Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Enterprise Manager Ops Center Subscribe

Filter

28 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1258 3 Pivotal Software, Oracle, Netapp 35 Spring Framework, Application Testing Suite, Communications Diameter Signaling Router and 32 more 2019-10-03 6.5
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CVE-2018-1000122 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 6.4
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
CVE-2018-11040 2 Pivotal Software, Oracle 17 Spring Framework, Agile Product Lifecycle Management, Application Testing Suite and 14 more 2019-10-03 4.3
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST...
CVE-2018-1272 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-10-03 6.0
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from...
CVE-2018-1000301 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-10-03 6.4
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded...
CVE-2018-2976 1 Oracle 1 Enterprise Manager Ops Center 2019-10-03 6.4
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). The supported version that is affected is 12.2.2. Easily exploitable vulnerability allows unauthenticated...
CVE-2018-2742 1 Oracle 1 Enterprise Manager Ops Center 2019-10-03 7.5
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows...
CVE-2018-15756 2 Pivotal Software, Oracle 4 Spring Framework, Enterprise Manager Ops Center, Retail Invoice Matching and 1 more 2019-10-03 5.0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the...
CVE-2019-2728 1 Oracle 1 Enterprise Manager Ops Center 2019-07-26 4.0
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low...
CVE-2019-0190 4 Apache, Netapp, Openssl and 1 more 4 Http Server, Santricity Cloud Connector, Openssl and 1 more 2019-07-23 5.0
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP...
CVE-2018-5407 7 Nodejs, Openssl, Canonical and 4 more 20 Node.js, Openssl, Ubuntu Linux and 17 more 2019-07-23 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-1271 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-23 4.3
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a...
CVE-2018-1257 3 Pivotal Software, Redhat, Oracle 27 Spring Framework, Openshift, Agile Product Lifecycle Management and 24 more 2019-07-23 4.0
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging...
CVE-2018-17199 5 Apache, Netapp, Debian and 2 more 6 Http Server, Santricity Cloud Connector, Debian Linux and 3 more 2019-07-23 5.0
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the...
CVE-2018-17189 5 Apache, Netapp, Debian and 2 more 6 Http Server, Santricity Cloud Connector, Storage Automation Store and 3 more 2019-07-23 5.0
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2...
CVE-2018-1000121 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-07-23 5.0
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
CVE-2018-0735 6 Netapp, Openssl, Canonical and 3 more 22 Cloud Backup, Oncommand Unified Manager, Santricity Smi-s Provider and 19 more 2019-07-23 4.3
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in...
CVE-2018-1270 2 Pivotal Software, Oracle 22 Spring Framework, Application Testing Suite, Big Data Discovery and 19 more 2019-07-03 7.5
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module....
CVE-2018-1000120 5 Haxx, Canonical, Debian and 2 more 8 Curl, Ubuntu Linux, Debian Linux and 5 more 2019-06-18 7.5
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
CVE-2018-11763 5 Apache, Oracle, Canonical and 2 more 9 Http Server, Secure Global Desktop, Ubuntu Linux and 6 more 2019-06-11 4.3
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible...