Latest oracle secure global desktop Vulnerabilities

CVE-2021-35650
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privi...
Oracle Secure Global Desktop=5.6
CVE-2021-35649
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privi...
Oracle Secure Global Desktop=5.6
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF)
Apache HTTP server<=2.4.48
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 27 more
CVE-2021-2447
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privi...
Oracle Secure Global Desktop=5.6
CVE-2021-33037
Apache Tomcat is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding request header. By sending a specially-crafted HTTP(S) transfer-encoding request header,...
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el7
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el7
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el7
redhat/jws5-tomcat<0:9.0.50-3.redhat_00004.1.el8
redhat/jws5-tomcat-native<0:1.2.30-3.redhat_3.el8
redhat/jws5-tomcat-vault<0:1.1.8-4.Final_redhat_00004.1.el8
and 91 more
CVE-2021-2248
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthent...
Oracle Secure Global Desktop=5.6
CVE-2021-2177
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthen...
Oracle Secure Global Desktop=5.6
CVE-2021-3450
OpenSSL could allow a remote attacker to bypass security restrictions, caused by a missing check in the validation logic of X.509 certificate chains by the X509_V_FLAG_X509_STRICT flag. By using any v...
rust/openssl-src>=111.11.0<111.15.0
IBM Security Verify Access<=10.0.0
OpenSSL OpenSSL>=1.1.1h<1.1.1k
FreeBSD FreeBSD=12.2
FreeBSD FreeBSD=12.2-p1
FreeBSD FreeBSD=12.2-p2
and 52 more
CVE-2021-3449
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it...
rust/openssl-src<111.15.0
debian/openssl
IBM Cognos Analytics<=12.0.0-12.0.1
IBM Cognos Analytics<=11.2.0-11.2.4 FP2
IBM Cognos Analytics<=11.1.1-11.1.7 FP7
OpenSSL OpenSSL>=1.1.1<1.1.1k
and 202 more
CVE-2019-17091
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window...
Eclipse Mojarra>=2.3.0<2.3.10
Oracle Mojarra Javaserver Faces>=2.2.0<2.2.20
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Banking Enterprise Product Manufacturing=2.7.0
Oracle Banking Enterprise Product Manufacturing=2.8.0
and 34 more
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead...
redhat/jbcs-httpd24-apr<0:1.6.3-86.jbcs.el6
redhat/jbcs-httpd24-brotli<0:1.0.6-21.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-52.jbcs.el6
redhat/jbcs-httpd24-openssl<1:1.1.1c-16.jbcs.el6
redhat/jbcs-httpd24-apr<0:1.6.3-86.jbcs.el7
redhat/jbcs-httpd24-brotli<0:1.0.6-21.jbcs.el7
and 66 more
CVE-2019-0227
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversi...
Apache Axis=1.4
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile Product Lifecycle Management Framework=9.3.3
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Big Data Discovery=1.6
and 76 more
CVE-2019-1559
OpenSSL could allow a remote attacker to obtain sensitive information, caused by the failure to immediately close the TCP connection after the hosts encounter a zero-length record with valid padding. ...
redhat/openssl<0:1.0.1e-58.el6_10
redhat/openssl<1:1.0.2k-19.el7
redhat/jws5-ecj<0:4.12.0-1.redhat_1.1.el6
redhat/jws5-javapackages-tools<0:3.4.1-5.15.11.el6
redhat/jws5-jboss-logging<0:3.3.2-1.Final_redhat_00001.1.el6
redhat/jws5-tomcat<0:9.0.21-10.redhat_4.1.el6
and 226 more
CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL termin...
Haxx Libcurl>=7.34.0<7.64.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=9.0
and 17 more
CVE-2019-3822
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_messa...
ubuntu/curl<7.64.0
ubuntu/curl<7.47.0-1ubuntu2.12
ubuntu/curl<7.58.0-2ubuntu3.6
ubuntu/curl<7.61.0-1ubuntu2.3
redhat/curl<7.64.0
debian/curl
and 23 more
CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does ...
Haxx Libcurl>=7.36.0<7.64.0
Canonical Ubuntu Linux=14.04
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Debian Debian Linux=9.0
and 19 more
CVE-2018-19439
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as dem...
Oracle Secure Global Desktop=4.4
CVE-2018-0735
A flaw was found in OpenSSL versions from 1.1.0 through 1.1.0i inclusive and version 1.1.1. The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An at...
redhat/openssl<1:1.0.2k-16.el7_6.1
redhat/openssl<1:1.1.1c-2.el8
ubuntu/openssl<1.1.0
ubuntu/openssl<1.1.1-1ubuntu2.1
ubuntu/openssl<1.1.1
ubuntu/openssl<1.1.1
and 55 more
CVE-2018-11784
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/fo...
Apache Tomcat>=7.0.23<=7.0.90
Apache Tomcat>=8.5.0<=8.5.33
Apache Tomcat>=9.0.1<=9.0.11
Apache Tomcat=9.0.0
Apache Tomcat=9.0.0-m1
Apache Tomcat=9.0.0-m10
and 87 more
CVE-2018-11763
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This ...
ubuntu/apache2<2.4.35
ubuntu/apache2<2.4.29-1ubuntu4.4
>=2.4.17<=2.4.34
=18.04
=6.0
=7.0
and 33 more
CVE-2018-8032
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
Apache Axis>=1.0<=1.4
Oracle Agile Engineering Data Management=6.2.1.0
Oracle Agile Product Lifecycle Management Framework=9.3.3
Oracle Application Testing Suite=13.2.0.1
Oracle Application Testing Suite=13.3.0.1
Oracle Big Data Discovery=1.6
and 73 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203