Oracle

Enterprise Manager Base Platform

135 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 4.88%
  • Veröffentlicht 22.04.2019 21:29:00
  • Zuletzt bearbeitet 05.09.2025 17:23:58

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

  • EPSS 4.02%
  • Veröffentlicht 22.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:44

In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co...

  • EPSS 5.78%
  • Veröffentlicht 22.04.2019 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:18:44

In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4...

  • EPSS 12.36%
  • Veröffentlicht 28.03.2019 22:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:31

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

  • EPSS 17.14%
  • Veröffentlicht 27.02.2019 23:29:00
  • Zuletzt bearbeitet 21.11.2024 04:36:48

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid...

  • EPSS 1.17%
  • Veröffentlicht 16.01.2019 19:29:36
  • Zuletzt bearbeitet 21.11.2024 04:05:38

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows unauthenticated at...

Exploit
  • EPSS 3.42%
  • Veröffentlicht 15.11.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 04:08:45

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

  • EPSS 12.15%
  • Veröffentlicht 30.10.2018 12:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:50

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1....

  • EPSS 4.76%
  • Veröffentlicht 29.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:50

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in Ope...

Warnung Exploit
  • EPSS 99.99%
  • Veröffentlicht 22.08.2018 13:29:00
  • Zuletzt bearbeitet 27.10.2025 17:38:06

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time...