Headline
CVE-2022-32294: Zimbra Security Advisories - Zimbra :: Tech Center
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the “zmprove ca” command). It is visible in cleartext on port UDP 514 (aka the syslog port).
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
Note: only supported versions are referenced, however older unsupported versions often have the same vulnerabilities and should be upgraded to supported versions as soon as possible.
(going back to ZCS 7.1.3)
Bug#
Summary
CVE-ID
CVSS
Score
Zimbra
Rating
Fix Release or
Patch Version
Reporter
Memcached poisoning with unauthenticated request.
CVE-2022-27924
Medium
9.0.0 Patch 24, 8.8.15 Patch 31
Simon Scannell of Sonarsource
RCE through mboximport from authenticated user.
CVE-2022-27925
Medium
9.0.0 Patch 24, 8.8.15 Patch 31
Mikhail Klyuchnikov of Positive Technologies
Proxy Servlet Open Redirect Vulnerability
CVE-2021-35209
Medium
9.0.0 Patch 16, 8.8.15 Patch 23
Simon Scannell of Sonarsource
Open Redirect Vulnerability in preauth servlet
CVE-2021-34807
Low
9.0.0 Patch 16, 8.8.15 Patch 23
Simon Scannell of Sonarsource
Stored XSS Vulnerability in ZmMailMsgView.java
CVE-2021-35208
Medium
9.0.0 Patch 16, 8.8.15 Patch 23
Simon Scannell of Sonarsource
XSS vulnerability in Zimbra Web Client via loginErrorCode
CVE-2021-35207
Medium
9.0.0 Patch 16, 8.8.15 Patch 23
Heap-based buffer overflow vulnerabilities in PHP < 7.3.10
9.8
Critical
9.0.0 Patch 13
Upstream, see CVE-2019-9641, CVE-2019-9640
Heap-based buffer overflow vulnerabilities in PHP < 7.3.10
9.8
Critical
8.8.15 Patch 20
Upstream, see CVE-2019-9641, CVE-2019-9640
Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities.
7.8
High
9.0.0 Patch 13
Upstream, see CVE-2019-0211, CVE-2019-0217
Upgraded Apache to 2.4.46 to avoid multiple vulnerabilities.
7.8
High
8.8.15 Patch 20
Upstream, see CVE-2019-0211, CVE-2019-0217
XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition)
CVE-2020-35123
Medium
9.0.0 Patch 10
Primerica
XXE (CWE-776) vulnerability in saml consumer store servlet (Network Edition)
CVE-2020-35123
Medium
8.8.15 Patch 17
Primerica
XSS CWE-79 vulnerability in tinymce
n/a
6.1
Medium
9.0.0 Patch 5
Upstream, see CVE-2019-1010091
Memory Leak in nodejs library mem
n/a
5.5
Medium
9.0.0 Patch 5
Upstream, see WS-2018-0236
Persistent XSS
CVE-2020-13653
Minor
8.8.15 Patch 11, 9.0.0 Patch 4
Telenet
Unrestricted Upload of File with Dangerous Type CWE-434
CVE-2020-12846
6.0
Minor
8.8.16 Patch 10, 9.0.0 Patch 3
Telenet
Persistent XSS CWE-79
CVE-2020-11737
4.3
Minor
9.0.0 Patch 2
Zimbra
109174
Non-Persistent XSS CWE-79
CVE-2019-12427
4.3
Minor
8.8.15 Patch 1
Meridian Miftari
109141
Non-Persistent XSS CWE-79
CVE-2019-15313
4.3
Minor
8.8.15 Patch 1
Quang Bui
109124
Non-Persistent XSS CWE-79
CVE-2019-8947
2.6
Minor
-
Issam Rabhi of Sysdream
109123
Persistent XSS CWE-79
CVE-2019-8946
2.6
Minor
-
Issam Rabhi of Sysdream
109122
Persistent XSS CWE-79
CVE-2019-8945
3.5
Minor
-
Issam Rabhi of Sysdream
109117
Persistent XSS CWE-79
CVE-2019-11318
3.5
Minor
8.8.12 Patch 1
Mondher Smii
109127
SSRF CWE-918 / CWE-807
CVE-2019-9621
4.0
Minor
8.7.11 Patch11
8.8.9 Patch10
8.8.10 Patch8
8.8.11 Patch4
8.8.12
An Trinh
109096
Blind SSRF CWE-918
CVE-2019-6981
4.0
Minor
8.7.11 Patch11
8.8.9 Patch10
8.8.10 Patch8
8.8.11 Patch4
8.8.12
An Trinh
109129
XXE CWE-611
(8.7.x only)
CVE-2019-9670
6.4
Major
8.7.11 Patch10
Khanh Van Pham
An Trinh
109097
Insecure object deserialization CWE-502
CVE-2019-6980
5.4
Major
8.7.11 Patch9
8.8.9 Patch10
8.8.10 Patch7
8.8.11 Patch3
8.8.12
An Trinh
109093
XXE CWE-611
CVE-2018-20160
6.4
Major
8.7.x see 109129 above
8.8.9 Patch9
8.8.10 Patch5
8.8.11 Patch1
8.8.12
