Skip to main content

Iplanet Web Server

7 CVEs product

Monthly

CVE-2020-9315 HIGH POC THREAT This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Iplanet Web Server
NVD
CVSS 3.1
7.5
EPSS
81.8%
CVE-2020-9314 MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oracle Iplanet Web Server
NVD
CVSS 3.1
4.8
EPSS
1.3%
CVE-2017-10055 MEDIUM PATCH This Month

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Iplanet Web Server
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-1950 HIGH This Week

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE Network Security Services Firefox +10
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2015-7182 CRITICAL PATCH Act Now

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.0%.

Denial Of Service Mozilla Buffer Overflow RCE Traffic Director +6
NVD
CVSS 3.0
9.8
EPSS
11.0%
CVE-2013-1620 MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services Ubuntu Linux Enterprise Manager Ops Center +12
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-1738 MEDIUM This Month

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure Iplanet Web Server Sun Products Suite Java System Web Server
NVD
CVSS 2.0
5.0
EPSS
1.1%
EPSS 82% CVSS 7.5
HIGH POC THREAT This Week

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Iplanet Web Server
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oracle Iplanet Web Server
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Iplanet Web Server
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Buffer Overflow RCE +12
NVD
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.0%.

Denial Of Service Mozilla Buffer Overflow +8
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Network Security Services +14
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Oracle Information Disclosure +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy