Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Enterprise Manager Base Platform Subscribe

Filter

14 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1656 3 Ibm, Redhat, Oracle 7 Java Sdk, Sdk, Satellite and 4 more 2019-10-09 4.3
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
CVE-2018-12539 2 Eclipse, Oracle 2 Openj9, Enterprise Manager Base Platform 2019-10-09 4.6
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted...
CVE-2018-2750 1 Oracle 1 Enterprise Manager Base Platform 2019-10-03 6.8
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated...
CVE-2017-10091 1 Oracle 1 Enterprise Manager Base Platform 2019-10-03 4.0
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: UI Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily exploitable vulnerability allows...
CVE-2018-3303 1 Oracle 1 Enterprise Manager Base Platform 2019-10-03 6.4
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). Supported versions that are affected are 13.2 and 13.3. Easily exploitable vulnerability allows...
CVE-2017-3518 1 Oracle 1 Enterprise Manager Base Platform 2019-10-03 5.0
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Supported versions that are affected are 12.1.0, 13.1.0 and 13.2.0. Easily "exploitable" vulnerability...
CVE-2018-5407 7 Nodejs, Openssl, Canonical and 4 more 20 Node.js, Openssl, Ubuntu Linux and 17 more 2019-07-23 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-1257 3 Pivotal Software, Redhat, Oracle 27 Spring Framework, Openshift, Agile Product Lifecycle Management and 24 more 2019-07-23 4.0
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging...
CVE-2018-0735 6 Netapp, Openssl, Canonical and 3 more 22 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 19 more 2019-07-23 4.3
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in...
CVE-2017-5645 4 Apache, Netapp, Oracle and 1 more 59 Log4j, Oncommand Api Services, Oncommand Insight and 56 more 2019-06-19 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
CVE-2018-0734 6 Netapp, Openssl, Canonical and 3 more 19 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 16 more 2019-06-11 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL...
CVE-2016-3563 1 Oracle 1 Enterprise Manager Base Platform 2017-09-01 5.4
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different...
CVE-2016-3540 1 Oracle 1 Enterprise Manager Base Platform 2017-09-01 4.3
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.
CVE-2016-5604 1 Oracle 1 Enterprise Manager Base Platform 2017-07-29 3.3
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different...