An Trinh
109017
Non-Persistent XSS CWE-79
CVE-2018-14013
4.3
Minor
8.7.11 Patch8
8.8.9 Patch9
8.8.10 Patch5
8.8.11
Issam Rabhi of Sysdream
109020
Persistent XSS CWE-79
CVE-2018-18631
5.0
Major
8.7.11 Patch7
8.8.9 Patch7
8.8.10 Patch2
8.8.11
Netragard
109018
Non-Persistent CWE-79
CVE-2018-14013
2.6
Minor
8.7.11 Patch7
8.8.9 Patch6
8.8.10 Patch1
8.8.11
Issam Rabhi of Sysdream
109021
Limited Content Spoofing CWE-345
CVE-2018-17938
4.3
Minor
8.8.10
Sumit Sahoo
109012
Account Enumeration CWE-203
CVE-2018-15131
5.0
Major
8.7.11 Patch6
8.8.8 Patch9
8.8.9 Patch3
Danielle Deibler
108970
Persistent XSS CWE-79
CVE-2018-14425
3.5
Minor
8.8.8 Patch7
8.8.9 Patch1
Diego Di Nardo
108902
Persistent XSS CWE-79
CVE-2018-10939
3.5
Minor
8.6.0 Patch11
8.7.11 Patch4
8.8.8 Patch4
Diego Di Nardo
108963
Verbose Error Messages CWE-209
CVE-2018-10950
3.5
Minor
8.7.11 Patch3
8.8.8
Netragard
108962
Account Enumeration CWE-203
CVE-2018-10949
5.0
Major
8.7.11 Patch3
8.8.8
Netragard
108894
Persistent XSS CWE-199
CVE-2018-10951
3.6
Minor
8.6.0 Patch10
8.7.11 Patch3
8.8.8
Netragard
97579
CSRF CWE-352
CVE-2015-7610
5.8
Major
8.6.0 Patch10
8.7.11 Patch2
8.8.8 Patch1
Fortinet’s FortiGuard Labs
108786
Persistent XSS CWE-79
CVE-2018-6882
4.3
Minor
8.6.0 Patch10
8.7.11 Patch1
8.8.7
8.8.8
Stephan Kaag of Securify
108265
Persistent XSS CWE-79
CVE-2017-17703
4.3
Minor
8.6.0 Patch9
8.7.11 Patch1
8.8.3
Veit Hailperin
107963
Host header injection CWE-20
-
4.3
Minor
8.8.0 Beta2
-
107948
107949
Persistent XSS CWE-79
CVE-2018-10948
3.5
Minor
8.6.0 Patch10
8.7.11 Patch3
8.8.0 Beta2
Lucideus
Phil Pearl
107925
Persistent XSS - snippet CWE-79
CVE-2017-8802
3.5
Minor
8.6.0 Patch9
8.7.11 Patch1
8.8.0 Beta2
Compass Security
107878
Persistent XSS - location CWE-79
CVE-2017-8783
4.0
Minor
8.7.10
Stephan Kaag of Securify
107712
Improper limitation of file paths CWE-22
CVE-2017-6821
4.0
Minor
8.7.6
Greg Solovyev, Phil Pearl
107684
Improper handling of privileges CWE-280
CVE-2017-6813
4.0
Major
8.6.0 Patch9
8.7.6
Greg Solovyev
106811
XXE CWE-611
CVE-2016-9924
5.8
Major
8.6.0 Patch10
8.7.4
Alastair Gray
106612
Persistent XSS CWE-79
CVE-2017-7288
4.3
Minor
8.6.0 Patch11
8.7.1
Sammy Forgit
105001
105174
XSS CWE-79
CVE-2016-5721
4.3
2.1
Minor
8.6.0 Patch11
8.7.0
Secu
104552
104703
XSS CWE-79
CVE-2016-3999
4.3
Minor
8.7.0
Nam Habach
104477
Open Redirect CWE-601
CVE-2016-4019
4.3
Minor
8.7.0
Zimbra
104294
104456
CSRF CWE-352
CVE-2016-3406
2.6
Minor
8.6.0 Patch8
8.7.0
Zimbra
104222
104910
105071
105175
XSS CWE-79
CVE-2016-3407
4.3
3.5
4.3
2.1
Minor
8.6.0 Patch11
8.7.0
Zimbra
103997
104413
104414
104777
104791
XSS CWE-79
CVE-2016-3412
3.5
Minor
8.7.0
Zimbra
103996
XXE (Admin) CWE-611-
CVE-2016-3413
2.6
Minor
8.6.0 Patch11
8.7.0
Zimbra
103961
104828
CSRF CWE-352
CVE-2016-3405
4.3
Minor
8.6.0 Patch8
8.7.0
Zimbra
103959
CSRF CWE-352
CVE-2016-3404
4.3
Minor
8.6.0 Patch8
8.7.0
Zimbra
103956
103995
104475
104838
104839
XSS CWE-79
CVE-2016-3410
4.3
Minor
8.6.0 Patch11
8.7.0
Zimbra
103609
XSS CWE-79
CVE-2016-3411
3.5
Minor
8.6.0 Patch11
8.7.0
Zimbra
102637
XSS CWE-79
CVE-2016-3409
4.3
Minor
8.6.0 Patch11
8.7.0
Peter Nguyen
102276
Deserialization of Untrusted Data CWE-502
CVE-2016-3415
5.8
Major
8.7.0
Zimbra
102227
Deserialization of Untrusted Data CWE-502
n/a
7.5
Major
8.7.0
Upstream, see
CVE-2015-4852
102029
CWE-674
CVE-2016-3414
4.0
Minor
8.6.0 Patch7
8.7.0
Zimbra
101813
XSS CWE-79
CVE-2016-3408
4.3
Minor
8.6.0 Patch11
8.7.0
Volexity
100885
100899
CSRF CWE-352
CVE-2016-3403
5.8
Major
8.6.0 Patch8
8.7.0
Sysdream
99810
CWE-284 CWE-203
CVE-2016-3401
3.5
Minor
8.7.0
Zimbra
99167
Account Enumeration CWE-203
CVE-2016-3402
2.6
Minor
8.7.0
Zimbra
101435
101436
Persistent XSS CWE-79
CVE-2015-7609
6.4
2.3
Major
8.6.0 Patch5
8.7.0
Fortinet’s FortiGuard Labs
101559
100133
99854
99914
96973
XSS CWE-79
CVE-2015-2249
3.5
Minor
8.6.0 Patch5
8.7.0
Zimbra
99236
XSS Vuln in YUI components in ZCS
n/a
4.3
Minor
8.6.0 Patch5
Upstream, see
CVE-2012-5881
CVE-2012-5882
CVE-2012-5883
98358
98216
98215
Non-Persistent XSS CWE-79
CVE-2015-2249
4.3
Minor
8.6.0 Patch2
8.7.0
Cure53
97625
Non-Persistent XSS CWE-79
CVE-2015-2230
3.5
Minor
8.6.0 Patch2
MWR InfoSecurity
96105
Improper Input Validation CWE-20
CVE-2014-8563
5.8
Major
8.0.9
8.5.1
8.6.0
83547
CSRF Vulnerability CWE-352
CVE-2015-6541
5.8
Major
8.5.0
iSEC Partners, Sysdream
87412
92825
92833
92835
XSS Vulnerabilities CWE-79
(8.0.7 Patch
contains 87412)
CVE-2014-5500
4.3
Minor
8.0.8
8.5.0
83550
Session Fixation CWE-384
CVE-2013-5119
5.8
Major
8.5.0
-
91484
Patch ZCS8 OpenSSL for CVE-2014-0224
n/a
6.8
Major
8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
Upstream, see
CVE-2014-0224
88708
Patch ZCS8 OpenSSL for CVE-2014-0160
n/a
5.0
Major
8.0.3+Patch
8.0.4+Patch
8.0.5+Patch
8.0.6+Patch
8.0.7+Patch
8.0.7
Upstream, see
CVE-2014-0160
85499
Upgrade to OpenSSL 1.0.1f
n/a
4.3
4.3
5.8
Major
8.0.7
Upstream, see
CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
84547
XXE CWE-611
CVE-2013-7217
6.4
(not 10.0)
Critical
7.2.2_Patch3
7.2.3_Patch
7.2.4_Patch2
7.2.5_Patch
7.2.6
8.0.3_Patch3
8.0.4_Patch2
8.0.5_Patch
8.0.6
Private
85478
XSS vulnerability in message view
-
6.4
Major
8.0.7
Alban Diquet
of iSEC Partners
85411
Local root privilege escalation
-
6.2
Major
8.0.7
Matthew David
85000
Patch nginx for CVE-2013-4547
n/a
7.5
Major
7.2.7
8.0.7
Upstream, see
CVE-2013-4547
80450
80131
80445
80132
Upgrade to JDK 1.6 u41
Upgrade OpenSSL to 1.0.0k
Upgrade to JDK 1.7u15+
Upgrade to OpenSSL 1.0.1d
n/a
2.6
Minor
7.2.3
7.2.3
8.0.3
8.0.3
Upstream, see
CVE-2013-0169
80338
Local file inclusion via skin/branding feature CWE-22
CVE-2013-7091
5.0
Critical
6.0.16_Patch
7.1.1_Patch6
7.1.3_Patch3
7.2.2_Patch2
7.2.3
8.0.2_Patch
8.0.3
Private
77655
Separate keystore for CAs used for X509 authentication
-
5.8
Major
8.0.7
Private
75424
Upgrade to Clamav 0.97.5
n/a
4.3
4.3
4.3
Minor
7.2.1
Upstream, see
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
64981
Do not allow HTTP GET for login
-
6.8
Major
7.1.3_Patch
7.1.4
Private
Related news
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
Ubuntu Security Notice 6936-1 - It was discovered that Apache Commons Collections allowed serialization support for unsafe classes by default. A remote attacker could possibly use this issue to execute arbitrary code.
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet
The China-linked threat actor known as Earth Lusca has been observed targeting government entities using a never-before-seen Linux backdoor called SprySOCKS. Earth Lusca was first documented by Trend Micro in January 2022, detailing the adversary's attacks against public and private sector entities across Asia, Australia, Europe, North America. Active since 2021, the group has relied on
Red Hat strives to get better at what we do, faster at how we do it, while maintaining high quality results. In modern software development, that means focusing on security as early as possible into our software development process, and continuously driving improvements by listening and acting upon early feedback in the Secure Development Lifecycle (SDL). One important tool toward that goal is the Common Weakness Enumeration (CWE), a community-developed taxonomy of flaws. We use CWE classifications to gather intelligence and data to visualize clustering common weaknesses. We can then better
