Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2016-02-14 |
| Product | Oss Support Tools | Last view | 2019-05-28 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.8 | 2019-05-28 | CVE-2019-5436 | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. |
| 6.1 | 2018-01-18 | CVE-2015-9251 | jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
| 7.5 | 2018-01-17 | CVE-2018-2617 | Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all OSS Support Tools accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
| 8.8 | 2018-01-17 | CVE-2018-2616 | Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). |
| 8.8 | 2018-01-17 | CVE-2018-2615 | Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise OSS Support Tools. Successful attacks of this vulnerability can result in takeover of OSS Support Tools. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). |
| 5.9 | 2016-02-14 | CVE-2015-3197 | ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 25% (1) | CWE-787 | Out-of-bounds Write |
| 25% (1) | CWE-310 | Cryptographic Issues |
| 25% (1) | CWE-200 | Information Exposure |
| 25% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2016-04-05 | SSLv2 Client Hello attempt RuleID : 38060 - Type : POLICY-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-02-28 | Name: The version of Arista Networks EOS running on the remote device is affected b... File: arista_eos_sa0018.nasl - Type: ACT_GATHER_INFO |
| 2018-02-07 | Name: The remote web server is affected by a cross site scripting vulnerability. File: jquery_2_2_0.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1040.nasl - Type: ACT_GATHER_INFO |
| 2017-05-01 | Name: The remote EulerOS host is missing multiple security updates. File: EulerOS_SA-2017-1039.nasl - Type: ACT_GATHER_INFO |
| 2017-01-05 | Name: The remote device is missing a vendor-supplied security patch. File: juniper_jsa10759.nasl - Type: ACT_GATHER_INFO |
| 2016-07-14 | Name: The remote Fedora host is missing a security update. File: fedora_2016-e1234b65a2.nasl - Type: ACT_GATHER_INFO |
| 2016-07-14 | Name: The remote Fedora host is missing a security update. File: fedora_2016-c558e58b21.nasl - Type: ACT_GATHER_INFO |
| 2016-06-22 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2016-0071.nasl - Type: ACT_GATHER_INFO |
| 2016-05-16 | Name: The remote OracleVM host is missing a security update. File: oraclevm_OVMSA-2016-0049.nasl - Type: ACT_GATHER_INFO |
| 2016-05-12 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-563.nasl - Type: ACT_GATHER_INFO |
| 2016-05-02 | Name: The remote host is missing one or more security updates. File: mysql_5_7_12_rpm.nasl - Type: ACT_GATHER_INFO |
| 2016-05-02 | Name: The remote host is missing one or more security updates. File: mysql_5_6_30_rpm.nasl - Type: ACT_GATHER_INFO |
| 2016-04-22 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_7_12.nasl - Type: ACT_GATHER_INFO |
| 2016-04-22 | Name: The remote database server is affected by multiple vulnerabilities. File: mysql_5_6_30.nasl - Type: ACT_GATHER_INFO |
| 2016-04-22 | Name: An application installed on the remote host is affected by multiple vulnerabi... File: virtualbox_5_0_18.nasl - Type: ACT_GATHER_INFO |
| 2016-04-07 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-682.nasl - Type: ACT_GATHER_INFO |
| 2016-03-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-327.nasl - Type: ACT_GATHER_INFO |
| 2016-03-11 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2016-661.nasl - Type: ACT_GATHER_INFO |
| 2016-03-10 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20160309_openssl098e_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2016-03-10 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2016-0379.nasl - Type: ACT_GATHER_INFO |
| 2016-03-10 | Name: The remote AIX host has a version of OpenSSL installed that is affected by mu... File: aix_openssl_advisory17.nasl - Type: ACT_GATHER_INFO |
| 2016-03-09 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-0372.nasl - Type: ACT_GATHER_INFO |
| 2016-03-09 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2016-0372.nasl - Type: ACT_GATHER_INFO |
| 2016-03-09 | Name: The remote CentOS host is missing a security update. File: centos_RHSA-2016-0372.nasl - Type: ACT_GATHER_INFO |
| 2016-03-08 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2016-0678-1.nasl - Type: ACT_GATHER_INFO |
