Product:

Enterprise_manager_ops_center

(Oracle)
Repositories https://github.com/apache/httpd
https://github.com/jquery/jquery
#Vulnerabilities 109
Date Id Summary Products Score Patch Annotated
2019-07-26 CVE-2019-13990 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. Tomee, Jira_service_management, Active_iq_unified_manager, Cloud_secure_agent, Apache_batik_mapviewer, Banking_enterprise_originations, Banking_enterprise_product_manufacturing, Banking_payments, Communications_ip_service_activator, Communications_session_route_manager, Customer_management_and_segmentation_foundation, Documaker, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Flexcube_investor_servicing, Flexcube_private_banking, Fusion_middleware_mapviewer, Google_guava_mapviewer, Hyperion_infrastructure_technology, Jd_edwards_enterpriseone_orchestrator, Primavera_unifier, Retail_back_office, Retail_central_office, Retail_integration_bus, Retail_order_broker, Retail_point\-Of\-Service, Retail_returns_management, Retail_xstore_point_of_service, Terracotta_quartz_scheduler_mapviewer, Webcenter_sites, Quartz 9.8
2019-04-08 CVE-2019-0211 In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. Http_server, Ubuntu_linux, Debian_linux, Fedora, Oncommand_unified_manager, Leap, Communications_session_report_manager, Communications_session_route_manager, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Retail_xstore_point_of_service, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_for_arm_64, Enterprise_linux_for_arm_64_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_ibm_z_systems_eus, Enterprise_linux_for_power_little_endian, Enterprise_linux_for_power_little_endian_eus, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_update_services_for_sap_solutions, Jboss_core_services, Openshift_container_platform, Openshift_container_platform_for_power, Software_collections 7.8
2021-09-16 CVE-2021-40438 A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. Http_server, Brocade_fabric_operating_system_firmware, Debian_linux, F5os, Fedora, Cloud_backup, Clustered_data_ontap, Storagegrid, Enterprise_manager_ops_center, Http_server, Instantis_enterprisetrack, Secure_global_desktop, Zfs_storage_appliance_kit, Ruggedcom_nms, Sinec_nms, Sinema_remote_connect_server, Sinema_server, Tenable\.sc 9.0
2021-02-16 CVE-2021-23840 Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these... Debian_linux, M10\-1_firmware, M10\-4_firmware, M10\-4s_firmware, M12\-1_firmware, M12\-2_firmware, M12\-2s_firmware, Epolicy_orchestrator, Node\.js, Openssl, Business_intelligence, Communications_cloud_native_core_policy, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Graalvm, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql_server, Nosql_database, Log_correlation_engine, Nessus_network_monitor 7.5
2020-12-08 CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp... Debian_linux, Fedora, Active_iq_unified_manager, Aff_a250_firmware, Clustered_data_ontap_antivirus_connector, Data_ontap, E\-Series_santricity_os_controller, Ef600a_firmware, Hci_compute_node, Hci_management_node, Hci_storage_node, Manageability_software_development_kit, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_smi\-S_provider, Snapcenter, Solidfire, Node\.js, Openssl, Api_gateway, Business_intelligence, Communications_cloud_native_core_network_function_cloud_native_environment, Communications_diameter_intelligence_hub, Communications_session_border_controller, Communications_session_router, Communications_subscriber\-Aware_load_balancer, Communications_unified_session_manager, Enterprise_communications_broker, Enterprise_manager_base_platform, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Enterprise_session_border_controller, Essbase, Graalvm, Http_server, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_server, Peoplesoft_enterprise_peopletools, Sinec_infrastructure_network_services, Log_correlation_engine, Nessus_network_monitor 5.9
2021-02-16 CVE-2021-23841 The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function... Ipados, Iphone_os, Macos, Safari, Debian_linux, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Openssl, Business_intelligence, Communications_cloud_native_core_policy, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Essbase, Graalvm, Jd_edwards_world_security, Mysql_enterprise_monitor, Mysql_server, Peoplesoft_enterprise_peopletools, Zfs_storage_appliance_kit, Sinec_ins, Nessus_network_monitor, Tenable\.sc 5.9
2021-02-16 CVE-2021-23839 OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an RSA signature. Clients that support SSL or TLS versions greater than SSLv2 are supposed to use a special form of padding. A server that supports greater than SSLv2 is supposed to reject connection attempts from a client where this special form of padding is... Openssl, Business_intelligence, Enterprise_manager_for_storage_management, Enterprise_manager_ops_center, Graalvm, Jd_edwards_world_security, Zfs_storage_appliance_kit, Sinec_ins 3.7
2022-01-28 CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very... Debian_linux, Openssl, Enterprise_manager_ops_center, Health_sciences_inform_publisher, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Peoplesoft_enterprise_peopletools, Sinec_ins 5.9
2021-06-10 CVE-2019-17567 Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured. Http_server, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 5.3
2021-06-15 CVE-2021-31618 Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected. This rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This... Http_server, Debian_linux, Fedora, Enterprise_manager_ops_center, Instantis_enterprisetrack, Zfs_storage_appliance_kit 7.5