Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3311 | 1 Oracle | 1 Application Testing Suite | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps). Supported versions that are affected are 12.5.0.3, 12.5.0.2 and 12.4.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Testing Suite accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts). | |||||
| CVE-2016-8610 | 7 Debian, Fujitsu, Netapp and 4 more | 53 Debian Linux, M10-1, M10-1 Firmware and 50 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. | |||||
| CVE-2017-5645 | 4 Apache, Netapp, Oracle and 1 more | 79 Log4j, Oncommand Api Services, Oncommand Insight and 76 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | |||||
| CVE-2016-0482 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. | |||||
| CVE-2016-0489 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the ActionServlet servlet, which allows remote authenticated users to upload and execute arbitrary files via directory traversal sequences in the tempfilename parameter in a ReportImage action. | |||||
| CVE-2016-0486 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the exportFileName parameter. | |||||
| CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | |||||
| CVE-2016-0477 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the (1) repository, (2) workspace, or (3) scenario parameter. | |||||
| CVE-2016-0487 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the process method in the ActionServlet servlet, which allows remote attackers to bypass authentication via directory traversal sequences following an unspecified URI string. | |||||
| CVE-2016-0485 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter. | |||||
| CVE-2016-0488 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function in the admin pages, which allows remote attackers to bypass authentication and gain administrator access via directory traversal sequences following a URI entry that does not require authentication. | |||||
| CVE-2016-0490 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the UploadServlet servlet, which allows remote attackers to upload and execute arbitrary files via directory traversal sequences in a filename header. | |||||
| CVE-2016-0478 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptName parameter. | |||||
| CVE-2016-0484 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the scriptPath parameter. | |||||
| CVE-2016-0492 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do. | |||||
| CVE-2016-0491 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter. | |||||
| CVE-2016-0480 | 1 Oracle | 1 Application Testing Suite | 2025-04-12 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the TMAPReportImage parameter. | |||||
| CVE-2020-11023 | 7 Debian, Drupal, Fedoraproject and 4 more | 60 Debian Linux, Drupal, Fedora and 57 more | 2025-04-04 | 4.3 MEDIUM | 6.9 MEDIUM |
| In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | |||||
| CVE-2021-2351 | 1 Oracle | 111 Advanced Networking Option, Agile Engineering Data Management, Agile Plm and 108 more | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2021-29425 | 4 Apache, Debian, Netapp and 1 more | 60 Commons Io, Debian Linux, Active Iq Unified Manager and 57 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | |||||