Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2017-04-17 |
| Product | Communications Webrtc Session Controller | Last view | 2018-10-16 |
| Version | * | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:oracle:communications_webrtc_session_controller | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2018-10-16 | CVE-2018-3246 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
| 7.5 | 2018-06-05 | CVE-2018-1000180 | Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. |
| 9.8 | 2018-05-24 | CVE-2018-8013 | In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization. |
| 9.1 | 2018-05-24 | CVE-2018-1000301 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. |
| 9.1 | 2018-03-14 | CVE-2018-1000122 | A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage |
| 7.5 | 2018-03-14 | CVE-2018-1000121 | A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service |
| 9.8 | 2018-03-14 | CVE-2018-1000120 | A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. |
| 6.1 | 2018-01-18 | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
| 9.8 | 2017-04-17 | CVE-2017-5645 | In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (2) | CWE-502 | Deserialization of Untrusted Data |
| 25% (2) | CWE-125 | Out-of-bounds Read |
| 12% (1) | CWE-787 | Out-of-bounds Write |
| 12% (1) | CWE-476 | NULL Pointer Dereference |
| 12% (1) | CWE-327 | Use of a Broken or Risky Cryptographic Algorithm |
| 12% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2019-01-10 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-fa01002d7e.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-ceced55c5e.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-bc65ab5014.nasl - Type: ACT_GATHER_INFO |
| 2019-01-03 | Name: The remote Fedora host is missing a security update. File: fedora_2018-168af81706.nasl - Type: ACT_GATHER_INFO |
| 2018-11-16 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-3157.nasl - Type: ACT_GATHER_INFO |
| 2018-10-26 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1330.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0068.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0158.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0124.nasl - Type: ACT_GATHER_INFO |
| 2018-08-08 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_3_4_8.nasl - Type: ACT_GATHER_INFO |
| 2018-07-16 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_fe93803c883f11e89f0c001b216d295b.nasl - Type: ACT_GATHER_INFO |
| 2018-07-03 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1202.nasl - Type: ACT_GATHER_INFO |
| 2018-07-03 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2018-1203.nasl - Type: ACT_GATHER_INFO |
| 2018-06-25 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4233.nasl - Type: ACT_GATHER_INFO |
| 2018-06-20 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201806-05.nasl - Type: ACT_GATHER_INFO |
| 2018-06-19 | Name: The remote Fedora host is missing a security update. File: fedora_2018-da9fe79871.nasl - Type: ACT_GATHER_INFO |
| 2018-06-12 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-1029.nasl - Type: ACT_GATHER_INFO |
| 2018-06-11 | Name: The remote Fedora host is missing a security update. File: fedora_2018-79792e0c64.nasl - Type: ACT_GATHER_INFO |
| 2018-06-05 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4215.nasl - Type: ACT_GATHER_INFO |
| 2018-05-29 | Name: The remote Debian host is missing a security update. File: debian_DLA-1385.nasl - Type: ACT_GATHER_INFO |
| 2018-05-24 | Name: The remote Fedora host is missing a security update. File: fedora_2018-9dc7338487.nasl - Type: ACT_GATHER_INFO |
| 2018-05-18 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4202.nasl - Type: ACT_GATHER_INFO |
| 2018-05-17 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_04fe6c8d2a344009a81ee7a7e759b5d2.nasl - Type: ACT_GATHER_INFO |
| 2018-05-17 | Name: The remote Debian host is missing a security update. File: debian_DLA-1379.nasl - Type: ACT_GATHER_INFO |
