OSS Support Tools

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-16	CVE-2019-5481	Double Free vulnerability in multiple products Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. network low complexity haxx fedoraproject netapp oracle debian opensuse CWE-415 critical	9.8
2019-07-02	CVE-2019-5443	Uncontrolled Search Path Element vulnerability in multiple products A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. local haxx oracle netapp CWE-427	4.4
2019-05-28	CVE-2019-5436	Out-of-bounds Write vulnerability in multiple products A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. local low complexity haxx opensuse fedoraproject debian f5 netapp oracle CWE-787	7.8
2018-01-18	CVE-2015-9251	Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. network low complexity jquery oracle CWE-79	6.1
2018-01-18	CVE-2018-2617	Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). network low complexity oracle	5.0
2018-01-18	CVE-2018-2616	Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). network low complexity oracle	6.5
2018-01-18	CVE-2018-2615	Unspecified vulnerability in Oracle OSS Support Tools Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). network low complexity oracle	6.5
2017-03-15	CVE-2016-7103	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. network low complexity jqueryui oracle fedoraproject netapp redhat juniper debian CWE-79	6.1
2016-02-15	CVE-2015-3197	Information Exposure vulnerability in multiple products ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. network high complexity oracle openssl CWE-200	5.9