Filtered by vendor Oracle Subscriptions
Filtered by product Application Server Subscriptions
Total 199 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-1967 10 Broadcom, Debian, Fedoraproject and 7 more 26 Fabric Operating System, Debian Linux, Fedora and 23 more 2024-11-21 7.5 High
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).
CVE-2018-5407 7 Canonical, Debian, Nodejs and 4 more 23 Ubuntu Linux, Debian Linux, Node.js and 20 more 2024-11-21 4.7 Medium
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-0735 7 Canonical, Debian, Netapp and 4 more 24 Ubuntu Linux, Debian Linux, Cloud Backup and 21 more 2024-11-21 5.9 Medium
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).
CVE-2010-0070 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.
CVE-2010-0067 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.
CVE-2010-0066 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
CVE-2009-3412 1 Oracle 2 Application Server, Database Server 2024-11-21 N/A
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.
CVE-2009-3407 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.
CVE-2009-1999 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.
CVE-2009-1990 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
CVE-2009-1976 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
CVE-2009-1017 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
CVE-2009-1011 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
CVE-2009-1010 2 Ibm, Oracle 2 Websphere Portal, Application Server 2024-11-21 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
CVE-2009-1009 2 Ibm, Oracle 2 Websphere Portal, Application Server 2024-11-21 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.
CVE-2009-1008 2 Ibm, Oracle 2 Websphere Portal, Application Server 2024-11-21 N/A
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
CVE-2009-0996 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2009-0994 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017.
CVE-2009-0993 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the OPMN component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a format string vulnerability that allows remote attackers to execute arbitrary code via format string specifiers in an HTTP POST URI, which are not properly handled when logging to opmn/logs/opmn.log.
CVE-2009-0990 1 Oracle 1 Application Server 2024-11-21 N/A
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, and 10.1.3.3.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-0989.