Check CVE Id
Check CWE Id
'Communications operations monitor'
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 22.214.171.124.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.
Application server web cache
Corporate time outlook connector
Application server portal
Enterprise manager database control
Enterprise manager grid control
Database server lite
10g reports server
10g enterprise manager database control
Enterprise manager application server control
Peoplesoft enterprise customer relationship management
Application server discussion forum portlet
Peoplesoft enterprise portal
10g enterprise manager grid control
Collaboration suite 10g release 1
Peoplesoft enterprise tools
Rapid install web server
Peoplesoft enterprise human capital management
Peoplesoft enterprise peopletools
Secure enterprise search
Enterprise grid console server
Application server 9i
Application server 10g
E-business suite 11i
E-business suite 12
Peoplesoft hcm eperformance
Bea product suite
Webloic server component
Weblogic server component
Oracle portal component
Report manager component
Application object library
Enterprise manager 10g
Instance management component
Advanced replication component
Oracle application server
Mobile application server
Times ten client server component
Times ten in memory database
Times ten client server
Data pump component
Advanced queuing component
Oracle applications technology stack component
Core rdbms component
Hyperion bi plus component
Oracle http server component
Jd edwards enterpriseone
Peoplesoft peopletools component
Jd edwards enterpriseone ep
Timesten in-memory database
Enterprise manager grid control 10g
See all Products for Vendor
Back to Top