Oracle Enterprise Operations Monitor
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Enterprise Operations Monitor . Enterprise Operations Monitor did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 2 | 9.80 |
2021 | 2 | 7.50 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 6.10 |
It may take a day or so for new Enterprise Operations Monitor vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Enterprise Operations Monitor Security Vulnerabilities
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length
CVE-2022-23219
9.8 - Critical
- January 14, 2022
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Classic Buffer Overflow
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length
CVE-2022-23218
9.8 - Critical
- January 14, 2022
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution.
Classic Buffer Overflow
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data
CVE-2021-43396
7.5 - High
- November 04, 2021
In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug.
In librt in the GNU C Library (aka glibc) through 2.34
CVE-2021-38604
7.5 - High
- August 12, 2021
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
NULL Pointer Dereference
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option
CVE-2015-9251
6.1 - Medium
- January 18, 2018
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Weblogic Server or by Oracle? Click the Watch button to subscribe.