Total
70 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-11056 | 2 Dell, Oracle | 13 Bsafe, Bsafe Crypto-c, Application Testing Suite and 10 more | 2022-04-18 | 4.0 MEDIUM | 6.5 MEDIUM |
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. | |||||
CVE-2018-11057 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2022-04-18 | 4.3 MEDIUM | 5.9 MEDIUM |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. | |||||
CVE-2018-11054 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. | |||||
CVE-2018-15769 | 2 Dell, Oracle | 12 Bsafe, Application Testing Suite, Communications Analytics and 9 more | 2022-04-18 | 5.0 MEDIUM | 7.5 HIGH |
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. | |||||
CVE-2018-11058 | 2 Dell, Oracle | 13 Bsafe, Bsafe Crypto-c, Application Testing Suite and 10 more | 2022-04-18 | 7.5 HIGH | 9.8 CRITICAL |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. | |||||
CVE-2018-1258 | 5 Netapp, Oracle, Pivotal Software and 2 more | 42 Oncommand Insight, Oncommand Unified Manager, Oncommand Workflow Automation and 39 more | 2022-04-11 | 6.5 MEDIUM | 8.8 HIGH |
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | |||||
CVE-2019-12415 | 2 Apache, Oracle | 27 Poi, Application Testing Suite, Banking Enterprise Originations and 24 more | 2022-04-08 | 2.1 LOW | 5.5 MEDIUM |
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | |||||
CVE-2019-11358 | 10 Backdropcms, Debian, Drupal and 7 more | 104 Backdrop, Debian Linux, Drupal and 101 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | |||||
CVE-2019-17091 | 2 Eclipse, Oracle | 23 Mojarra, Application Testing Suite, Banking Enterprise Product Manufacturing and 20 more | 2022-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled. | |||||
CVE-2017-5645 | 4 Apache, Netapp, Oracle and 1 more | 79 Log4j, Oncommand Api Services, Oncommand Insight and 76 more | 2022-04-04 | 7.5 HIGH | 9.8 CRITICAL |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | |||||
CVE-2019-2904 | 1 Oracle | 22 Application Testing Suite, Banking Enterprise Collections, Banking Enterprise Originations and 19 more | 2021-05-18 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
CVE-2019-2727 | 1 Oracle | 1 Application Testing Suite | 2020-08-24 | 7.5 HIGH | 7.3 HIGH |
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
CVE-2019-2557 | 1 Oracle | 1 Application Testing Suite | 2020-08-24 | 6.5 MEDIUM | 6.3 MEDIUM |
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
CVE-2018-3304 | 1 Oracle | 1 Application Testing Suite | 2019-10-02 | 6.4 MEDIUM | 6.5 MEDIUM |
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). | |||||
CVE-2018-3305 | 1 Oracle | 1 Application Testing Suite | 2019-10-02 | 6.5 MEDIUM | 6.3 MEDIUM |
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
CVE-2017-3311 | 1 Oracle | 1 Application Testing Suite | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts). | |||||
CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2019-01-16 | 5.0 MEDIUM | N/A |
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | |||||
CVE-2016-0489 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action. | |||||
CVE-2016-0492 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do. | |||||
CVE-2016-0491 | 1 Oracle | 1 Application Testing Suite | 2016-12-22 | 6.4 MEDIUM | N/A |
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter. |