Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_manager_ops_center
(Oracle)Repositories |
• https://github.com/apache/httpd
• https://github.com/jquery/jquery |
#Vulnerabilities | 109 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-07-02 | CVE-2019-5443 | A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | Curl, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Enterprise_manager_ops_center, Http_server, Mysql_server, Oss_support_tools | 7.8 | ||
2021-01-20 | CVE-2021-2015 | Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Workflow, attacks may significantly impact additional products. Successful attacks of this... | Data_integrator, Enterprise_manager_ops_center, Workflow | 8.2 | ||
2021-01-20 | CVE-2021-1999 | Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: RAS subsystems). The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle ZFS Storage... | Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Zfs_storage_appliance | 5.0 | ||
2021-01-20 | CVE-2021-1993 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to... | Database_server, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Zfs_storage_appliance | 4.8 | ||
2014-02-06 | CVE-2014-1491 | Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. | Ubuntu_linux, Debian_linux, Fedora, Firefox, Firefox_esr, Network_security_services, Seamonkey, Thunderbird, Opensuse, Enterprise_manager_ops_center, Vm_server, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit | N/A | ||
2019-07-23 | CVE-2019-2728 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS... | Enterprise_manager_ops_center | 4.3 | ||
2018-05-24 | CVE-2018-1000301 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.1 | ||
2018-03-14 | CVE-2018-1000121 | A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
2018-03-14 | CVE-2018-1000122 | A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.1 | ||
2018-03-14 | CVE-2018-1000120 | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 |