Lucene search
K
OracleSecure Backup

30 matches found

CVE
CVE
added 2021/06/10 7:10 a.m.7473 views

CVE-2021-26691

CVE-2021-26691 affects Apache HTTP Server, where a crafted SessionHeader can cause a heap overflow in 2.4.0–2.4.46. Several connected advisories indicate that updates have been released (e.g., AlmaLinux/CentOS/Red Hat ecosystems) and that newer Apache HTTP Server versions (e.g., 2.4.51 in Check P...

9.8CVSS9.2AI score0.68067EPSS
CVE
CVE
added 2021/10/07 3:50 p.m.2281 views

CVE-2021-42013

Summary: CVE-2021-42013 covers an incomplete fix to CVE-2021-41773 in Apache HTTP Server 2.4.49/2.4.50. Root cause: path traversal vulnerabilities in the 2.4.50 fix could map URLs outside configured directories; if CGI is enabled for aliased paths, remote code execution could occur. Affected vers...

9.8CVSS9.4AI score0.99964EPSS
In wild
CVE
CVE
added 2021/08/16 12:0 a.m.1789 views

CVE-2021-33193

CVE-2021-33193 describes a vulnerability in Apache HTTP Server where a crafted HTTP/2 method can bypass validation and be forwarded by mod_proxy, potentially enabling request splitting or cache poisoning. The issue affects Apache httpd versions 2.4.17 through 2.4.48. Connected advisories and noti...

7.5CVSS7.8AI score0.46179EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2021/08/24 2:50 p.m.708 views

CVE-2021-3712

The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...

7.4CVSS8AI score0.50445EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2019/11/08 2:46 p.m.292 views

CVE-2019-10219

The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...

6.5CVSS6AI score0.02167EPSS
CVE
CVE
added 2015/03/30 10:0 a.m.224 views

CVE-2015-1351

The CVE-2015-1351 issue concerns PHP’s OPcache extension (zend_shared_alloc.c: _zend_shared_memdup). A use-after-free in PHP 5.6.7 and earlier can allow remote denial of service or potentially other impact via unknown vectors. The F5 advisory confirms the vulnerability and indicates affected PHP/...

7.5CVSS7.7AI score0.08707EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.89 views

CVE-2008-4006

CVE-2008-4006 concerns Oracle Secure Backup Administration Server (Oracle Secure Backup 10.1.0.3). The issue is a remote command-ex execution vulnerability in the web interface, allowing an unauthenticated attacker to execute arbitrary commands via parameters in login.php (ora_osb_lcookie). Impac...

10CVSS5.8AI score0.03433EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.81 views

CVE-2009-1978

CVE-2009-1978 affects Oracle Secure Backup (Administration Server component). The vulnerability enables remote code execution with SYSTEM privileges via vectors involving property_box.php, impacting Oracle Secure Backup 10.2.0.3 (and related 10.3.0.1.0 deployments) as noted in the July 2009 Oracl...

9CVSS6.3AI score0.64694EPSS
CVE
CVE
added 2009/07/14 11:0 p.m.77 views

CVE-2009-1977

CVE-2009-1977 affects Oracle Secure Backup (Administration Server) with an authentication bypass vulnerability that can lead to remote code execution via login.php and a vulnerable property_box.php. The NVD entry relates this to Oracle Secure Backup 10.2.0.3 and notes claims of bypassing authenti...

10CVSS5.7AI score0.72638EPSS
Web
CVE
CVE
added 2010/07/13 10:7 p.m.71 views

CVE-2010-0904

CVE-2010-0904 affects Oracle Secure Backup Administration Server 10.3.0.1. The authentication bypass in login.php can be leveraged (with uname) to bypass authentication, and, in conjunction with a command-injection path in property_box.php, may allow remote arbitrary code execution. Public refere...

5CVSS5.9AI score0.5156EPSS
Web
CVE
CVE
added 2010/07/13 10:7 p.m.69 views

CVE-2010-0907

Technical details for CVE-2010-0907 are not provided in the supplied documents; the entries mention an unspecified vulnerability but do not specify affected product versions, vectors, impact, or fixes. Monitor for updates.

10CVSS5.9AI score0.07465EPSS
CVE
CVE
added 2010/07/13 10:7 p.m.67 views

CVE-2010-0906

CVE-2010-0906 relates to Oracle Secure Backup. The vulnerability exists in the Administration server and allows remote, authenticated attackers to execute arbitrary commands via specially crafted preauth/selector parameters on the target, under the System account. Affected version: Oracle Secure ...

9CVSS5.5AI score0.02243EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.65 views

CVE-2008-5448

CVE-2008-5448 is described in connected documents as a remote command execution vulnerability in Oracle Secure Backup Administration Server login.php, affecting Oracle Secure Backup versions 10.1.0.3 to 10.2.0.2. An attacker, via HTTP requests to the affected interface, could execute arbitrary co...

10CVSS5.8AI score0.3857EPSS
Web
CVE
CVE
added 2009/01/14 2:0 a.m.64 views

CVE-2008-5445

Oracle Secure Backup 10.2.0.2 observiced.exe is affected by a remote Denial of Service vulnerability triggered by malformed private Protocol data received on TCP port 400. Affects observiced.exe; root cause described as malformed protocol data leading to a DoS. Exploitation details are documented...

