- Home
- CVEs with nessus.description==The version of Oracle Secure Global Desktop installed on the remote
host is 5.3 and is missing a security patch from the January 2018
Critical Patch Update (CPU). It is, therefore, affected by multiple
vulnerabilities:
- The included OpenSSL library has a off-by-one out-of-bounds read
flaw within the X509v3_addr_get_afi() function of
crypto/x509v3/v3_addr.c when handling the IPAddressFamily
extension of X.509 certificates. A content-dependent attacker,
with a specially crafted request, could potentially read limited
memory information. (CVE-2017-3735)
- The included OpenSSL library has a carry propagating flaw within
the bn_sqrx8x_internal() function in crypto/bn/asm/x86_64-mont5.pl
when handling RSA / DSA encryption. A content-dependent attacker,
with a specially crafted request, could potentially determine the
private key. (CVE-2017-3736)
- The included Apache Log4j contains a flaw due to improper
validation of log events before deserializing. A remote attacker,
with a specially crafted log event, could potentially execute
arbitrary script code. (CVE-2017-5645)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top