Lucene search

Tuxedo Security Vulnerabilities - 2018

cve

CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0....

5.9CVSS

6AI Score

0.003EPSS

2018-10-30 12:29 PM

377

cve

CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

5.9CVSS

5.7AI Score

0.006EPSS

2018-10-29 01:29 PM

276

cve

CVE-2018-3007

Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo. While the vul...

8.6CVSS

7.7AI Score

0.001EPSS

2018-07-18 01:29 PM

cve

CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

4.7CVSS

5.6AI Score

0.001EPSS

2018-11-15 09:29 PM

544

cve

CVE-2018-8032

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1CVSS

5.8AI Score

0.004EPSS

2018-08-02 01:29 PM

181