Latest oracle oss support tools Vulnerabilities

CVE-2022-21405
Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). The supported version that is affected is 18.3. Easily exploitable vulnerability allows high privil...
Oracle OSS Support Tools=18.3
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer an...
Apache MINA<2.0.22
Apache MINA>=2.1.0<2.1.5
Oracle Banking Payments=14.5
Oracle Banking Trade Finance Process Management=14.5
Oracle Banking Treasury Management=14.5
Oracle Communications Cloud Native Core Console=1.9.0
and 8 more
CVE-2021-2351
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unau...
Oracle Advanced Networking Option=12.1.0.2
Oracle Advanced Networking Option=12.2.0.1
Oracle Advanced Networking Option=19c
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile PLM=9.3.6
Oracle Agile Product Lifecycle Management for Process=6.2.2.0
and 242 more
CVE-2021-30129
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD ve...
redhat/eap7-apache-sshd<0:2.7.0-1.redhat_00001.1.el8ea
redhat/eap7-apache-sshd<0:2.7.0-1.redhat_00001.1.el7ea
redhat/mina-sshd<2.7.0
Apache Sshd>=2.0.0<2.7.0
Oracle Banking Payments=14.5
Oracle Banking Trade Finance=14.5
and 10 more
CVE-2021-2303
Oracle OSS Support Tools Diagnostic Assistant XML External Entity Processing Information Disclosure Vulnerability
Oracle OSS Support Tools
Oracle OSS Support Tools<2.12.41
CVE-2021-29425
Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-cra...
redhat/eap7-apache-commons-io<0:2.10.0-1.redhat_00001.1.el6ea
redhat/eap7-hal-console<0:3.2.16-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.20-4.SP2_redhat_00001.1.el6ea
redhat/eap7-ironjacamar<0:1.4.35-1.Final_redhat_00001.1.el6ea
redhat/eap7-jakarta-el<0:3.0.3-2.redhat_00006.1.el6ea
redhat/eap7-jberet<0:1.3.9-1.Final_redhat_00001.1.el6ea
and 185 more
CVE-2021-27568
A flaw was found in json-smart. When an exception is thrown from a function, but is not caught, the program using the library may crash or expose sensitive information. The highest threat from this vu...
Json-smart Project Json-smart-v1<1.3.2
Json-smart Project Json-smart-v2<2.3.1
Json-smart Project Json-smart-v2>=2.4<2.4.1
Oracle Communications Cloud Native Core Policy=1.14.0
Oracle OSS Support Tools<2.12.42
Oracle PeopleSoft Enterprise PeopleTools=8.58
and 11 more
CVE-2020-11023
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
CVE-2019-5482
cURL libcurl is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tftp_receive_packet function. By sending specially-crafted request containing an OACK without the ...
debian/curl
debian/curl<=7.52.1-5+deb9u9<=7.52.1-1<=7.64.0-4<=7.65.3-1
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
and 32 more
CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
debian/curl
debian/curl<=7.52.1-5+deb9u9<=7.64.0-4<=7.65.3-1<=7.52.1-1
Haxx Curl>=7.52.0<=7.65.3
Fedoraproject Fedora=29
Fedoraproject Fedora=30
Fedoraproject Fedora=31
and 20 more
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
CVE-2019-5443
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") o...
Haxx Curl<=7.65.1
Microsoft Windows
Oracle Enterprise Manager Ops Center=12.3.3
Oracle Enterprise Manager Ops Center=12.4.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
and 8 more
CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
IBM Data Risk Manager<=2.0.6
debian/curl
debian/curl<=7.52.1-5+deb9u9<=7.64.0-3<=7.52.1-5
Haxx Libcurl>=7.19.4<=7.64.1
openSUSE Leap=15.0
openSUSE Leap=15.1
and 13 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203