Total
199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0563 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes. | |||||
| CVE-2002-0562 | 1 Oracle | 3 Application Server, Application Server Web Cache, Oracle9i | 2024-11-20 | 5.0 MEDIUM | N/A |
| The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||||
| CVE-2002-0561 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
| The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings. | |||||
| CVE-2002-0560 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-11-20 | 5.0 MEDIUM | N/A |
| PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | |||||
| CVE-2002-0559 | 1 Oracle | 4 Application Server, Application Server Web Cache, Oracle8i and 1 more | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | |||||
| CVE-2002-0386 | 1 Oracle | 1 Application Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | |||||
| CVE-2001-1372 | 1 Oracle | 1 Application Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | |||||
| CVE-2001-1371 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||||
| CVE-2001-1217 | 1 Oracle | 1 Application Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. | |||||
| CVE-2001-1216 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | |||||
| CVE-2001-0591 | 1 Oracle | 2 Application Server, Jsp | 2024-11-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | |||||
| CVE-2001-0419 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/. | |||||
| CVE-2001-0326 | 1 Oracle | 2 Application Server, Oracle8i | 2024-11-20 | 7.5 HIGH | N/A |
| Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. | |||||
| CVE-2000-1236 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. | |||||
| CVE-2000-1235 | 1 Oracle | 1 Application Server | 2024-11-20 | 5.0 MEDIUM | N/A |
| The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files. | |||||
| CVE-2000-0169 | 1 Oracle | 1 Application Server | 2024-11-20 | 7.5 HIGH | N/A |
| Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. | |||||
| CVE-2020-1967 | 10 Broadcom, Debian, Fedoraproject and 7 more | 26 Fabric Operating System, Debian Linux, Fedora and 23 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f). | |||||
| CVE-2018-5407 | 7 Canonical, Debian, Nodejs and 4 more | 20 Ubuntu Linux, Debian Linux, Node.js and 17 more | 2024-02-04 | 1.9 LOW | 4.7 MEDIUM |
| Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'. | |||||
| CVE-2018-0735 | 6 Canonical, Debian, Netapp and 3 more | 23 Ubuntu Linux, Debian Linux, Cloud Backup and 20 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1). | |||||