Lucene search
K
OracleSecure Global Desktop

33 matches found

CVE
CVE
added 2017/06/20 1:0 a.m.7618 views

CVE-2017-3167

CVE-2017-3167 affects Apache httpd 2.2.x prior to 2.2.33 and 2.4.x prior to 2.4.26. The issue is that third‑party modules using ap_get_basic_auth_pw() outside the authentication phase can bypass authentication requirements. Connected sources confirm the impact and upstream fixes: update to httpd ...

9.8CVSS9.6AI score0.20231EPSS
CVE
CVE
added 2017/06/20 1:0 a.m.6045 views

CVE-2017-7668

CVE-2017-7668: Apache httpd contains a buffer over-read in ap_find_token() caused by strict HTTP parsing changes in 2.2.32 and 2.4.24. A remote attacker can craft headers to crash the httpd process or have ap_find_token() return an incorrect value. Affected distributions have addressed this by up...

7.5CVSS8.4AI score0.57472EPSS
CVE
CVE
added 2021/09/16 2:40 p.m.4718 views

CVE-2021-40438

CVE-2021-40438 is an SSRF flaw in Apache HTTP Server 2.4.x through older revisions where a crafted request URI path can cause mod_proxy to forward the request to an origin server chosen by the remote user. The issue affects Apache httpd 2.4.48 and earlier; the CVSSv3.1 base score is 9.0 (CRITICAL...

9CVSS9.5AI score0.99999EPSS
In wild
CVE
CVE
added 2019/09/26 2:7 p.m.3424 views

CVE-2019-10092

The CVE-2019-10092 entry concerns Apache HTTP Server 2.4.0–2.4.39 with a limited cross-site scripting in the mod_proxy error page. The vulnerability lets an attacker craft a link on the error page that could mislead users by pointing to a page of the attacker’s choosing, but exploitation requires...

6.1CVSS7.3AI score0.81466EPSS
CVE
CVE
added 2017/07/13 4:0 p.m.3289 views

CVE-2017-9788

Apache httpd vulnerability CVE-2017-9788 stems from mod_auth_digest not initializing or resetting the value placeholder in Digest Proxy-Authorization headers between key=value assignments, which can leak previous memory data or cause a segfault/DoS. Affected: httpd 2.2.34 and 2.4.x prior to 2.4.2...

9.1CVSS8.4AI score0.5677EPSS
CVE
CVE
added 2014/07/20 10:0 a.m.2122 views

CVE-2014-0226

Apache HTTP Server CVE-2014-0226 is a race-condition vulnerability in the mod_status component that can cause a heap-based buffer overflow, denial of service, and potentially credential disclosure or code execution. Affects httpd before 2.4.10; the issue arises from improper scoreboard handling i...

6.8CVSS7AI score0.85744EPSS
In wildWeb
CVE
CVE
added 2014/03/18 1:0 a.m.1970 views

CVE-2014-0098

CVE-2014-0098 affects the Apache HTTP Server (mod_log_config) prior to version 2.4.8. The vulnerability is caused by how log_cookie is handled during truncation, allowing remote attackers to trigger a denial-of-service (segmentation fault and daemon crash). Public advisories and vendor notes (e.g...

5CVSS8AI score0.25999EPSS
CVE
CVE
added 2018/09/25 9:0 p.m.1654 views

CVE-2018-11763

CVE-2018-11763 affects Apache HTTP Server 2.4.17–2.4.34 and targets the HTTP/2 implementation. The issue arises when a client sends continuous, large SETTINGS frames, allowing a single connection to occupy a server thread and CPU time without triggering a connection timeout. Impact is limited to ...

5.9CVSS5.6AI score0.51002EPSS
CVE
CVE
added 2019/02/27 11:0 p.m.925 views

CVE-2019-1559

OpenSSL vulnerability CVE-2019-1559 describes a padding-oracle weakness where, if an application encounters a fatal protocol error and then calls SSL_shutdown() twice (to send close_notify and to receive one), the server may respond differently to a 0-byte record with invalid padding versus inval...

5.9CVSS6.3AI score0.17139EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.813 views

CVE-2021-3449

CVE-2021-3449 affects OpenSSL 1.1.1.x where a TLSv1.2 server may crash (DoS) if it receives a renegotiation ClientHello that omits the signature_algorithms extension but includes signature_algorithms_cert. The issue is a NULL pointer dereference leading to a denial of service; OpenSSL clients are...

5.9CVSS6.7AI score0.62906EPSS
CVE
CVE
added 2018/10/04 1:0 p.m.748 views

CVE-2018-11784

CVE-2018-11784 affects Apache Tomcat: the default servlet could be tricked into generating redirects to arbitrary URIs when handling requests like /foo, enabling open redirect. Affected branches include 9.0.x (9.0.0.M1–9.0.11), 8.5.x (8.5.0–8.5.33), and 7.0.x (7.0.23–7.0.90). Root cause is how th...

4.3CVSS5.1AI score0.94494EPSS
CVE
CVE
added 2021/07/12 2:55 p.m.607 views

CVE-2021-33037

CVE-2021-33037 affects Apache Tomcat: versions 10.0.0-M1–10.0.6, 9.0.0.M1–9.0.46, and 8.5.0–8.5.66 may mishandle the HTTP transfer-encoding header with reverse proxies, enabling request smuggling. Root cause: improper header handling allowing spoofed content encoding sequencing. Impact stated in ...

5.3CVSS6.1AI score0.75353EPSS
CVE
CVE
added 2018/10/29 1:0 p.m.568 views

CVE-2018-0735

CVE-2018-0735 corresponds to a timing side-channel vulnerability in OpenSSL’s ECDSA signature generation. An attacker could exploit variations in signing to recover the private key. Affected: OpenSSL 1.1.0 (1.1.0-1.1.0i) and OpenSSL 1.1.1 (1.1.1) prior to the fixes. Fixes were released in OpenSSL...

5.9CVSS5.7AI score0.04763EPSS
CVE
CVE
added 2021/03/25 2:25 p.m.564 views

CVE-2021-3450

CVE-2021-3450 affects OpenSSL 1.1.1h–1.1.1j where a bug in the X509_V_FLAG_X509_STRICT path overwrote a prior CA-check result, bypassing the non-CA certificates prohibition unless a programmed purpose is used. When a purpose is configured, the certificate chain is still rejected; the issue is fix...

7.4CVSS7.6AI score0.18339EPSS
CVE
CVE
added 2019/02/06 8:0 p.m.452 views

CVE-2019-3822

CVE-2019-3822 affects libcurl 7.36.0 through before 7.64.0. The vulnerability is a stack-based buffer overflow in the NTLM header creation path: Curl_auth_create_ntlm_type3_message() uses unsigned arithmetic to guard a local buffer, but the check is insufficient, allowing the output data to excee...

9.8CVSS9.3AI score0.12771EPSS
CVE
CVE
added 2018/02/28 8:0 p.m.388 views

CVE-2018-1304

Apache Tomcat vulnerability CVE-2018-1304 arises from incorrect handling of the empty string URL pattern ("") in security constraint processing, allowing unauthorized access to protected resources. Affected versions: Tomcat 9.0.0.M1–9.0.4, 8.5.0–8.5.27, 8.0.0.RC1–8.0.49, and 7.0.0–7.0.84. This is...

5.9CVSS6.7AI score0.17716EPSS
CVE
CVE
added 2019/05/01 8:3 p.m.290 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.86503EPSS
Web
CVE
CVE
added 2019/02/06 8:0 p.m.287 views

CVE-2018-16890

CVE-2018-16890 affects libcurl versions 7.36.0 to before 7.64.0. The NTLM type-2 handling path (lib/vauth/ntlm.c:ntlm_decode_type2_target) fails to validate incoming data, enabling an integer overflow that an attacker could abuse to trigger a heap read out-of-bounds. Related issues in the same se...

7.5CVSS8.6AI score0.05351EPSS
CVE
CVE
added 2019/02/06 8:0 p.m.286 views

CVE-2019-3823

CVE-2019-3823 affects curl/libcurl from version 7.34.0 through before 7.64.0. The issue is a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to smtp_endofresp() isn’t NUL terminated and contains no character ending the parsed number, and len is 5, a...

7.5CVSS8.5AI score0.04286EPSS
CVE
CVE
added 2018/08/02 1:0 p.m.255 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.10554EPSS
CVE
CVE
added 2019/10/02 1:58 p.m.163 views

CVE-2019-17091

CVE-2019-17091 affects Eclipse Mojarra (used in Mojarra for Eclipse EE4J) with an issue in faces/context/PartialViewContextImpl.java that allows Reflected XSS. Affected versions are Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20. The root cause is mishandling of...

6.1CVSS6.4AI score0.02469EPSS
CVE
CVE
added 2013/06/15 7:0 p.m.91 views

CVE-2013-2064

CVE-2013-2064 is an integer overflow vulnerability in X.Org libxcb 1.9 and earlier that can cause a heap/allocation issue and buffer overflow via read_packet. Connected advisories confirm this flaw affects libxcb and related X11 client libraries, with CentOS/RHEL/Fedora updates issued to fix mult...

