Secure Global Desktop

DATE	CVE	VULNERABILITY TITLE	RISK
2018-10-04	CVE-2018-11784	Open Redirect vulnerability in multiple products When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. network low complexity apache debian canonical netapp redhat oracle CWE-601	4.3
2018-09-25	CVE-2018-11763	In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. network high complexity apache canonical redhat oracle netapp	5.9
2018-08-02	CVE-2018-8032	Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. network low complexity apache oracle debian CWE-79	6.1
2018-02-28	CVE-2018-1304	The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. network high complexity apache redhat debian canonical oracle	5.9
2017-07-13	CVE-2017-9788	Improper Input Validation vulnerability in multiple products In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. network low complexity apache debian apple netapp redhat oracle CWE-20 critical	9.1
2017-06-20	CVE-2017-7668	Out-of-bounds Read vulnerability in multiple products The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. network low complexity apache netapp redhat debian oracle apple CWE-125	7.5
2017-06-20	CVE-2017-3167	Improper Authentication vulnerability in multiple products In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. network low complexity apache netapp redhat apple debian oracle CWE-287 critical	9.8
2016-10-25	CVE-2016-5580	Improper Access Control vulnerability in Oracle Secure Global Desktop 4.7/5.2 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. network low complexity oracle CWE-284	5.5
2016-07-21	CVE-2016-3613	Remote Security vulnerability in Oracle Secure Global Desktop 4.63/4.71/5.2 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. network low complexity oracle critical	10.0
2016-01-21	CVE-2016-0501	Remote Security vulnerability in Oracle Secure Global Desktop 5.2 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. network low complexity oracle	5.0