Secure Global Desktop
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-3167 | Cri | 0.65 | 9.8 | 0.20 | Jun 20, 2017 | In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. | ||
| CVE-2017-9788 | Cri | 0.64 | 9.1 | 0.57 | Jul 13, 2017 | In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment… | ||
| CVE-2016-3613 | Cri | 0.64 | 9.8 | 0.05 | Jul 21, 2016 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. | ||
| CVE-2016-5580 | Cri | 0.63 | 9.6 | 0.02 | Oct 25, 2016 | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. | ||
| CVE-2017-7668 | Hig | 0.53 | 7.5 | 0.57 | Jun 20, 2017 | The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a… | ||
| CVE-2014-0226 | 0.10 | — | 0.86 | Jul 20, 2014 | Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers… | |||
| CVE-2018-19439 | 0.03 | — | 0.21 | Dec 13, 2018 | XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle… | |||
| CVE-2014-0098 | 0.02 | — | 0.26 | Mar 18, 2014 | The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation. | |||
| CVE-2021-35650 | 0.00 | — | 0.01 | Oct 20, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-35649 | 0.00 | — | 0.01 | Oct 20, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-2447 | 0.00 | — | 0.01 | Jul 20, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-2446 | 0.00 | — | 0.02 | Jul 20, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-2248 | 0.00 | — | 0.03 | Apr 22, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-2221 | 0.00 | — | 0.02 | Apr 22, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle… | |||
| CVE-2021-2177 | 0.00 | — | 0.03 | Apr 22, 2021 | Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise… | |||
| CVE-2016-0501 | 0.00 | — | 0.02 | Jan 21, 2016 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. | |||
| CVE-2015-2581 | 0.00 | — | 0.02 | Jul 16, 2015 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors related to JServer. | |||
| CVE-2014-6459 | 0.00 | — | 0.02 | Oct 15, 2014 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and… | |||
| CVE-2014-2476 | 0.00 | — | 0.01 | Oct 15, 2014 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and… | |||
| CVE-2014-2475 | 0.00 | — | 0.02 | Oct 15, 2014 | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv). |
- risk 0.65cvss 9.8epss 0.20
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
- risk 0.64cvss 9.1epss 0.57
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment…
- risk 0.64cvss 9.8epss 0.05
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.
- risk 0.63cvss 9.6epss 0.02
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.
- risk 0.53cvss 7.5epss 0.57
The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a…
- CVE-2014-0226Jul 20, 2014risk 0.10cvss —epss 0.86
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers…
- CVE-2018-19439Dec 13, 2018risk 0.03cvss —epss 0.21
XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle…
- CVE-2014-0098Mar 18, 2014risk 0.02cvss —epss 0.26
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.
- CVE-2021-35650Oct 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-35649Oct 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-2447Jul 20, 2021risk 0.00cvss —epss 0.01
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-2446Jul 20, 2021risk 0.00cvss —epss 0.02
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-2248Apr 22, 2021risk 0.00cvss —epss 0.03
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-2221Apr 22, 2021risk 0.00cvss —epss 0.02
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle…
- CVE-2021-2177Apr 22, 2021risk 0.00cvss —epss 0.03
Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise…
- CVE-2016-0501Jan 21, 2016risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core.
- CVE-2015-2581Jul 16, 2015risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors related to JServer.
- CVE-2014-6459Oct 15, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and…
- CVE-2014-2476Oct 15, 2014risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and…
- CVE-2014-2475Oct 15, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv).
Page 1 of 2