oracle enterprise manager 12.1.0.5.0 vulnerabilities and exploits

(subscribe to this query)

Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low privileg...

Oracle Enterprise Manager 12.1.0.5.0 Oracle Enterprise Manager 13.3.1.0.0 Oracle Enterprise Manager 13.2.2.0.0 Oracle Enterprise Manager 13.3.2.0.0

In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.

Apache Activemq Netapp E-series Santricity Web Services -Oracle Enterprise Repository 12.1.3.0.0 Oracle Enterprise Manager Base Platform 13.2.0.0.0 Oracle Enterprise Manager Base Platform 12.1.0.5.0 Oracle Enterprise Manager Base Platform 13.3.0.0.0 Oracle Goldengate Stream Analytics Oracle Identity Manager Connector 9.0 Oracle Communications Diameter Signaling Router 8.2.1 Oracle Communications Diameter Signaling Router 8.0.0 Oracle Communications Diameter Signaling Router 8.1 Oracle Communications Diameter Signaling Router 8.2 Debian Debian Linux 9.0

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

1 Github repository

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

Canonical Ubuntu Linux 16.04 Canonical Ubuntu Linux 14.04 Canonical Ubuntu Linux 18.04 Canonical Ubuntu Linux 18.10 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Nodejs Node.js Openssl Openssl Tenable Nessus Oracle Primavera P6 Enterprise Project Portfolio Management 16.2 Oracle Api Gateway 11.1.2.4.0 Oracle Primavera P6 Enterprise Project Portfolio Management 15.1 Oracle Primavera P6 Enterprise Project Portfolio Management 16.1 Oracle Primavera P6 Enterprise Project Portfolio Management 15.2 Oracle Peoplesoft Enterprise Peopletools 8.55 Oracle Primavera P6 Enterprise Project Portfolio Management 8.4 Oracle Peoplesoft Enterprise Peopletools 8.56 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Primavera P6 Enterprise Project Portfolio Management Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 Oracle Vm Virtualbox

1 EDB exploit1 Github repository

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fi...

1 Github repository

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserializat...

Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api Netapp Oncommand Workflow Automation -Opensuse Leap 15.1 Oracle Retail Xstore Point Of Service 7.1 Oracle Api Gateway 11.1.2.4.0 Oracle Enterprise Repository 12.1.3.0.0 Oracle Retail Xstore Point Of Service 7.0 Oracle Enterprise Repository 11.1.1.7.0 Oracle Peoplesoft Enterprise Peopletools 8.55 Oracle Peoplesoft Enterprise Peopletools 8.56 Oracle Communications Webrtc Session Controller 7.2 Oracle Webcenter Portal 12.2.1.3.0 Oracle Webcenter Portal 11.1.1.9.0 Oracle Weblogic Server 12.2.1.3 Oracle Business Process Management Suite 12.1.3.0.0 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Business Process Management Suite 11.1.1.9.0 Oracle Soa Suite 12.1.3.0.0 Oracle Soa Suite 12.2.1.3.0 Oracle Peoplesoft Enterprise Peopletools 8.57 Oracle Managed File Transfer 12.2.1.3.0 Oracle Communications Converged Application Server

1 Github repository

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by...

3 Github repositories

Spring Framework (versions 5.0.x before 5.0.7, versions 4.3.x before 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-e...

Vmware Spring Framework Oracle Retail Xstore Point Of Service 7.1 Oracle Weblogic Server 12.1.3.0.0 Oracle Application Testing Suite 12.5.0.3 Oracle Hospitality Guest Access 4.2.0 Oracle Hospitality Guest Access 4.2.1 Oracle Weblogic Server 10.3.6.0.0 Oracle Weblogic Server 12.2.1.3.0 Oracle Enterprise Manager Ops Center 12.3.3 Oracle Primavera P6 Enterprise Project Portfolio Management 18.8 Oracle Application Testing Suite 13.1.0.1 Oracle Application Testing Suite 13.2.0.1 Oracle Application Testing Suite 13.3.0.1 Oracle Communications Diameter Signaling Router Oracle Communications Performance Intelligence Center Oracle Communications Services Gatekeeper Oracle Endeca Information Discovery Integrator 3.1.0 Oracle Endeca Information Discovery Integrator 3.2.0 Oracle Health Sciences Information Manager 3.0 Oracle Healthcare Master Person Index 3.0 Oracle Healthcare Master Person Index 4.0 Oracle Insurance Calculation Engine 10.2

1 Github repository

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook