Oracle Secure Global Desktop — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Secure Global Desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2021-2177 — CVSS 10.0 (critical): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version that is…
CVE-2021-2248 — CVSS 10.0 (critical): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is…
CVE-2021-2447 — CVSS 9.9 (critical): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is…
CVE-2017-3167 — CVSS 9.8 (critical): In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the…
CVE-2019-3822 — CVSS 9.8 (critical): libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM…
CVE-2016-3613 — CVSS 9.8 (critical): Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote…
CVE-2021-2221 — CVSS 9.6 (critical): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is…
CVE-2021-2446 — CVSS 9.6 (critical): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is…
CVE-2016-5580 — CVSS 9.6 (critical): Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to…
CVE-2017-9788 — CVSS 9.1 (critical): In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not…
CVE-2019-0227 — CVSS 7.5 (high): A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and…
CVE-2017-7668 — CVSS 7.5 (high): The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows…
CVE-2018-16890 — CVSS 7.5 (high): libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2…
CVE-2021-3450 — CVSS 7.4 (high): The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by…
CVE-2014-0226 — CVSS 6.8 (medium): Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service…
CVE-2013-2064 — CVSS 6.8 (medium): Integer overflow in X.org libxcb 1.9 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via…
CVE-2019-17091 — CVSS 6.1 (medium): faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer…
CVE-2019-10092 — CVSS 6.1 (medium): In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could…
CVE-2018-19439 — CVSS 6.1 (medium): XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including…
CVE-2018-8032 — CVSS 6.1 (medium): Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-11763 — CVSS 5.9 (medium): In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and…
CVE-2019-1559 — CVSS 5.9 (medium): If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive…
CVE-2018-1304 — CVSS 5.9 (medium): The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to…
CVE-2018-0735 — CVSS 5.9 (medium): The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in…
CVE-2021-3449 — CVSS 5.9 (medium): An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation…
CVE-2021-35649 — CVSS 5.4 (medium): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Server). The supported version that is…
CVE-2021-33037 — CVSS 5.3 (medium): Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header…
CVE-2016-0501 — CVSS 5.0 (medium): Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect…
CVE-2014-0098 — CVSS 5.0 (medium): The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to…
CVE-2021-35650 — CVSS 4.6 (medium): Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is…
CVE-2019-3823 — CVSS 4.3 (medium): libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for…
CVE-2018-11784 — CVSS 4.3 (medium): When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a…