Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_manager_ops_center
(Oracle)| Repositories |
• https://github.com/apache/httpd
• https://github.com/jquery/jquery |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-03-14 | CVE-2018-1000122 | A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.1 | ||
| 2018-03-14 | CVE-2018-1000120 | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. | Ubuntu_linux, Debian_linux, Curl, Communications_webrtc_session_controller, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 | ||
| 2019-05-24 | CVE-2019-2726 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. While the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can... | Enterprise_manager_ops_center | 6.3 | ||
| 2018-05-11 | CVE-2018-1258 | Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Agile_plm, Application_testing_suite, Big_data_discovery, Communications_converged_application_server, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_services_gatekeeper, Endeca_information_discovery_integrator, Enterprise_manager_for_mysql_database, Enterprise_manager_ops_center, Enterprise_repository, Goldengate_for_big_data, Health_sciences_information_manager, Healthcare_master_person_index, Hospitality_guest_access, Insurance_calculation_engine, Insurance_policy_administration, Insurance_rules_palette, Micros_lucas, Mysql_enterprise_monitor, Peoplesoft_enterprise_fin_install, Retail_assortment_planning, Retail_back_office, Retail_central_office, Retail_customer_insights, Retail_financial_integration, Retail_integration_bus, Retail_point\-Of\-Service, Retail_returns_management, Service_architecture_leveraging_tuxedo, Tape_library_acsls, Weblogic_server, Spring_framework, Spring_security | 8.8 | ||
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. | Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux | 5.9 | ||
| 2018-07-18 | CVE-2018-2976 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Ops Center accessible data as well as... | Enterprise_manager_ops_center | 8.2 | ||
| 2018-04-19 | CVE-2018-2742 | Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data as well... | Enterprise_manager_ops_center | 7.3 | ||
| 2016-07-21 | CVE-2016-3494 | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning. | Enterprise_manager_ops_center | 6.5 | ||
| 2016-07-21 | CVE-2016-0635 | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation... | Documaker, Enterprise_manager_ops_center, Health_sciences_information_manager, Healthcare_master_person_index, Insurance_calculation_engine, Insurance_policy_administration_j2ee, Insurance_rules_palette, Primavera_contract_management, Primavera_p6_enterprise_project_portfolio_management, Retail_integration_bus, Retail_order_broker_cloud_service | 8.8 | ||
| 2015-11-09 | CVE-2015-7940 | The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | Bouncy_castle_crypto_package, Leap, Opensuse, Application_testing_suite, Enterprise_manager_ops_center, Peoplesoft_enterprise_peopletools, Virtual_desktop_infrastructure | N/A |