Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-2628 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthe
|
04-10-2024 - 13:35 | 19-04-2018 - 02:29 | |
CVE-2017-17562 | 6.8 |
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler fu
|
24-07-2024 - 16:51 | 12-12-2017 - 19:29 | |
CVE-2017-12617 | 6.8 |
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
|
16-07-2024 - 17:58 | 04-10-2017 - 01:29 | |
CVE-2015-7501 | 10.0 |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x
|
16-02-2024 - 13:15 | 09-11-2017 - 17:29 | |
CVE-2017-15095 | 7.5 |
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
|
13-09-2023 - 14:23 | 06-02-2018 - 15:29 | |
CVE-2017-7525 | 7.5 |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
|
08-06-2023 - 17:57 | 06-02-2018 - 15:29 | |
CVE-2018-2844 | 4.6 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
15-03-2023 - 01:15 | 19-04-2018 - 02:29 | |
CVE-2016-6303 | 7.5 |
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect
|
12-02-2023 - 23:24 | 16-09-2016 - 05:59 | |
CVE-2016-2183 | 5.0 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
|
12-02-2023 - 23:17 | 01-09-2016 - 00:59 | |
CVE-2017-3735 | 5.0 |
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of Op
|
13-12-2022 - 12:15 | 28-08-2017 - 19:29 | |
CVE-2016-6308 | 7.1 |
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6302 | 5.0 |
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-6307 | 4.3 |
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6306 | 4.3 |
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6304 | 7.8 |
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-6305 | 5.0 |
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
|
13-12-2022 - 12:15 | 26-09-2016 - 19:59 | |
CVE-2016-2179 | 5.0 |
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2181 | 5.0 |
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2182 | 7.5 |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot
|
13-12-2022 - 12:15 | 16-09-2016 - 05:59 | |
CVE-2016-2178 | 2.1 |
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
|
13-12-2022 - 12:15 | 20-06-2016 - 01:59 | |
CVE-2016-2177 | 7.5 |
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
|
13-12-2022 - 12:15 | 20-06-2016 - 01:59 | |
CVE-2016-2180 | 5.0 |
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra
|
13-12-2022 - 12:15 | 01-08-2016 - 02:59 | |
CVE-2018-2771 | 3.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
|
29-11-2022 - 03:04 | 19-04-2018 - 02:29 | |
CVE-2018-2799 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabil
|
06-10-2022 - 18:56 | 19-04-2018 - 02:29 | |
CVE-2018-2783 | 5.8 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit v
|
06-10-2022 - 18:56 | 19-04-2018 - 02:29 | |
CVE-2018-2813 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
|
29-08-2022 - 20:52 | 19-04-2018 - 02:29 | |
CVE-2017-3738 | 4.3 |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
|
19-08-2022 - 11:49 | 07-12-2017 - 16:29 | |
CVE-2018-2781 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged a
|
19-08-2022 - 09:41 | 19-04-2018 - 02:29 | |
CVE-2018-2759 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
|
19-08-2022 - 09:40 | 19-04-2018 - 02:29 | |
CVE-2018-2777 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
|
19-08-2022 - 09:40 | 19-04-2018 - 02:29 | |
CVE-2018-2810 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
|
19-08-2022 - 09:37 | 19-04-2018 - 02:29 | |
CVE-2016-7052 | 5.0 |
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
|
16-08-2022 - 13:17 | 26-09-2016 - 19:59 | |
CVE-2018-2761 | 4.3 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated a
|
04-08-2022 - 19:50 | 19-04-2018 - 02:29 | |
CVE-2018-2819 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with
|
01-08-2022 - 15:42 | 19-04-2018 - 02:29 | |
CVE-2018-2817 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
|
01-08-2022 - 15:28 | 19-04-2018 - 02:29 | |
CVE-2018-2782 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
|
01-08-2022 - 15:11 | 19-04-2018 - 02:29 | |
CVE-2018-2784 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
|
01-08-2022 - 15:00 | 19-04-2018 - 02:29 | |
CVE-2018-2755 | 3.7 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticat
|
19-07-2022 - 17:02 | 19-04-2018 - 02:29 | |
CVE-2018-2766 | 6.8 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
19-07-2022 - 16:40 | 19-04-2018 - 02:29 | |
CVE-2018-2786 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
|
13-07-2022 - 14:14 | 19-04-2018 - 02:29 | |
CVE-2018-2787 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
13-07-2022 - 14:10 | 19-04-2018 - 02:29 | |
CVE-2018-2797 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2811 | 3.7 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2815 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2798 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2790 | 2.6 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unau
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2814 | 5.1 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unaut
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2796 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vul
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2794 | 3.7 |
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated att
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2795 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2018-2800 | 4.0 |
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit
|
13-05-2022 - 14:57 | 19-04-2018 - 02:29 | |
CVE-2014-0054 | 6.8 |
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct
|
11-04-2022 - 17:36 | 17-04-2014 - 14:55 | |
CVE-2016-5007 | 5.0 |
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching me
|
11-04-2022 - 17:18 | 25-05-2017 - 17:29 | |
CVE-2016-9878 | 5.0 |
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
|
11-04-2022 - 17:18 | 29-12-2016 - 09:59 | |
CVE-2017-5645 | 7.5 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
04-04-2022 - 16:53 | 17-04-2017 - 21:59 | |
CVE-2017-5753 | 4.7 |
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
|
23-11-2021 - 22:14 | 04-01-2018 - 13:29 | |
CVE-2018-0739 | 4.3 |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
|
20-07-2021 - 23:15 | 27-03-2018 - 21:29 | |
CVE-2016-3092 | 7.8 |
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
|
17-07-2021 - 08:15 | 04-07-2016 - 22:59 | |
CVE-2017-9798 | 5.0 |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
|
06-06-2021 - 11:15 | 18-09-2017 - 15:29 | |
CVE-2018-7489 | 7.5 |
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c
|
25-03-2021 - 01:15 | 26-02-2018 - 15:29 | |
CVE-2018-2587 | 5.8 |
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthentica
|
30-01-2021 - 02:37 | 19-04-2018 - 02:29 | |
CVE-2017-13080 | 2.9 |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
|
10-11-2020 - 21:15 | 17-10-2017 - 13:29 | |
CVE-2018-2765 | 5.0 |
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows una
|
02-11-2020 - 16:15 | 19-04-2018 - 02:29 | |
CVE-2017-5662 | 7.9 |
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable ap
|
20-10-2020 - 22:15 | 18-04-2017 - 14:59 | |
CVE-2018-2868 | 5.0 |
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2820 | 4.0 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker w
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2863 | 4.0 |
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged a
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2858 | 5.0 |
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows unaut
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2867 | 5.0 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allo
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2864 | 5.0 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allo
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2018-2869 | 5.0 |
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
|
24-08-2020 - 17:37 | 19-04-2018 - 02:29 | |
CVE-2016-6814 | 7.5 |
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
|
15-07-2020 - 03:15 | 18-01-2018 - 18:29 | |
CVE-2016-5019 | 7.5 |
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
|
15-07-2020 - 03:15 | 03-10-2016 - 18:59 | |
CVE-2018-2839 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
|
16-06-2020 - 17:12 | 19-04-2018 - 02:29 | |
CVE-2018-2860 | 4.6 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with log
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2849 | 4.0 |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerabil
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2843 | 4.6 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2873 | 5.0 |
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2862 | 5.5 |
Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privil
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2855 | 5.5 |
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerabilit
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2838 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1. Easily exploitable vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2833 | 5.5 |
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.7, 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2829 | 7.5 |
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attac
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2824 | 4.0 |
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privi
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2801 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wit
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2773 | 1.9 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2859 | 5.8 |
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easil
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2851 | 5.5 |
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows l
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2836 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2807 | 5.8 |
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows unauthentica
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2802 | 5.5 |
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows low privileged atta
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2738 | 6.4 |
Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2572 | 5.8 |
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.1.1.6, 6.2.0.0 and 6.2.1.0. Easily exploitable vulnera
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2878 | 5.8 |
Vulnerability in the PeopleSoft Enterprise HCM Shared Components component of Oracle PeopleSoft Products (subcomponent: Notepad). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with net
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2818 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2806 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2770 | 4.9 |
Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network a
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2831 | 2.1 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2017-5664 | 5.0 |
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
|
03-10-2019 - 00:03 | 06-06-2017 - 14:29 | |
CVE-2018-2876 | 6.8 |
Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2841 | 6.0 |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure priv
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2821 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated att
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2747 | 4.0 |
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2865 | 5.0 |
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploit
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2857 | 6.5 |
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low p
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2848 | 5.0 |
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unaut
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2752 | 4.9 |
Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HT
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2772 | 6.5 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged atta
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2830 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2804 | 5.8 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2789 | 4.0 |
Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2763 | 2.1 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where S
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2754 | 3.6 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructur
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2788 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with n
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2846 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access vi
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2842 | 4.6 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2837 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2834 | 4.4 |
Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 12.2.4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon t
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2828 | 6.0 |
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2823 | 4.0 |
Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with netw
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2816 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2785 | 4.3 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2749 | 4.9 |
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2870 | 6.4 |
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2856 | 5.5 |
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easil
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2791 | 5.8 |
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2774 | 7.5 |
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2750 | 6.8 |
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated atta
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2746 | 5.5 |
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2866 | 5.0 |
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploit
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2850 | 7.5 |
Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2826 | 5.1 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2809 | 4.3 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthen
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2737 | 6.4 |
Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.3.8, 2.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2871 | 6.4 |
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2827 | 6.0 |
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Profile). The supported version that is affected is 8.x. Easily exploitable vulnerability allows low privileged attacker with network access vi
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2753 | 2.6 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastruc
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2852 | 5.5 |
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with net
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2835 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2812 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2803 | 5.5 |
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with n
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2792 | 5.5 |
Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with net
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2760 | 4.3 |
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network a
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2742 | 7.5 |
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated at
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2847 | 4.0 |
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attac
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2764 | 7.8 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2739 | 5.8 |
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticate
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2832 | 5.0 |
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate.
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2822 | 4.6 |
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastr
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2756 | 4.9 |
Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2872 | 5.0 |
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2861 | 6.4 |
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2853 | 5.5 |
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2825 | 5.1 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2793 | 2.1 |
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2768 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2563 | 4.9 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2879 | 6.8 |
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated atta
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2874 | 1.9 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Applic
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2854 | 5.8 |
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerabilit
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2845 | 4.6 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2840 | 6.8 |
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.5.11, 7.0.6, 7.1.6, 15.0.1 and 16.0.2. Easily exploitable vulnerability allow
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2018-2748 | 5.8 |
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 19-04-2018 - 02:29 | |
CVE-2017-3737 | 4.3 |
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue
|
03-10-2019 - 00:03 | 07-12-2017 - 16:29 | |
CVE-2017-13077 | 5.4 |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
|
03-10-2019 - 00:03 | 17-10-2017 - 02:29 | |
CVE-2017-13082 | 5.8 |
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt,
|
03-10-2019 - 00:03 | 17-10-2017 - 13:29 | |
CVE-2017-13078 | 2.9 |
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
|
03-10-2019 - 00:03 | 17-10-2017 - 13:29 | |
CVE-2017-15707 | 5.0 |
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
|
26-04-2019 - 15:19 | 01-12-2017 - 16:29 | |
CVE-2017-3736 | 4.0 |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very
|
23-04-2019 - 19:30 | 02-11-2017 - 17:29 | |
CVE-2016-0635 | 9.0 |
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.
|
23-04-2019 - 19:29 | 21-07-2016 - 10:12 | |
CVE-2017-7674 | 4.3 |
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poi
|
15-04-2019 - 16:31 | 11-08-2017 - 02:29 | |
CVE-2016-8745 | 5.0 |
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the
|
15-04-2019 - 16:30 | 10-08-2017 - 22:29 | |
CVE-2015-7940 | 5.0 |
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "
|
16-01-2019 - 19:29 | 09-11-2015 - 16:59 | |
CVE-2018-2776 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCo
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2775 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2780 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2779 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2762 | 2.1 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2758 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacke
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2769 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2018-2778 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
|
27-11-2018 - 11:29 | 19-04-2018 - 02:29 | |
CVE-2016-3506 | 6.8 |
Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3
|
19-07-2018 - 01:29 | 21-07-2016 - 10:12 | |
CVE-2016-6309 | 10.0 |
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
|
12-07-2018 - 01:29 | 26-09-2016 - 19:59 | |
CVE-2018-2808 | 4.7 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
|
27-04-2018 - 14:17 | 19-04-2018 - 02:29 | |
CVE-2018-2805 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro
|
27-04-2018 - 13:20 | 19-04-2018 - 02:29 | |
CVE-2018-2877 | 1.9 |
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerabili
|
27-04-2018 - 13:07 | 19-04-2018 - 02:29 | |
CVE-2018-2718 | 7.8 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to com
|
25-04-2018 - 16:38 | 19-04-2018 - 02:29 | |
CVE-2013-1768 | 7.5 |
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for rem
|
20-04-2018 - 01:29 | 11-07-2013 - 22:55 |