Vulnerabilities > Oracle > Enterprise Manager OPS Center > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-02 | CVE-2019-5443 | Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. | 7.8 |
| 2019-05-28 | CVE-2019-5436 | Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | 7.8 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |
| 2019-04-08 | CVE-2019-0211 | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. | 7.8 |
| 2019-04-08 | CVE-2019-0217 | Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | 7.5 |
| 2019-01-30 | CVE-2019-0190 | A bug exists in the way mod_ssl handled client renegotiations. | 7.5 |
| 2019-01-30 | CVE-2018-17199 | Session Fixation vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. | 7.5 |
| 2018-11-16 | CVE-2018-15769 | RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. | 7.5 |
| 2018-10-18 | CVE-2018-15756 | Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. | 7.5 |
| 2018-08-31 | CVE-2018-11054 | Integer Overflow or Wraparound vulnerability in multiple products RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. | 7.5 |