6.8CVSS9.2AI score0.02451EPSS
CVE
CVE
added 2018/12/13 7:0 p.m.68 views

CVE-2018-19439

Oracle Secure Global Desktop (SGD) Administration Console 4.4 contains a reflected Cross-Site Scripting vulnerability in helpwindow.jsp, exploitable via all parameters (notably windowTitle). The underlying issue is reflected XSS in helpwindow.jsp that can execute arbitrary script in a victim’s br...

6.1CVSS5.7AI score0.20457EPSS
Web
CVE
CVE
added 2021/07/20 10:44 p.m.57 views

CVE-2021-2446

CVE-2021-2446 affects Oracle Secure Global Desktop, Client component, version 5.6. The vulnerability allows a network-accessible, unauthenticated attacker to compromise the product, with attacks requiring user interaction and potentially leading to takeover of Oracle Secure Global Desktop and imp...

9.6CVSS9AI score0.0158EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.54 views

CVE-2021-2248

CVE-2021-2248 affects Oracle Secure Global Desktop (Server component) with affected version 5.6. Descriptions across NVD/Red Hat/CVEs state an unauthenticated attacker with network access via multiple protocols can compromise Oracle Secure Global Desktop, potentially leading to takeover. The root...

10CVSS8.9AI score0.02497EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.53 views

CVE-2021-2177

CVE-2021-2177 affects Oracle Secure Global Desktop (Gateway) version 5.6. The vulnerability allows an unauthenticated attacker with network access via multiple protocols to take over Oracle Secure Global Desktop. The description in multiple sources confirms the impact as takeover; no root-cause o...

10CVSS8.9AI score0.02497EPSS
CVE
CVE
added 2021/04/22 9:53 p.m.52 views

CVE-2021-2221

CVE-2021-2221 affects Oracle Secure Global Desktop (Client) with vulnerable version 5.6. Multiple sources indicate an input-validation/remote code-execution style flaw in the Client component that can allow an unauthenticated attacker to execute arbitrary code over network protocols, potentially ...

9.6CVSS8.6AI score0.01992EPSS
CVE
CVE
added 2016/01/21 2:0 a.m.49 views

CVE-2016-0501

CVE-2016-0501 is associated with Oracle Secure Global Desktop (SGD) Core component in SGD/Oracle Virtualization 5.2. Connected sources indicate an unspecified vulnerability in SGD Core that allows remote attackers to cause a denial-of-service condition. Concrete exploitation details, affected sub...

5CVSS4.3AI score0.01885EPSS
CVE
CVE
added 2016/10/25 2:0 p.m.48 views

CVE-2016-5580

CVE-2016-5580 applies to Oracle Secure Global Desktop ( SGD ) Web Services in Oracle Virtualization 4.7 and 5.2. A remote authenticated attacker could affect confidentiality and availability via the SGD Web Services component. The CVSS data indicates high impact on confidentiality and availabilit...

9.6CVSS7.6AI score0.01712EPSS
CVE
CVE
added 2021/10/20 10:51 a.m.48 views

CVE-2021-35650

CVE-2021-35650 affects Oracle Secure Global Desktop (Oracle Virtualization), component: Client, version 5.6. The vulnerability is exploitable by a low-privileged user with network access via multiple protocols; exploitation requires user interaction and can grant unauthorized read access to a dat...

4.9CVSS3.7AI score0.00616EPSS
CVE
CVE
added 2021/07/20 10:44 p.m.45 views

CVE-2021-2447

Summary : CVE-2021-2447 affects Oracle Secure Global Desktop (Server component) on version 5.6. The vulnerability allows a low-privilege, network-based attacker to compromise the product via multiple protocols, potentially leading to takeover of Oracle Secure Global Desktop. This is consistent wi...

9.9CVSS9AI score0.01095EPSS
CVE
CVE
added 2016/07/21 10:0 a.m.43 views

CVE-2016-3613

CVE-2016-3613 is an unspecified vulnerability in Oracle Secure Global Desktop within Oracle Virtualization 4.63, 4.71, and 5.2, affecting confidentiality, integrity, and availability via OpenSSL-related vectors. The vulnerability is listed across multiple sources (NVD entry, SUSE/Tenable/Nessus p...

10CVSS8.4AI score0.05477EPSS
CVE
CVE
added 2021/10/20 10:51 a.m.40 views

CVE-2021-35649

CVE-2021-35649 affects Oracle Secure Global Desktop (Server component) in Oracle Virtualization, with affected version 5.6. The vulnerability allows a low-privilege, network-accessing attacker to read a subset of data and cause partial denial of service. CVSS 3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U...

5.5CVSS4.6AI score0.00779EPSS