RSS   Vulnerabilities for 'Application server'   RSS

2018-11-15
 
CVE-2018-5407

CWE-200
 

 
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

 
2018-10-29
 
CVE-2018-0735

CWE-320
 

 
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

 
2010-01-12
 
CVE-2010-0070

CWE-noinfo
 

 
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.

 
 
CVE-2010-0067

CWE-noinfo
 

 
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.

 
 
CVE-2010-0066

CWE-noinfo
 

 
Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

 
 
CVE-2009-3412

CWE-noinfo
 

 
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.

 
2009-10-22
 
CVE-2009-3407

 

 
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.

 
 
CVE-2009-1999

CWE-noinfo
 

 
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.

 
 
CVE-2009-1990

CWE-noinfo
 

 
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.

 
2009-07-14
 
CVE-2009-1976

CWE-noinfo
 

 
Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

 


Copyright 2019, cxsecurity.com

 

Back to Top