Enterprise Manager Ops Center

enterprise_manager_ops_center

Vendor: Oracle • 107 CVEs

CVEs (107)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1927 8Apache BroadcomCanonical+5 more 14Brocade Fabric Operating System Communications Element ManagerCommunications Session Report Manager+11 more Nov 21, 2024 Apr 2, 2020 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request U...Show more In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.Show less
CVE-2020-1934 6Apache CanonicalDebian+3 more 11Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+8 more Nov 21, 2024 Apr 1, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.
CVE-2020-9327 5Canonical NetappOracle+2 more 11Cloud Backup Communications Messaging ServerCommunications Network Charging And Control+8 more Nov 21, 2024 Feb 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.
CVE-2020-7595 7Canonical DebianFedoraproject+4 more 24Clustered Data Ontap Communications Cloud Native Core Network Function Cloud Native EnvironmentDebian Linux+21 more Dec 3, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2019-20388 6Debian FedoraprojectNetapp+3 more 24Cloud Backup Clustered Data OntapCommunications Cloud Native Core Network Function Cloud Native Environment+21 more Dec 17, 2025 Jan 21, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
CVE-2019-1551 7Canonical DebianFedoraproject+4 more 9Debian Linux Enterprise Manager Ops CenterFedora+6 more Nov 21, 2024 Dec 6, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and...Show more There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).Show less
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-10097 2Apache Oracle 8Communications Element Manager Communications Session Report ManagerCommunications Session Route Manager+5 more Nov 21, 2024 Sep 26, 2019 N/A· v4 7.2 HIGH· v3 6.0 MEDIUM· v2 In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL...Show more In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulnerability could only be triggered by a trusted proxy and not by untrusted HTTP clients.Show less
CVE-2019-10092 8Apache CanonicalDebian+5 more 10Clustered Data Ontap Communications Element ManagerDebian Linux+7 more Nov 21, 2024 Sep 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of...Show more In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server was set up with proxying enabled but was misconfigured in such a way that the Proxy Error page was displayed.Show less
CVE-2019-10082 2Apache Oracle 6Communications Element Manager Enterprise Manager Ops CenterHttp Server+3 more Nov 21, 2024 Sep 26, 2019 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
CVE-2019-5482 6Debian FedoraprojectHaxx+3 more 17Cloud Backup Communications Operations MonitorCommunications Session Border Controller+14 more Apr 15, 2026 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-5481 6Debian FedoraprojectHaxx+3 more 12Cloud Backup Communications Operations MonitorCommunications Session Border Controller+9 more Apr 16, 2026 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-13990 5Apache AtlassianNetapp+2 more 31Active Iq Unified Manager Apache Batik MapviewerBanking Enterprise Originations+28 more Nov 21, 2024 Jul 26, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
CVE-2019-2728 1Oracle 1Enterprise Manager Ops Center Nov 21, 2024 Jul 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerab...Show more Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Networking). Supported versions that are affected are 12.3.3 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Ops Center accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).Show less
CVE-2019-5443 3Haxx NetappOracle 9Curl Enterprise Manager Ops CenterHttp Server+6 more Nov 21, 2024 Jul 2, 2019 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If tha...Show more A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.Show less
CVE-2019-0197 6Apache CanonicalFedoraproject+3 more 11Communications Session Report Manager Communications Session Route ManagerEnterprise Manager Ops Center+8 more Nov 21, 2024 Jun 11, 2019 N/A· v4 4.2 MEDIUM· v3 4.9 MEDIUM· v2 A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the fir...Show more A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. Server that never enabled the h2 protocol or that only enabled it for https: and did not set "H2Upgrade on" are unaffected by this issue.Show less
CVE-2019-5436 7Debian F5Fedoraproject+4 more 11Debian Linux Enterprise Manager Ops CenterFedora+8 more Apr 15, 2026 May 28, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
CVE-2019-2726 1Oracle 1Enterprise Manager Ops Center Nov 21, 2024 May 24, 2019 N/A· v4 6.3 MEDIUM· v3 6.3 MEDIUM· v2 Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulner...Show more Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Services Integration). The supported version that is affected is 12.3.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Ops Center. While the vulnerability is in Enterprise Manager Ops Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Enterprise Manager Ops Center. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H).Show less
CVE-2019-5427 3Fedoraproject MchangeOracle 11C3p0 Communications Ip Service ActivatorCommunications Session Route Manager+8 more Sep 5, 2025 Apr 22, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
CVE-2019-11358 11Backdropcms DebianDrupal+8 more 105Agile Product Lifecycle Management For Process Application ExpressApplication Service Level Management+102 more Nov 21, 2024 Apr 20, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ p...Show more jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.Show less

Previous 1 234 5 6 Next