5CVSS6AI score0.02583EPSS
CVE
CVE
added 2009/01/14 2:0 a.m.63 views

CVE-2008-5443

CVE-2008-5443 affects Oracle Secure Backup 10.2.0.2. It is a Denial of Service vulnerability triggered by malformed NDMP mover get state (NDMP_MOVER_GET_STATE) packets, allowing remote attackers to crash the service and impact availability. Related advisories (Fortinet/FGA-2009-02 and SecurityVUL...

5CVSS6AI score0.01834EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.62 views

CVE-2008-5442

Oracle Secure Backup 10.2.0.2 is affected by multiple Denial of Service vulnerabilities (CVE-2008-5441/5442/5443) due to insufficient input validation in NDMP processing. Remote attackers can crash the service by sending malformed NDMP packets (connect/open, connect/close, mover/get_state). Explo...

5CVSS6AI score0.02776EPSS
CVE
CVE
added 2010/01/13 1:0 a.m.62 views

CVE-2010-0072

CVE-2010-0072 affects Oracle Secure Backup and is caused by a stack buffer overflow in the observiced.exe daemon listening on TCP port 10000. The flaw, triggered by a boundary error in the reverse lookup of connections, could allow a remote attacker to execute arbitrary code with SYSTEM privilege...

10CVSS7.2AI score0.06065EPSS
CVE
CVE
added 2010/07/13 10:7 p.m.62 views

CVE-2010-0898

CVE-2010-0898 (Oracle Secure Backup) is listed in the July 2010 CPU as a remote code execution vulnerability in Oracle Secure Backup 10.3.0.1. The CVSSv2 base score is 10.0 (Network vector, no authentication, high impact on confidentiality, integrity, and availability). The vulnerability affects ...

10CVSS5.9AI score0.02885EPSS
CVE
CVE
added 2010/07/13 10:7 p.m.62 views

CVE-2010-0899

CVE-2010-0899 affects Oracle Secure Backup 10.3.0.1. The vulnerability is a command injection in the Administration server (property_box.php) caused by improper filtering of a user-supplied parameter ("other"). An authenticated remote attacker can run arbitrary commands under the System account. ...

9CVSS5.5AI score0.02243EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.61 views

CVE-2008-5441

Summary (CVE-2008-5441): Oracle Secure Backup 10.2.0.2 contains a denial-of-service vulnerability in NDMP packet handling. Remote, unauthenticated attackers can crash the service by sending malformed NDMP requests (e.g., NDMP_CONNECT_OPEN). This CVE is related to, but distinct from, CVE-2008-5442...

5CVSS6AI score0.02776EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.60 views

CVE-2008-5444

CVE-2008-5444 affects Oracle Secure Backup 10.2.0.2 (and related NDMP functionality) with a stack/NDMP_CONNECT_CLIENT_AUTH message handling buffer overflow that enables remote code execution. Public references note exploitation in practice (Metasploit modules for NDMP_CONNECT_CLIENT_AUTH) and dis...

10CVSS5.9AI score0.60625EPSS
CVE
CVE
added 2025/04/15 8:30 p.m.56 views

CVE-2025-21578

CVE-2025-21578 affects Oracle Secure Backup (General component). Affects Oracle Secure Backup versions 12.1.0.1–12.1.0.3 and 18.1.0.0–18.1.0.2. The issue allows a high-privileged attacker with logon to the infrastructure where Oracle Secure Backup runs to compromise the product, potentially leadi...

6.7CVSS6AI score0.00171EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.55 views

CVE-2008-5449

Technical details for CVE-2008-5449 are not included in the provided documents. Public information about affected components/versions/vectors is not available here; monitor for updates from official advisories.

10CVSS5.9AI score0.04209EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.51 views

CVE-2011-2252

CVE-2011-2261 affects Oracle Secure Backup — specifically the Administration Server login.php, where the validate_login function passes the username to an exec_qr call with only limited sanitization. This permits remote, unauthenticated attackers to inject commands and potentially achieve remote ...

6.8CVSS6AI score0.01938EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.49 views

CVE-2011-2251

CVE-2011-2251 is linked to Oracle Secure Backup Administration Server login.php XSS in the mode parameter. The Nessus plugin notes input is not properly sanitized, enabling a remote attacker to lure a user to a crafted URL and potentially execute arbitrary script code. This is the concrete detail...

4.3CVSS6AI score0.01554EPSS
CVE
CVE
added 2011/01/19 3:0 p.m.45 views

CVE-2010-3596

Technical details, affected products, and remediation are not publicly available in the supplied documents; monitor for updates.

6.4CVSS6.2AI score0.01486EPSS
CVE
CVE
added 2011/07/20 11:0 p.m.43 views

CVE-2011-2261

Oracle Secure Backup contains a remote command injection vulnerability (CVE-2011-2261) in the Administration Server login.php uname parameter. The flaw arises from insufficient input filtering in validate_login, allowing an unauthenticated attacker to inject commands and achieve remote code execu...

10CVSS6AI score0.03244EPSS
CVE
CVE
added 2009/01/14 1:0 a.m.41 views

CVE-2008-3981

Oracle Secure Backup 10.1.0.1 contains an unspecified vulnerability in the Oracle Secure Backup component that could allow remote attackers to affect confidentiality via unknown vectors. The NVD entry (CVE-2008-3981) notes a remote, unauthenticated exposure with partial confidentiality impact (CV...

5CVSS6AI score0.01977EPSS