Skip to main content

Oss Support Tools

18 CVEs product

Monthly

CVE-2022-21405 MEDIUM This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Oss Support Tools
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-41973 Maven MEDIUM PATCH This Month

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Mina Banking Payments Banking Trade Finance Process Management +6
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2021-2351 HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option Agile Engineering Data Management Agile Plm +108
NVD
CVSS 3.1
8.3
EPSS
2.5%
CVE-2021-30129 Maven MEDIUM PATCH This Month

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.0.0 and later versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Apache Sshd Banking Payments Banking Trade Finance +6
NVD
CVSS 3.1
6.5
EPSS
3.4%
CVE-2021-2303 MEDIUM PATCH This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Oss Support Tools
NVD
CVSS 3.1
4.9
EPSS
1.5%
CVE-2021-29425 Maven MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io Debian Linux Access Manager +57
NVD
CVSS 3.1
4.8
EPSS
10.6%
CVE-2021-27568 Maven MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 Communications Cloud Native Core Policy Oss Support Tools +3
NVD GitHub
CVSS 3.1
5.9
EPSS
2.9%
CVE-2020-11023 LIB MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-5481 CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora Cloud Backup Steelstore +8
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2019-5443 HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE Curl Enterprise Manager Ops Center +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-5436 HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE Libcurl Leap +9
NVD VulDB
CVSS 3.1
7.8
EPSS
13.3%
CVE-2018-2617 HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Oss Support Tools
NVD
CVSS 3.0
7.5
EPSS
1.8%
CVE-2018-2616 HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Oss Support Tools
NVD
CVSS 3.0
8.8
EPSS
27.1%
CVE-2018-2615 HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Oss Support Tools
NVD
CVSS 3.0
8.8
EPSS
1.4%
CVE-2016-7103 LIB MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express Business Intelligence Hospitality Cruise Fleet Management +9
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2015-3197 MEDIUM PATCH This Month

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.2%.

OpenSSL Information Disclosure Tuxedo Exalogic Infrastructure Peoplesoft Enterprise Peopletools +2
NVD
CVSS 3.0
5.9
EPSS
14.2%
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Oracle Explorer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Oss Support Tools
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Mina +8
NVD
EPSS 2% CVSS 8.3
HIGH POC PATCH This Week

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Oracle Information Disclosure Advanced Networking Option +110
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error.0.0 and later versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Apache Sshd +8
NVD
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Oss Support Tools
NVD
EPSS 11% CVSS 4.8
MEDIUM POC PATCH THREAT This Month

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache Path Traversal Commons Io +59
NVD
EPSS 3% CVSS 5.9
MEDIUM POC PATCH This Month

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Json Smart V1 Json Smart V2 +5
NVD GitHub
EPSS 84% CVSS 6.1
MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux +50
NVD GitHub Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl +16
NVD VulDB
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Curl Fedora +10
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE +9
NVD
EPSS 13% CVSS 7.8
HIGH POC PATCH THREAT Act Now

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Heap Overflow Buffer Overflow RCE +11
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Oss Support Tools
NVD
EPSS 27% CVSS 8.8
HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Oss Support Tools
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Oss Support Tools
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express +11
NVD GitHub
EPSS 14% CVSS 5.9
MEDIUM PATCH This Month

ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.2%.

OpenSSL Information Disclosure Tuxedo +4
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy