The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Oracle Fusion Middleware

Apache Ant: information disclosure via Fixcrlf Task Temporary Files Permissions
An attacker can bypass access restrictions to data via Fixcrlf Task Temporary Files Permissions of Apache Ant, in order to obtain sensitive information...
6408860, cpujan2021, CVE-2020-11979, FEDORA-2020-3ce0f55bc5, FEDORA-2020-92b1d001b3, VIGILANCE-VUL-33683
RSA BSAFE Micro Edition Suite: out-of-bounds memory reading via ASN.1 Data
An attacker can force a read at an invalid address via ASN.1 Data of RSA BSAFE Micro Edition Suite, in order to trigger a denial of service, or to obtain sensitive information...
cpujul2019, cpuoct2020, CVE-2018-11058, VIGILANCE-VUL-33645
CKEditor: Cross Site Scripting via HTML Data Processor
An attacker can trigger a Cross Site Scripting via HTML Data Processor of CKEditor, in order to run JavaScript code in the context of the web site...
cpuoct2020, CVE-2020-9281, VIGILANCE-VUL-33637
Apache Derby: privilege escalation via Database Boot
An attacker can bypass restrictions via Database Boot of Apache Derby, in order to escalate his privileges...
6347642, CERTFR-2020-AVI-638, cpujan2019, CVE-2018-1313, VIGILANCE-VUL-33556
JasPer: assertion error via jpc_abstorelstepsize
An attacker can force an assertion error via jpc_abstorelstepsize() of JasPer, in order to trigger a denial of service...
cpuapr2020, cpuoct2020, CVE-2018-9252, openSUSE-SU-2020:1517-1, openSUSE-SU-2020:1523-1, VIGILANCE-VUL-33520
JasPer: out-of-bounds memory reading via jp2_decode
An attacker can force a read at an invalid address via jp2_decode() of JasPer, in order to trigger a denial of service, or to obtain sensitive information...
cpuapr2020, cpuoct2020, CVE-2018-19543, openSUSE-SU-2020:1517-1, openSUSE-SU-2020:1523-1, VIGILANCE-VUL-33519
Terracotta Quartz Scheduler: external XML entity injection via initDocumentParser
An attacker can transmit malicious XML data via initDocumentParser() to Terracotta Quartz Scheduler, in order to read a file, scan sites, or trigger a denial of service...
6344075, cpuapr2020, cpujul2020, cpuoct2020, CVE-2019-13990, VIGILANCE-VUL-33516
Apache ActiveMQ: Man-in-the-Middle via TLS Hostname Verification
An attacker can act as a Man-in-the-Middle via TLS Hostname Verification on Apache ActiveMQ, in order to read or write data in the session...
6344071, cpujan2019, CVE-2018-11775, VIGILANCE-VUL-33510
Apache ActiveMQ: Cross Site Scripting via Webconsole Admin GUI
An attacker can trigger a Cross Site Scripting via Webconsole Admin GUI of Apache ActiveMQ, in order to run JavaScript code in the context of the web site...
6344071, cpujul2020, cpuoct2020, CVE-2020-1941, VIGILANCE-VUL-33509
Apache ActiveMQ: denial of service via Corrupt MQTT Frame
An attacker can trigger a fatal error via Corrupt MQTT Frame of Apache ActiveMQ, in order to trigger a denial of service...
6344071, cpujul2019, CVE-2019-0222, DSA-2019-133, VIGILANCE-VUL-33508
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle Fusion Middleware: