Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cve-2021-2109 vulnerabilities and exploits

(subscribe to this query)

6.5
CVSSv2
CVE-2021-2109
Weblogic Remote Code Execution involving HTTP protocol and JNDI injection gadget...
Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.1.3.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0
7.5
CVSSv2
CVE-2020-14750
Remote code execution vulnerability in Oracle WebLogic Server. This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e., may be exploited over a network without the...
Oracle Fusion Middleware 10.3.6.0Oracle Fusion Middleware 12.1.3.0Oracle Fusion Middleware 12.2.1.3.0Oracle Fusion Middleware 12.2.1.4.0Oracle Fusion Middleware 14.1.1.0.0
7.5
CVSSv2
CVE-2021-1994
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...
Oracle Enterprise Repository 11.1.1.7.0Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.1.3.0.0
7.5
CVSSv2
CVE-2021-2047
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker...
Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.1.3.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0
7.5
CVSSv2
CVE-2021-2064
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise...
Oracle Weblogic Server 12.1.3.0.0
7.5
CVSSv2
CVE-2021-2108
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise...
Oracle Weblogic Server 12.1.3.0.0
7.5
CVSSv2
CVE-2021-2075
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Weblogic Server 10.3.6.0.0Oracle Weblogic Server 12.1.3.0.0Oracle Weblogic Server 12.2.1.3.0Oracle Weblogic Server 12.2.1.4.0Oracle Weblogic Server 14.1.1.0.0
6.8
CVSSv2
CVE-2019-17195
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass....
Connect2id Nimbus Jose\\+jwt
7.5
CVSSv2
CVE-2020-14756
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Coherence 3.7.1.0Oracle Coherence 12.1.3.0.0Oracle Coherence 12.2.1.3.0Oracle Coherence 12.2.1.4.0Oracle Coherence 14.1.1.0.0
5
CVSSv2
CVE-2013-2020
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read....
Canonical Ubuntu Linux 10.04Canonical Ubuntu Linux 11.10Canonical Ubuntu Linux 12.04Canonical Ubuntu Linux 12.10Canonical Ubuntu Linux 13.04Suse Linux Enterprise Server 11.0Clamav Clamav 0.9Clamav Clamav 0.90Clamav Clamav 0.90.1Clamav Clamav 0.90.1 P0Clamav Clamav 0.90.2Clamav Clamav 0.90.2 P0Clamav Clamav 0.90.3Clamav Clamav 0.90.3 P0Clamav Clamav 0.90.3 P1Clamav Clamav 0.91Clamav Clamav 0.91.1Clamav Clamav 0.91.2Clamav Clamav 0.91.2 P0Clamav Clamav 0.92Clamav Clamav 0.92.1Clamav Clamav 0.92 P0Clamav Clamav 0.93Clamav Clamav 0.93.1Clamav Clamav 0.93.2Clamav Clamav 0.93.3Clamav Clamav 0.94Clamav Clamav 0.94.1Clamav Clamav 0.94.2Clamav Clamav 0.95Clamav Clamav 0.95.1Clamav Clamav 0.95.2Clamav Clamav 0.95.3Clamav Clamav 0.96Clamav Clamav 0.96.1Clamav Clamav 0.96.2Clamav Clamav 0.96.3Clamav Clamav 0.96.4Clamav Clamav 0.96.5Clamav Clamav 0.97Clamav Clamav 0.97.1Clamav Clamav 0.97.2Clamav Clamav 0.97.3Clamav Clamav 0.97.4Clamav Clamav 0.97.5Clamav Clamav
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2021-21973mass assignmentCVE-2021-1396CVE-2018-19518CVE-2020-28599deserializationCVE-2021-1230CVE-2021-26681