Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-8034 | 5.0 |
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
|
21-10-2024 - 16:35 | 01-08-2018 - 18:29 | |
CVE-2017-7805 | 5.0 |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
|
21-10-2024 - 13:11 | 11-06-2018 - 21:29 | |
CVE-2016-9842 | 6.8 |
The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.
|
28-08-2024 - 16:07 | 23-05-2017 - 04:29 | |
CVE-2018-11776 | 9.3 |
Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time
|
25-07-2024 - 14:48 | 22-08-2018 - 13:29 | |
CVE-2016-3739 | 2.6 |
The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) polarssl_connect_step1 function in lib/vtls/polarssl.c in cURL and libcurl before 7.49.0, when using SSLv3 or making a TLS connection to a URL that uses a numerical IP address, allow r
|
01-05-2024 - 17:15 | 20-05-2016 - 14:59 | |
CVE-2016-2107 | 2.6 |
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against
|
16-02-2024 - 19:19 | 05-05-2016 - 01:59 | |
CVE-2015-7501 | 10.0 |
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x
|
16-02-2024 - 13:15 | 09-11-2017 - 17:29 | |
CVE-2015-0235 | 10.0 |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
|
14-02-2024 - 01:17 | 28-01-2015 - 19:59 | |
CVE-2018-8013 | 7.5 |
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before
|
07-01-2024 - 11:15 | 24-05-2018 - 16:29 | |
CVE-2017-15095 | 7.5 |
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
|
13-09-2023 - 14:23 | 06-02-2018 - 15:29 | |
CVE-2017-7525 | 7.5 |
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
|
08-06-2023 - 17:57 | 06-02-2018 - 15:29 | |
CVE-2018-3145 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pr
|
31-05-2023 - 13:36 | 17-10-2018 - 01:31 | |
CVE-2018-3137 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
|
31-05-2023 - 13:36 | 17-10-2018 - 01:31 | |
CVE-2018-3170 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
|
31-05-2023 - 13:36 | 17-10-2018 - 01:31 | |
CVE-2018-3182 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple proto
|
31-05-2023 - 13:32 | 17-10-2018 - 01:31 | |
CVE-2018-3280 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
|
31-05-2023 - 13:24 | 17-10-2018 - 01:31 | |
CVE-2018-3203 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
|
31-05-2023 - 13:24 | 17-10-2018 - 01:31 | |
CVE-2018-3279 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
|
31-05-2023 - 13:24 | 17-10-2018 - 01:31 | |
CVE-2018-3212 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access vi
|
31-05-2023 - 13:24 | 17-10-2018 - 01:31 | |
CVE-2018-3195 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
|
31-05-2023 - 13:22 | 17-10-2018 - 01:31 | |
CVE-2018-3186 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
|
31-05-2023 - 13:21 | 17-10-2018 - 01:31 | |
CVE-2018-3285 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple
|
31-05-2023 - 13:21 | 17-10-2018 - 01:31 | |
CVE-2018-3286 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access v
|
31-05-2023 - 13:19 | 17-10-2018 - 01:31 | |
CVE-2014-7817 | 4.6 |
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
|
13-02-2023 - 00:42 | 24-11-2014 - 15:59 | |
CVE-2014-0114 | 7.5 |
Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "m
|
13-02-2023 - 00:32 | 30-04-2014 - 10:49 | |
CVE-2015-0252 | 5.0 |
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
|
05-02-2023 - 21:10 | 24-03-2015 - 17:59 | |
CVE-2017-3735 | 5.0 |
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of Op
|
13-12-2022 - 12:15 | 28-08-2017 - 19:29 | |
CVE-2018-3174 | 1.9 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows
|
06-12-2022 - 21:33 | 17-10-2018 - 01:31 | |
CVE-2018-3284 | 3.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access
|
06-12-2022 - 21:21 | 17-10-2018 - 01:31 | |
CVE-2018-3282 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability
|
08-11-2022 - 19:32 | 17-10-2018 - 01:31 | |
CVE-2017-3738 | 4.3 |
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
|
19-08-2022 - 11:49 | 07-12-2017 - 16:29 | |
CVE-2018-3162 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
19-08-2022 - 09:38 | 17-10-2018 - 01:31 | |
CVE-2018-3200 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
19-08-2022 - 09:24 | 17-10-2018 - 01:31 | |
CVE-2018-3277 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
19-08-2022 - 09:24 | 17-10-2018 - 01:31 | |
CVE-2018-3173 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
19-08-2022 - 09:16 | 17-10-2018 - 01:31 | |
CVE-2016-9840 | 6.8 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
16-08-2022 - 13:16 | 23-05-2017 - 04:29 | |
CVE-2016-9841 | 7.5 |
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
|
16-08-2022 - 13:02 | 23-05-2017 - 04:29 | |
CVE-2016-9843 | 7.5 |
The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
|
16-08-2022 - 13:02 | 23-05-2017 - 04:29 | |
CVE-2018-0732 | 5.0 |
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
|
16-08-2022 - 13:00 | 12-06-2018 - 13:29 | |
CVE-2018-3251 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
|
04-08-2022 - 19:34 | 17-10-2018 - 01:31 | |
CVE-2018-3156 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
|
04-08-2022 - 19:33 | 17-10-2018 - 01:31 | |
CVE-2018-3143 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with
|
04-08-2022 - 19:31 | 17-10-2018 - 01:31 | |
CVE-2018-3133 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows lo
|
01-08-2022 - 15:46 | 17-10-2018 - 01:31 | |
CVE-2016-1000031 | 7.5 |
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
|
25-07-2022 - 18:15 | 25-10-2016 - 14:29 | |
CVE-2018-3185 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
|
13-07-2022 - 14:11 | 17-10-2018 - 01:31 | |
CVE-2018-14048 | 4.3 |
An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.
