Product:

Secure_global_desktop

(Oracle)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 35
Date Id Summary Products Score Patch Annotated
2019-02-06 CVE-2018-16890 libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Ubuntu_linux, Debian_linux, Libcurl, Clustered_data_ontap, Communications_operations_monitor, Http_server, Secure_global_desktop, Sinema_remote_connect_client 7.5
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol. Http_server, Ubuntu_linux, Storage_automation_store, Enterprise_manager_ops_center, Hospitality_guest_access, Instantis_enterprisetrack, Retail_xstore_point_of_service, Secure_global_desktop, Enterprise_linux 5.9
2018-12-13 CVE-2018-19439 XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter. Secure_global_desktop 6.1
2016-10-25 CVE-2016-5580 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. Secure_global_desktop 9.6
2016-07-21 CVE-2016-3613 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. Secure_global_desktop 9.8
2016-01-21 CVE-2016-0501 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. Secure_global_desktop N/A
2013-06-15 CVE-2013-2064 Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the read_packet function. Ubuntu_linux, Debian_linux, Fedora, Opensuse, Secure_global_desktop, Libxcb N/A