| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center. |
| Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer. |
| Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows remote attackers to affect confidentiality via vectors related to RAC Management. |
| Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning. |
| The cache_merge_headers_out function in modules/cache/cache_util.c in the mod_cache module in the Apache HTTP Server before 2.4.11 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty HTTP Content-Type header. |
| The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. |
| Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. |
| Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. |
| Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management. |
| Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. |
| Unspecified vulnerability in the SQL Performance Advisories/UIs component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability, related to SQL Details UI & Explain Plan. |
| Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
| Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
| Unspecified vulnerability in the Content Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler. |
| Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management. |
| Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI. |
| Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors. |
| Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality and integrity via unknown vectors related to Authentication. |
| Unspecified vulnerability in the Console component in Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5 allows remote attackers to affect integrity via unknown vectors. |