Vulnerabilities > Oracle > Enterprise Manager Base Platform > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. | 6.1 |
2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |
2019-10-16 | CVE-2019-2897 | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 6.4 |
2019-04-22 | CVE-2019-10247 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. | 5.3 |
2019-04-22 | CVE-2019-10246 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. | 5.3 |
2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |
2019-01-16 | CVE-2018-3303 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.2/13.3 Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: EM Console). | 6.5 |
2018-11-15 | CVE-2018-5407 | Information Exposure Through Discrepancy vulnerability in multiple products Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | 4.7 |
2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
2018-10-29 | CVE-2018-0735 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |