Oracle

Enterprise Manager Ops Center

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2018-1000122

  • EPSS 1.75%
  • Published 14.03.2018 18:29:00
  • Last modified 21.11.2024 03:39:43

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Published 18.01.2018 23:29:00
  • Last modified 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

7.5

CVE-2016-8610

  • EPSS 69.1%
  • Published 13.11.2017 22:29:00
  • Last modified 20.04.2025 01:37:25

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser...

6.5

CVE-2016-3494

  • EPSS 1.34%
  • Published 21.07.2016 10:12:47
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.

9

CVE-2016-0635

  • EPSS 4.97%
  • Published 21.07.2016 10:12:00
  • Last modified 12.04.2025 10:46:40

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2....

8.1

CVE-2016-5387

  • EPSS 77.5%
  • Published 19.07.2016 02:00:19
  • Last modified 12.04.2025 10:46:40

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an app...

8.1

CVE-2016-5385

  • EPSS 84.16%
  • Published 19.07.2016 02:00:17
  • Last modified 12.04.2025 10:46:40

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attacker...

5

CVE-2015-7940

  • EPSS 1.12%
  • Published 09.11.2015 16:59:09
  • Last modified 12.04.2025 10:46:40

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "...

6.4

CVE-2015-3237

  • EPSS 2.78%
  • Published 22.06.2015 19:59:04
  • Last modified 12.04.2025 10:46:40

The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.

5

CVE-2015-3153

  • EPSS 7.24%
  • Published 01.05.2015 15:59:05
  • Last modified 12.04.2025 10:46:40

The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.