Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle secure global desktop 5.4 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-35649
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle S...
Oracle Secure Global Desktop 5.6
6.1
CVSSv3
CVE-2019-17091
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J prior to 2.3.10 and Mojarra JavaServer Faces prior to 2.2.20, allows Reflected XSS because a client window field is mishandled.
Eclipse Mojarra
Oracle Mojarra Javaserver Faces
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Banking Enterprise Product Manufacturing 2.7.0
Oracle Banking Enterprise Product Manufacturing 2.8.0
Oracle Communications Diameter Signaling Router
Oracle Communications Network Integrity 7.3.5
Oracle Communications Network Integrity 7.3.6
Oracle Communications Unified Inventory Management 7.3.0
Oracle Communications Unified Inventory Management 7.4.0
Oracle Enterprise Data Quality 12.2.1.3.0
Oracle Health Sciences Information Manager 3.0
Oracle Healthcare Data Repository 7.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Primavera P6 Enterprise Project Portfolio Management 19.12.0.0
Oracle Rapid Planning 12.1
Oracle Rapid Planning 12.2
Oracle Retail Advanced Inventory Planning 15.0
Oracle Retail Advanced Inventory Planning 16.0
Oracle Retail Assortment Planning 16.0.3
Oracle Retail Bulk Data Integration 16.0.3.0
6.1
CVSSv3
CVE-2019-10092
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server ...
Apache Http Server
Opensuse Leap 15.0
Opensuse Leap 15.1
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Software Collection 1.0
Fedoraproject Fedora 30
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Netapp Clustered Data Ontap 9.6
Netapp Clustered Data Ontap
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Secure Global Desktop 5.4
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Secure Global Desktop 5.5
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.1.0
Oracle Communications Element Manager 8.0.0
1 EDB exploit
2 Github repositories
7.5
CVSSv3
CVE-2019-0227
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor t...
Apache Axis 1.4
Oracle Agile Product Lifecycle Management Framework 9.3.3
Oracle Flexcube Private Banking 12.1.0
Oracle Primavera Unifier 16.2
Oracle Peoplesoft Enterprise Human Capital Management Human Resources 9.2
Oracle Retail Xstore Point Of Service 7.1
Oracle Enterprise Manager Base Platform 12.1.0.5
Oracle Flexcube Private Banking 12.0.0
Oracle Primavera Unifier 16.1
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Hospitality Guest Access 4.2.0
Oracle Hospitality Guest Access 4.2.1
Oracle Tuxedo 12.1.3
Oracle Internet Directory 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Communications Order And Service Management 7.3.0.0.0
Oracle Flexcube Core Banking 11.7.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.2.0.1
Oracle Application Testing Suite 13.3.0.1
Oracle Secure Global Desktop 5.4
Oracle Retail Order Broker 15.0
1 EDB exploit
2 Github repositories
5.9
CVSSv3
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 by...
Openssl Openssl
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Hyper Converged Infrastructure -
Netapp Cloud Backup -
Netapp Santricity Smi-s Provider -
Netapp Element Software -
Netapp Snapdrive -
Netapp Snapcenter -
Netapp Storage Automation Store -
Netapp Ontap Select Deploy -
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Unified Manager -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Service Processor -
3 Github repositories
9.8
CVSSv3
CVE-2019-3822
libcurl versions from 7.36.0 to prior to 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously receive...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager
Netapp Clustered Data Ontap
Siemens Sinema Remote Connect Client
Oracle Http Server 12.2.1.3.0
Oracle Enterprise Manager Ops Center 12.3.3
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Oracle Enterprise Manager Ops Center 12.4.0
Oracle Services Tools Bundle 19.2
Oracle Mysql Server
Redhat Enterprise Linux 8.0
3 Github repositories
7.5
CVSSv3
CVE-2019-3823
libcurl versions from 7.34.0 to prior to 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
7.5
CVSSv3
CVE-2018-16890
libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vul...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Siemens Sinema Remote Connect Client
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Redhat Enterprise Linux 8.0
F5 Big-ip Access Policy Manager
1 Github repository
6.1
CVSSv3
CVE-2018-19439
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle p...
Oracle Secure Global Desktop 4.4
5.9
CVSSv3
CVE-2018-0735
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
Openssl Openssl 1.1.1
Openssl Openssl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Nodejs Node.js 10.13.0
Nodejs Node.js
Netapp Cn1610 Firmware -
Netapp Cloud Backup -
Netapp Oncommand Unified Manager
Netapp Steelstore -
Netapp Santricity Smi-s Provider -
Netapp Element Software -
Netapp Snapdrive -
Netapp Smi-s Provider -
Oracle Primavera P6 Enterprise Project Portfolio Management 16.2
Oracle Api Gateway 11.1.2.4.0
Oracle Primavera P6 Enterprise Project Portfolio Management 15.1
Oracle Primavera P6 Enterprise Project Portfolio Management 16.1
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »