Vulnerabilities > Oracle > Enterprise Manager OPS Center > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-22 CVE-2019-5427 XML Entity Expansion vulnerability in multiple products
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
network
low complexity
mchange fedoraproject oracle CWE-776
7.5
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-01-30 CVE-2019-0190 A bug exists in the way mod_ssl handled client renegotiations.
network
low complexity
apache oracle
7.5
2019-01-30 CVE-2018-17199 Session Fixation vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session.
network
low complexity
apache debian netapp canonical oracle CWE-384
7.5
2018-11-16 CVE-2018-15769 RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue.
network
low complexity
dell oracle
7.5
2018-10-18 CVE-2018-15756 Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource.
network
low complexity
vmware oracle debian
7.5
2018-08-31 CVE-2018-11054 Integer Overflow or Wraparound vulnerability in multiple products
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability.
network
low complexity
dell oracle CWE-190
7.5
2018-07-18 CVE-2018-2976 Unspecified vulnerability in Oracle Enterprise Manager OPS Center 12.2.2
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking).
network
low complexity
oracle
8.2
2018-06-25 CVE-2018-11040 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests.
network
low complexity
vmware oracle debian CWE-829
7.5