Vulnerabilities > Oracle > Enterprise Manager OPS Center

DATE CVE VULNERABILITY TITLE RISK
2018-04-19 CVE-2018-2742 Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.2.2/12.3.3
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework).
network
low complexity
oracle
7.3
2018-04-06 CVE-2018-1272 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests.
network
high complexity
vmware oracle
7.5
2018-04-06 CVE-2018-1271 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g.
network
high complexity
vmware oracle
5.9
2018-04-06 CVE-2018-1270 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian
critical
9.8
2018-03-14 CVE-2018-1000122 Out-of-bounds Read vulnerability in multiple products
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
network
low complexity
debian canonical haxx redhat oracle CWE-125
critical
9.1
2018-03-14 CVE-2018-1000121 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
network
low complexity
debian canonical haxx redhat oracle CWE-476
7.5
2018-03-14 CVE-2018-1000120 Out-of-bounds Write vulnerability in multiple products
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
network
low complexity
debian canonical haxx redhat oracle CWE-787
critical
9.8
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
2017-11-13 CVE-2016-8610 A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. 7.5
2016-07-21 CVE-2016-3494 Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.1.4/12.2.2/12.3.2
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.
low complexity
oracle
6.5