Oracle

Enterprise Manager Ops Center

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2018-11040

  • EPSS 8.25%
  • Veröffentlicht 25.06.2018 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:32

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controlle...

9.1

CVE-2018-1000301

  • EPSS 2.57%
  • Veröffentlicht 24.05.2018 13:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:58

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP...

6.5

CVE-2018-1257

  • EPSS 1.79%
  • Veröffentlicht 11.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:28

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ...

8.8

CVE-2018-1258

  • EPSS 0.16%
  • Veröffentlicht 11.05.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:28

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted...

7.5

CVE-2018-2742

  • EPSS 0.55%
  • Veröffentlicht 19.04.2018 02:29:00
  • Zuletzt bearbeitet 21.11.2024 04:04:21

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated at...

9.8

CVE-2018-1270

  • EPSS 89.35%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma...

5.9

CVE-2018-1271

  • EPSS 90.93%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file s...

7.5

CVE-2018-1272

  • EPSS 2.17%
  • Veröffentlicht 06.04.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:59:30

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a r...

9.8

CVE-2018-1000120

  • EPSS 1.64%
  • Veröffentlicht 14.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:43

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

7.5

CVE-2018-1000121

  • EPSS 2.81%
  • Veröffentlicht 14.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:43

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service