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
Scans of the Internet find that millions of computers, virtual machines, and containers are vulnerable to one or more of the hundreds of cyberattacks currently used in the wild, despite being patchable.
A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple. Targets of the malicious operation included a healthcare research organization
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.
Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.
Punycode-related flaw fails the logo test
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
Is the new Heartbleed or just a bleeding distraction?
Even if the security bug is not another Heartbleed, prepare like it might be, they note — it has potentially sprawling ramifications.
This Metasploit module POSTs a ZIP file containing path traversal characters to the administrator interface for Zimbra Collaboration Suite. If successful, it plants a JSP-based backdoor within the web directory, then executes it. The core vulnerability is a path traversal issue in Zimbra Collaboration Suite's ZIP implementation that can result in the extraction of an arbitrary file to an arbitrary location on the host. This issue is exploitable on Zimbra Collaboration Suite Network Edition versions 9.0.0 Patch 23 and below as well as Zimbra Collaboration Suite Network Edition versions 8.8.15 Patch 30 and below.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two flaws to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The two high-severity issues relate to weaknesses in Zimbra Collaboration, both of which could be chained to achieve unauthenticated remote code execution on affected email servers - CVE-2022-27925 (CVSS score: 7.2)
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: ZVS Tags: cve-2022-27925 Tags: web shell Tags: cve-2022-37042 Tags: authentication Tags: RCE Researchers found that a known RCE vulnerability in Zimbra Collaboration was chained with a new authentication vulnerability to drop backdoor web shells on thousands of servers (Read more...) The post Thousands of Zimbra mail servers backdoored in large scale attack appeared first on Malwarebytes Labs.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924 (CVSS score: 7.5), a command injection flaw in the platform that could lead to the execution of arbitrary
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch.
Attackers could also potentially gain access to various internal services, researcher warns
Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
In PEPPERL+FUCHS WirelessHART-Gateway 3.0.7 to 3.0.9 the SSH and telnet services are active with hard-coded credentials.
Bitcoin Core 0.20.0 allows remote denial of service.
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Vulnerability in the Java SE product of Oracle Java SE (component: Javadoc). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Ja...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/A...
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. Note: CVE-2017-3600 is equivalent to CVE-2016-5483. CVSS 3.0 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service (uninitialized pointer dereference) or possibly have unspecified other impact via a crafted TAR archive.
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment.
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR.
OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.
Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 and 5.6.x through 5.6.12 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Replication.
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.