Lucene search
K
OracleOss Support Tools

19 matches found

CVE
CVE
added 2020/04/29 12:0 a.m.7239 views

CVE-2020-11023

The connected Astra Linux bulletin confirms CVE-2020-11023: in jQuery versions >= 1.0.3 and < 3.5.0, passing HTML containing elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) may lead to untrusted code execution. Patch released in jQuery 3.5.0. Remediat...

6.9CVSS7.2AI score0.8383EPSS
In wild
CVE
CVE
added 2018/01/18 11:0 p.m.3324 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.29726EPSS
Web
CVE
CVE
added 2017/03/15 12:0 a.m.855 views

CVE-2016-7103

CVE-2016-7103 is a cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0, exploitable via the closeText parameter of the Dialog widget. The issue allows remote script/HTML injection. Remediation per connected documents is to upgrade to jQuery UI 1.12.0 or later (fixed version).

6.1CVSS6AI score0.2258EPSS
In wild
CVE
CVE
added 2019/09/16 6:6 p.m.695 views

CVE-2019-5482

CVE-2019-5482 is a heap buffer overflow in curl/libcurl’s TFTP handler (tftp_receive_packet) affecting curl versions up to 7.65.3. Public advisories detail that a small TFTP blocksize can trigger overflow, potentially enabling DoS or arbitrary code execution. Public fixes exist across distributio...

9.8CVSS9.7AI score0.17939EPSS
CVE
CVE
added 2021/04/13 6:50 a.m.634 views

CVE-2021-29425

CVE-2021-29425 affects Apache Commons IO up to version 2.6, specifically FileNameUtils.normalize. With inputs such as "//../foo" or "\..\foo", normalization can yield a value that does not escape to higher directories, potentially enabling access to the parent directory if the resulting path is u...

5.8CVSS6.7AI score0.10608EPSS
In wild
CVE
CVE
added 2019/05/28 6:47 p.m.537 views

CVE-2019-5436

CVE-2019-5436 affects curl/libcurl with a heap buffer overflow in the TFTP receiving code (tftp_receive_packet). Exploitation can lead to DoS or arbitrary code execution. Upstream fix released in curl 7.65.0; advisories from CentOS, Arch Linux, Debian, and others document the vulnerability and re...

7.8CVSS8.3AI score0.49739EPSS
CVE
CVE
added 2019/09/16 6:5 p.m.496 views

CVE-2019-5481

CVE-2019-5481 is a double-free vulnerability in curl’s FTP-Kerberos code, affecting curl 7.52.0 through 7.65.3. Exploitation involves a malicious FTP server sending a very large data block, which can cause memory corruption leading to a crash or denial of service (DoS). Multiple connected advisor...

9.8CVSS9.3AI score0.07266EPSS
CVE
CVE
added 2021/02/23 1:32 a.m.408 views

CVE-2021-27568

CVE-2021-27568 affects Netplex json-smart-v1 and json-smart-v2 (NumberFormatException uncaught), leading to potential denial of service or exposure of sensitive information when unhandled exceptions occur in the library. Connected IBM advisories confirm the vulnerability in IBM DOORS-related prod...

5.9CVSS6AI score0.02886EPSS
CVE
CVE
added 2021/07/12 12:10 p.m.324 views

CVE-2021-30129

CVE-2021-30129 affects Apache Mina SSHD's sshd-core; a crafted request can trigger an OutOfMemory DoS in the SFTP and port forwarding features. Remediation: upgrade to Apache Mina SSHD 2.7.0 (fix documented in the IBM PEM advisory referencing this CVE). If applying via IBM PEM, follow their patch...

6.5CVSS6.9AI score0.03394EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.296 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2016/02/15 12:0 a.m.265 views

CVE-2015-3197

OpenSSL CVE-2015-3197 affects the SSLv2 handling in OpenSSL 1.0.1 prior to 1.0.1r and 1.0.2 prior to 1.0.2f, where SSLv2 ciphers marked as disabled could still be negotiated, enabling a MITM through SSLv2 traffic. The issue is tied to the get_client_master_key and get_client_hello paths in ssl/s2...

5.9CVSS6.4AI score0.10731EPSS
CVE
CVE
added 2021/07/20 10:43 p.m.241 views

CVE-2021-2351

CVE-2021-2351 affects Oracle Database Server’s Advanced Networking Option, with affected versions 12.1.0.2, 12.2.0.1, and 19c. The vulnerability allows unauthenticated network access via Oracle Net to compromise the Advanced Networking Option, with access requiring user interaction (UI_R) and ris...

8.3CVSS8.5AI score0.025EPSS
CVE
CVE
added 2019/07/02 6:31 p.m.227 views

CVE-2019-5443

Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.

7.8CVSS7.5AI score0.00717EPSS
CVE
CVE
added 2021/11/01 8:35 a.m.155 views

CVE-2021-41973

CVE-2021-41973 affects Apache MINA, where a specially crafted HTTP request can cause the HTTP Header decoder to loop indefinitely, leading to a denial of service. The root cause is the decoder assuming headers begin at the buffer start and looping if extra data is present. Mitigation: upgrade MIN...

6.5CVSS6.4AI score0.04332EPSS
CVE
CVE
added 2022/04/19 8:36 p.m.88 views

CVE-2022-21405

CVE-2022-21405 affects Oracle OSS Support Tools (component: Oracle Explorer) with affected version 18.3. The vulnerability enables a high-privilege attacker who can log on to the infrastructure running OSS Support Tools to compromise the tooling; exploitation requires user interaction and may imp...

5.5CVSS4.9AI score0.00272EPSS
CVE
CVE
added 2021/04/22 9:54 p.m.56 views

CVE-2021-2303

CVE-2021-2303 affects Oracle OSS Support Tools, component Diagnostic Assistant, with the vulnerable version prior to 2.12.41. The issue allows a high-privilege attacker, over HTTP from the network, to compromise OSS Support Tools and potentially access all data handled by the tools. ZDI also note...

4.9CVSS4.7AI score0.01451EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.55 views

CVE-2018-2616

CVE-2018-2616 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent, prior to version 2.11.33. An attacker with network access over HTTP and low privileges can take over OSS Support Tools (impacting Confidentiality, Integrity, Availability). Related connections in t...

8.8CVSS8.1AI score0.27068EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.49 views

CVE-2018-2617

CVE-2018-2617 affects Oracle OSS Support Tools, specifically the Diagnostic Assistant subcomponent of Oracle Support Tools, with versions prior to 2.11.33. The vulnerability allows an unauthenticated, network-accessible attacker to access OSS Support Tools via HTTP, potentially exposing confident...

7.5CVSS6.9AI score0.01767EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.48 views

CVE-2018-2615

Summary of CVE-2018-2615 (Oracle OSS Support Tools – Diagnostic Assistant) Affected product: Oracle OSS Support Tools (Oracle Support Tools) – Diagnostic Assistant subcomponent. Vulnerability: A remote code execution flaw in Diagnostic Assistant present in OSS Support Tools version prior to 2.11....

8.8CVSS8.1AI score0.01396EPSS