|
27-06-2022 - 17:35 | 13-07-2018 - 16:29 | |
CVE-2018-13785 | 4.3 |
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service.
|
27-06-2022 - 17:35 | 09-07-2018 - 13:29 | |
CVE-2018-3139 | 2.6 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows un
|
27-06-2022 - 17:34 | 17-10-2018 - 01:31 | |
CVE-2018-3136 | 2.6 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unau
|
27-06-2022 - 17:34 | 17-10-2018 - 01:31 | |
CVE-2018-3180 | 6.8 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
|
27-06-2022 - 17:33 | 17-10-2018 - 01:31 | |
CVE-2018-3169 | 5.1 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthentica
|
27-06-2022 - 17:33 | 17-10-2018 - 01:31 | |
CVE-2018-3149 | 5.1 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit v
|
27-06-2022 - 17:33 | 17-10-2018 - 01:31 | |
CVE-2018-3183 | 6.8 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Scripting). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerabil
|
27-06-2022 - 17:33 | 17-10-2018 - 01:31 | |
CVE-2018-3209 | 5.1 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
|
27-06-2022 - 17:32 | 17-10-2018 - 01:31 | |
CVE-2018-3211 | 3.3 |
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged
|
27-06-2022 - 17:32 | 17-10-2018 - 01:31 | |
CVE-2018-3214 | 5.0 |
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulner
|
27-06-2022 - 17:27 | 17-10-2018 - 01:31 | |
CVE-2018-1275 | 7.5 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma
|
23-06-2022 - 16:35 | 11-04-2018 - 13:29 | |
CVE-2018-1272 | 6.0 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a r
|
23-06-2022 - 16:33 | 06-04-2018 - 13:29 | |
CVE-2018-1271 | 4.3 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file s
|
23-06-2022 - 16:33 | 06-04-2018 - 13:29 | |
CVE-2018-1257 | 4.0 |
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A
|
23-06-2022 - 16:31 | 11-05-2018 - 20:29 | |
CVE-2018-1270 | 7.5 |
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A ma
|
23-06-2022 - 16:31 | 06-04-2018 - 13:29 | |
CVE-2018-11040 | 4.3 |
Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controlle
|
23-06-2022 - 16:31 | 25-06-2018 - 15:29 | |
CVE-2018-11039 | 4.3 |
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring
|
23-06-2022 - 16:30 | 25-06-2018 - 15:29 | |
CVE-2018-1258 | 6.5 |
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted
|
11-04-2022 - 17:18 | 11-05-2018 - 20:29 | |
CVE-2017-5645 | 7.5 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
04-04-2022 - 16:53 | 17-04-2017 - 21:59 | |
CVE-2017-5715 | 1.9 |
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
|
16-08-2021 - 09:15 | 04-01-2018 - 13:29 | |
CVE-2017-14735 | 4.3 |
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.
