← Back

Real User Experience Insight

real_user_experience_insight

Vendor: Oracle • 16 CVEs

CVEs (16)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-2351
1Oracle
111Advanced Networking Option
Agile Engineering Data ManagementAgile Plm+108 more
Nov 21, 2024
Jul 21, 2021
N/A· v4
7.5 HIGH· v3
5.1 MEDIUM· v2
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker...Show more
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).Show less
CVE-2021-3517
6Debian
FedoraprojectNetapp+3 more
28Active Iq Unified Manager
Clustered Data OntapClustered Data Ontap Antivirus Connector+25 more
Dec 2, 2025
May 19, 2021
N/A· v4
8.6 HIGH· v3
7.5 HIGH· v2
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of...Show more
There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.Show less
CVE-2021-3518
6Debian
FedoraprojectNetapp+3 more
18Active Iq Unified Manager
Clustered Data OntapClustered Data Ontap Antivirus Connector+15 more
Nov 21, 2024
May 18, 2021
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this fl...Show more
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.Show less
CVE-2021-3537
6Debian
FedoraprojectNetapp+3 more
19Active Iq Unified Manager
Clustered Data OntapClustered Data Ontap Antivirus Connector+16 more
Nov 21, 2024
May 14, 2021
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and...Show more
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.Show less
CVE-2021-29425
4Apache
DebianNetapp+1 more
60Access Manager
Active Iq Unified ManagerAgile Engineering Data Management+57 more
Nov 21, 2024
Apr 13, 2021
N/A· v4
4.8 MEDIUM· v3
5.8 MEDIUM· v2
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files...Show more
In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.Show less
CVE-2020-24977
6Debian
FedoraprojectNetapp+3 more
18Active Iq Unified Manager
Clustered Data OntapClustered Data Ontap Antivirus Connector+15 more
Nov 21, 2024
Sep 4, 2020
N/A· v4
6.5 MEDIUM· v3
6.4 MEDIUM· v2
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVE-2020-7595
7Canonical
DebianFedoraproject+4 more
24Clustered Data Ontap
Communications Cloud Native Core Network Function Cloud Native EnvironmentDebian Linux+21 more
Dec 3, 2025
Jan 21, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388
6Debian
FedoraprojectNetapp+3 more
24Cloud Backup
Clustered Data OntapCommunications Cloud Native Core Network Function Cloud Native Environment+21 more
Dec 17, 2025
Jan 21, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-19956
7Canonical
DebianFedoraproject+4 more
12Active Iq Unified Manager
Clustered Data OntapClustered Data Ontap Antivirus Connector+9 more
Dec 3, 2025
Dec 24, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
CVE-2019-10219
3Netapp
OracleRedhat
188Access Manager
Active Iq Unified ManagerAgile Engineering Data Management+185 more
Jul 7, 2025
Nov 8, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2018-15769
2Dell
Oracle
12Application Testing Suite
BsafeCommunications Analytics+9 more
Nov 21, 2024
Nov 16, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Se...Show more
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.Show less
CVE-2018-11058
2Dell
Oracle
13Application Testing Suite
BsafeBsafe Crypto C+10 more
Nov 21, 2024
Sep 14, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when pa...Show more
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.Show less
CVE-2018-11057
2Dell
Oracle
12Application Testing Suite
BsafeCommunications Analytics+9 more
Nov 21, 2024
Aug 31, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryp...Show more
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.Show less
CVE-2018-11056
2Dell
Oracle
13Application Testing Suite
BsafeBsafe Crypto C+10 more
Nov 21, 2024
Aug 31, 2018
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability whe...Show more
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.Show less
CVE-2018-11055
2Dell
Oracle
12Application Testing Suite
BsafeCommunications Analytics+9 more
Nov 21, 2024
Aug 31, 2018
N/A· v4
5.5 MEDIUM· v3
2.1 LOW· v2
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in...Show more
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.Show less
CVE-2018-11054
2Dell
Oracle
12Application Testing Suite
BsafeCommunications Analytics+9 more
Nov 21, 2024
Aug 31, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.