSS 7.4
HIGH PATCH This Week

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Authentication Bypass Freebsd +31
NVD
EPSS 63% CVSS 5.9
MEDIUM PATCH This Month

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference OpenSSL Denial Of Service +105
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Java Mojarra +22
NVD GitHub
EPSS 81% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Apache Http Server +9
NVD GitHub Exploit-DB
EPSS 87% CVSS 7.5
HIGH POC PATCH THREAT This Week

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. Public exploit code available.

SSRF Apache Axis +36
NVD Exploit-DB
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 4% CVSS 7.5
HIGH POC PATCH This Week

libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcurl +6
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl +15
NVD
EPSS 20% CVSS 6.1
MEDIUM POC THREAT This Month

XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Oracle XSS Secure Global Desktop
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Ubuntu Linux +20
NVD
EPSS 94% CVSS 4.3
MEDIUM POC PATCH THREAT This Month

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Apache Tomcat Open Redirect +14
NVD Exploit-DB
EPSS 51% CVSS 5.9
MEDIUM PATCH This Month

In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Http Server +8
NVD
EPSS 11% CVSS 6.1
MEDIUM PATCH This Month

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Apache Axis +37
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Apache Information Disclosure Tomcat +9
NVD
EPSS 49% CVSS 9.1
CRITICAL PATCH Act Now

In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 49.5%.

Denial Of Service Apache Http Server +15
NVD
EPSS 63% CVSS 7.5
HIGH PATCH Act Now

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 62.8%.

Buffer Overflow Apache Http Server +13
NVD
EPSS 10% CVSS 9.8
CRITICAL PATCH Act Now

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Http Server +14
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Secure Global Desktop
NVD
EPSS 5% CVSS 9.8
CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure OpenSSL Oracle +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Secure Global Desktop
NVD
EPSS 75% 5.1 CVSS 6.8
MEDIUM POC PATCH THREAT This Month

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 75.4%.

Race Condition Denial Of Service Buffer Overflow +8
NVD Exploit-DB
EPSS 41% CVSS 5.0
MEDIUM PATCH This Month

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 41.0%.

Denial Of Service Apache Http Server +3
NVD VulDB
EPSS 1% CVSS 6.8
MEDIUM This Month

Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Debian Linux Secure Global Desktop +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy