30 matches found
CVE-2021-26691
CVE-2021-26691 affects Apache HTTP Server, where a crafted SessionHeader can cause a heap overflow in 2.4.0–2.4.46. Several connected advisories indicate that updates have been released (e.g., AlmaLinux/CentOS/Red Hat ecosystems) and that newer Apache HTTP Server versions (e.g., 2.4.51 in Check P...
CVE-2021-42013
Summary: CVE-2021-42013 covers an incomplete fix to CVE-2021-41773 in Apache HTTP Server 2.4.49/2.4.50. Root cause: path traversal vulnerabilities in the 2.4.50 fix could map URLs outside configured directories; if CGI is enabled for aliased paths, remote code execution could occur. Affected vers...
CVE-2021-33193
CVE-2021-33193 describes a vulnerability in Apache HTTP Server where a crafted HTTP/2 method can bypass validation and be forwarded by mod_proxy, potentially enabling request splitting or cache poisoning. The issue affects Apache httpd versions 2.4.17 through 2.4.48. Connected advisories and noti...
CVE-2021-3449
CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...
CVE-2021-3712
The CVE-2021-3712 issue affects OpenSSL where ASN1_STRING data may not be NUL-terminated if constructed directly (or via ASN1_STRING_set0), causing read-buffer overreads when many OpenSSL print/name-constraining paths handle such ASN.1 strings. Exploitation could crash the application (DoS) or di...
CVE-2021-3450
CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...
CVE-2019-10219
The CVE-2019-10219 entry affects Hibernate Validator: SafeHtml validator annotation fails to sanitize HTML comments/instructions, enabling XSS in affected code paths. Affected CP4S versions are 1.7.2.0, 1.8.0.0, and 1.8.1.0. Remediation is to upgrade to Cloud Pak for Security 1.9.0.0 per IBM guid...
CVE-2015-1351
The CVE-2015-1351 issue concerns PHP’s OPcache extension (zend_shared_alloc.c: _zend_shared_memdup). A use-after-free in PHP 5.6.7 and earlier can allow remote denial of service or potentially other impact via unknown vectors. The F5 advisory confirms the vulnerability and indicates affected PHP/...
CVE-2008-4006
CVE-2008-4006 concerns Oracle Secure Backup Administration Server (Oracle Secure Backup 10.1.0.3). The issue is a remote command-ex execution vulnerability in the web interface, allowing an unauthenticated attacker to execute arbitrary commands via parameters in login.php (ora_osb_lcookie). Impac...
CVE-2009-1978
CVE-2009-1978 affects Oracle Secure Backup (Administration Server component). The vulnerability enables remote code execution with SYSTEM privileges via vectors involving property_box.php, impacting Oracle Secure Backup 10.2.0.3 (and related 10.3.0.1.0 deployments) as noted in the July 2009 Oracl...
CVE-2009-1977
CVE-2009-1977 affects Oracle Secure Backup (Administration Server) with an authentication bypass vulnerability that can lead to remote code execution via login.php and a vulnerable property_box.php. The NVD entry relates this to Oracle Secure Backup 10.2.0.3 and notes claims of bypassing authenti...
CVE-2010-0904
CVE-2010-0904 affects Oracle Secure Backup Administration Server 10.3.0.1. The authentication bypass in login.php can be leveraged (with uname) to bypass authentication, and, in conjunction with a command-injection path in property_box.php, may allow remote arbitrary code execution. Public refere...
CVE-2010-0907
Technical details for CVE-2010-0907 are not provided in the supplied documents; the entries mention an unspecified vulnerability but do not specify affected product versions, vectors, impact, or fixes. Monitor for updates.
CVE-2010-0906
CVE-2010-0906 relates to Oracle Secure Backup. The vulnerability exists in the Administration server and allows remote, authenticated attackers to execute arbitrary commands via specially crafted preauth/selector parameters on the target, under the System account. Affected version: Oracle Secure ...
CVE-2008-5448
CVE-2008-5448 is described in connected documents as a remote command execution vulnerability in Oracle Secure Backup Administration Server login.php, affecting Oracle Secure Backup versions 10.1.0.3 to 10.2.0.2. An attacker, via HTTP requests to the affected interface, could execute arbitrary co...
CVE-2008-5445
Oracle Secure Backup 10.2.0.2 observiced.exe is affected by a remote Denial of Service vulnerability triggered by malformed private Protocol data received on TCP port 400. Affects observiced.exe; root cause described as malformed protocol data leading to a DoS. Exploitation details are documented...
CVE-2008-5443
CVE-2008-5443 affects Oracle Secure Backup 10.2.0.2. It is a Denial of Service vulnerability triggered by malformed NDMP mover get state (NDMP_MOVER_GET_STATE) packets, allowing remote attackers to crash the service and impact availability. Related advisories (Fortinet/FGA-2009-02 and SecurityVUL...
CVE-2008-5442
Oracle Secure Backup 10.2.0.2 is affected by multiple Denial of Service vulnerabilities (CVE-2008-5441/5442/5443) due to insufficient input validation in NDMP processing. Remote attackers can crash the service by sending malformed NDMP packets (connect/open, connect/close, mover/get_state). Explo...
CVE-2010-0072
CVE-2010-0072 affects Oracle Secure Backup and is caused by a stack buffer overflow in the observiced.exe daemon listening on TCP port 10000. The flaw, triggered by a boundary error in the reverse lookup of connections, could allow a remote attacker to execute arbitrary code with SYSTEM privilege...
CVE-2010-0898
CVE-2010-0898 (Oracle Secure Backup) is listed in the July 2010 CPU as a remote code execution vulnerability in Oracle Secure Backup 10.3.0.1. The CVSSv2 base score is 10.0 (Network vector, no authentication, high impact on confidentiality, integrity, and availability). The vulnerability affects ...
CVE-2010-0899
CVE-2010-0899 affects Oracle Secure Backup 10.3.0.1. The vulnerability is a command injection in the Administration server (property_box.php) caused by improper filtering of a user-supplied parameter ("other"). An authenticated remote attacker can run arbitrary commands under the System account. ...
CVE-2008-5441
Summary (CVE-2008-5441): Oracle Secure Backup 10.2.0.2 contains a denial-of-service vulnerability in NDMP packet handling. Remote, unauthenticated attackers can crash the service by sending malformed NDMP requests (e.g., NDMP_CONNECT_OPEN). This CVE is related to, but distinct from, CVE-2008-5442...
CVE-2008-5444
CVE-2008-5444 affects Oracle Secure Backup 10.2.0.2 (and related NDMP functionality) with a stack/NDMP_CONNECT_CLIENT_AUTH message handling buffer overflow that enables remote code execution. Public references note exploitation in practice (Metasploit modules for NDMP_CONNECT_CLIENT_AUTH) and dis...
CVE-2025-21578
CVE-2025-21578 affects Oracle Secure Backup (General component). Affects Oracle Secure Backup versions 12.1.0.1–12.1.0.3 and 18.1.0.0–18.1.0.2. The issue allows a high-privileged attacker with logon to the infrastructure where Oracle Secure Backup runs to compromise the product, potentially leadi...
CVE-2008-5449
Technical details for CVE-2008-5449 are not included in the provided documents. Public information about affected components/versions/vectors is not available here; monitor for updates from official advisories.
CVE-2011-2252
CVE-2011-2261 affects Oracle Secure Backup — specifically the Administration Server login.php, where the validate_login function passes the username to an exec_qr call with only limited sanitization. This permits remote, unauthenticated attackers to inject commands and potentially achieve remote ...
CVE-2011-2251
CVE-2011-2251 is linked to Oracle Secure Backup Administration Server login.php XSS in the mode parameter. The Nessus plugin notes input is not properly sanitized, enabling a remote attacker to lure a user to a crafted URL and potentially execute arbitrary script code. This is the concrete detail...
CVE-2010-3596
Technical details, affected products, and remediation are not publicly available in the supplied documents; monitor for updates.
CVE-2011-2261
Oracle Secure Backup contains a remote command injection vulnerability (CVE-2011-2261) in the Administration Server login.php uname parameter. The flaw arises from insufficient input filtering in validate_login, allowing an unauthenticated attacker to inject commands and achieve remote code execu...
CVE-2008-3981
Oracle Secure Backup 10.1.0.1 contains an unspecified vulnerability in the Oracle Secure Backup component that could allow remote attackers to affect confidentiality via unknown vectors. The NVD entry (CVE-2008-3981) notes a remote, unauthenticated exposure with partial confidentiality impact (CV...