Enterprise_manager_ops_center - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Enterprise_manager_ops_center
(Oracle)

Repositories	• https://github.com/apache/httpd • https://github.com/jquery/jquery
#Vulnerabilities	109

Date	Id	Summary	Products	Score	Patch	Annotated
2018-08-31	CVE-2018-11056	RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.	Bsafe, Bsafe_crypto\-C, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database	6.5
2018-08-31	CVE-2018-11057	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.	Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database	5.9
2018-09-14	CVE-2018-11058	RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.	Bsafe, Bsafe_crypto\-C, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database	9.8
2018-11-16	CVE-2018-15769	RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.	Bsafe, Application_testing_suite, Communications_analytics, Communications_ip_service_activator, Core_rdbms, Enterprise_manager_ops_center, Goldengate_application_adapters, Jd_edwards_enterpriseone_tools, Real_user_experience_insight, Retail_predictive_application_server, Security_service, Timesten_in\-Memory_database	7.5
2018-05-11	CVE-2018-1258	Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.	Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Agile_plm, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_network_integrity, Communications_performance_intelligence_center, Communications_services_gatekeeper, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Enterprise_repository, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_financial_integration, Retail_integration_bus, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Weblogic_server, Spring_security, Fuse, Spring_framework	8.8
2020-02-21	CVE-2020-9327	In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.	Ubuntu_linux, Cloud_backup, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite	7.5
2020-04-09	CVE-2020-11655	SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.	Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_messaging_server, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc	7.5
2020-04-09	CVE-2020-11656	In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.	Ontap_select_deploy_administration_utility, Communications_messaging_server, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Mysql_workbench, Outside_in_technology, Zfs_storage_appliance_kit, Sinec_infrastructure_network_services, Sqlite, Tenable\.sc	9.8
2021-06-07	CVE-2021-22222	Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file	Debian_linux, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit, Wireshark	7.5
2019-07-02	CVE-2019-5443	A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.	Curl, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Enterprise_manager_ops_center, Http_server, Mysql_server, Oss_support_tools	7.8