Product:

Enterprise_manager_ops_center

(Oracle)
Repositories https://github.com/jquery/jquery
#Vulnerabilities 55
Date Id Summary Products Score Patch Annotated
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. Backdrop, Debian_linux, Drupal, Fedora, Joomla\!, Jquery, Oncommand_system_manager, Snapcenter, Backports_sle, Leap, Agile_product_lifecycle_management_for_process, Application_express, Application_service_level_management, Application_testing_suite, Banking_digital_experience, Banking_enterprise_collections, Banking_platform, Bi_publisher, Big_data_discovery, Business_process_management_suite, Communications_analytics, Communications_application_session_controller, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_element_manager, Communications_interactive_session_recorder, Communications_operations_monitor, Communications_session_report_manager, Communications_session_route_manager, Communications_unified_inventory_management, Communications_webrtc_session_controller, Diagnostic_assistant, Enterprise_manager_ops_center, Enterprise_session_border_controller, Financial_services_analytical_applications_infrastructure, Financial_services_analytical_applications_reconciliation_framework, Financial_services_asset_liability_management, Financial_services_balance_sheet_planning, Financial_services_basel_regulatory_capital_basic, Financial_services_basel_regulatory_capital_internal_ratings_based_approach, Financial_services_data_foundation, Financial_services_data_governance_for_us_regulatory_reporting, Financial_services_data_integration_hub, Financial_services_enterprise_financial_performance_analytics, Financial_services_funds_transfer_pricing, Financial_services_hedge_management_and_ifrs_valuations, Financial_services_institutional_performance_analytics, Financial_services_liquidity_risk_management, Financial_services_liquidity_risk_measurement_and_management, Financial_services_loan_loss_forecasting_and_provisioning, Financial_services_market_risk_measurement_and_management, Financial_services_price_creation_and_discovery, Financial_services_profitability_management, Financial_services_regulatory_reporting_for_de_nederlandsche_bank, Financial_services_regulatory_reporting_for_european_banking_authority, Financial_services_regulatory_reporting_for_us_federal_reserve, Financial_services_retail_customer_analytics, Financial_services_retail_performance_analytics, Financial_services_revenue_management_and_billing, Fusion_middleware_mapviewer, Healthcare_foundation, Healthcare_translational_research, Hospitality_guest_access, Hospitality_materials_control, Hospitality_simphony, Identity_manager, Insurance_accounting_analyzer, Insurance_allocation_manager_for_enterprise_profitability, Insurance_data_foundation, Insurance_ifrs_17_analyzer, Insurance_insbridge_rating_and_underwriting, Insurance_performance_insight, Jd_edwards_enterpriseone_tools, Jdeveloper, Jdeveloper_and_adf, Knowledge, Peoplesoft_enterprise_peopletools, Policy_automation, Policy_automation_connector_for_siebel, Policy_automation_for_mobile_devices, Primavera_gateway, Primavera_unifier, Real\-Time_scheduler, Rest_data_services, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_customer_management_and_segmentation_foundation, Retail_point\-Of\-Service, Retail_returns_management, Service_bus, Siebel_mobile_applications, Siebel_ui_framework, Storagetek_tape_analytics_sw_tool, System_utilities, Tape_library_acsls, Transportation_management, Utilities_mobile_workforce_management, Webcenter_sites, Weblogic_server, Cloudforms, Virtualization_manager 6.1
2016-07-19 CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka... Debian_linux, Drupal, Fedora, Storeever_msl6480_tape_library_firmware, System_management_homepage, Leap, Communications_user_data_repository, Enterprise_manager_ops_center, Linux, Php, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation 8.1
2020-06-27 CVE-2020-15358 In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. Icloud, Ipados, Iphone_os, Macos, Tvos, Watchos, Ubuntu_linux, Communications_network_charging_and_control, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Mysql, Outside_in_technology, Sqlite 5.5
2020-12-08 CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp... Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Openssl, Api_gateway, Business_intelligence, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Log_correlation_engine, Nessus_network_monitor 5.9
2021-02-16 CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these... Debian_linux, Openssl, Enterprise_manager_ops_center, Graalvm, Mysql_server, Nosql_database, Log_correlation_engine, Nessus_network_monitor 7.5
2019-09-26 CVE-2019-10092 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed. Http_server, Ubuntu_linux, Debian_linux, Fedora, Clustered_data_ontap, Leap, Communications_element_manager, Enterprise_manager_ops_center, Secure_global_desktop, Software_collection 6.1
2019-12-06 CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also... Ubuntu_linux, Debian_linux, Fedora, Openssl, Leap, Enterprise_manager_ops_center, Mysql_enterprise_monitor, Peoplesoft_enterprise_peopletools 5.3
2020-04-09 CVE-2020-11655 SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. Ubuntu_linux, Debian_linux, Ontap_select_deploy_administration_utility, Communications_element_manager, Communications_network_charging_and_control, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Hyperion_infrastructure_technology, Instantis_enterprisetrack, Mysql, Zfs_storage_appliance_kit, Sqlite 7.5
2020-04-09 CVE-2020-11656 In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. Ontap_select_deploy_administration_utility, Communications_network_charging_and_control, Enterprise_manager_ops_center, Mysql, Outside_in_technology, Zfs_storage_appliance_kit, Sqlite 9.8
2020-06-18 CVE-2020-14422 Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4,... Fedora, Leap, Enterprise_manager_ops_center, Python 5.9