|
20-07-2021 - 23:15 | 25-09-2017 - 21:29 | |
CVE-2018-0737 | 4.3 |
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
|
20-07-2021 - 23:15 | 16-04-2018 - 18:29 | |
CVE-2018-0739 | 4.3 |
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
|
20-07-2021 - 23:15 | 27-03-2018 - 21:29 | |
CVE-2016-9586 | 6.8 |
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary
|
29-06-2021 - 15:15 | 23-04-2018 - 18:29 | |
CVE-2016-8623 | 5.0 |
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
|
29-06-2021 - 15:15 | 01-08-2018 - 06:29 | |
CVE-2016-8624 | 5.0 |
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for
|
29-06-2021 - 15:15 | 31-07-2018 - 21:29 | |
CVE-2016-8615 | 5.0 |
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
|
29-06-2021 - 15:15 | 01-08-2018 - 06:29 | |
CVE-2016-8617 | 4.4 |
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
|
29-06-2021 - 15:15 | 31-07-2018 - 22:29 | |
CVE-2017-9798 | 5.0 |
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
|
06-06-2021 - 11:15 | 18-09-2017 - 15:29 | |
CVE-2018-7489 | 7.5 |
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c
|
25-03-2021 - 01:15 | 26-02-2018 - 15:29 | |
CVE-2015-9251 | 4.3 |
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
08-01-2021 - 12:15 | 18-01-2018 - 23:29 | |
CVE-2018-3237 | 5.0 |
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Support Cart). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows un
|
24-08-2020 - 17:37 | 17-10-2018 - 01:31 | |
CVE-2018-2913 | 7.5 |
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Monitoring Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker
|
24-08-2020 - 17:37 | 17-10-2018 - 01:31 | |
CVE-2018-2902 | 4.0 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console). Supported versions that are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network ac
|
24-08-2020 - 17:37 | 17-10-2018 - 01:31 | |
CVE-2018-1000300 | 7.5 |
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection wit
|
24-08-2020 - 17:37 | 24-05-2018 - 13:29 | |
CVE-2018-0733 | 4.3 |
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is effectively reduced to only comparing the least significant bit of each byte. This allows an attacker to forge messages that would be considered as authenticated in an amount of t
|
24-08-2020 - 17:37 | 27-03-2018 - 21:29 | |
CVE-2016-6814 | 7.5 |
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
|
15-07-2020 - 03:15 | 18-01-2018 - 18:29 | |
CVE-2016-5019 | 7.5 |
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
|
15-07-2020 - 03:15 | 03-10-2016 - 18:59 | |
CVE-2016-4000 | 7.5 |
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
|
15-07-2020 - 03:15 | 06-07-2017 - 16:29 | |
CVE-2016-1181 | 6.8 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart reques
|
15-07-2020 - 03:15 | 04-07-2016 - 22:59 | |
CVE-2016-1182 | 6.4 |
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related iss
|
15-07-2020 - 03:15 | 04-07-2016 - 22:59 | |
CVE-2016-5421 | 6.8 |
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors.
|
08-05-2020 - 17:43 | 10-08-2016 - 14:59 | |
CVE-2016-8616 | 4.3 |
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for
|
09-10-2019 - 23:20 | 01-08-2018 - 06:29 | |
CVE-2016-8619 | 7.5 |
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
|
09-10-2019 - 23:20 | 01-08-2018 - 06:29 | |
CVE-2016-8620 | 7.5 |
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
|
09-10-2019 - 23:20 | 01-08-2018 - 06:29 | |
CVE-2018-3268 | 5.0 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to co
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3255 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3295 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3269 | 4.0 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: SMB Server). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to com
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3254 | 5.0 |
Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticat
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3246 | 5.0 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3228 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3192 | 6.5 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with networ
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3181 | 2.1 |
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). The supported version that is affected is 8.0. Easily exploitable vulnerability allows low pri
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3151 | 5.0 |
Vulnerability in the Oracle iProcurement component of Oracle E-Business Suite (subcomponent: E-Content Manager Catalog). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vu
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3141 | 5.0 |
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3287 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3273 | 8.8 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with netw
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3261 | 5.0 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3234 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3213 | 5.0 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Docker Images). The supported version that is affected is prior to Docker 12.2.1.3.20180913. Easily exploitable vulnerability allows unauthenticated atta
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3207 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3201 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3301 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attack
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3275 | 8.8 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LibKMIP). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple p
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3259 | 7.5 |
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protoco
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3235 | 5.8 |
Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenti
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3220 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3190 | 5.8 |
Vulnerability in the Oracle E-Business Intelligence component of Oracle E-Business Suite (subcomponent: Overview Page/Report Rendering). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unaut
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3176 | 5.8 |
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3249 | 4.0 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network acc
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3242 | 5.8 |
Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulner
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3227 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3218 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3206 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3168 | 5.5 |
Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware (subcomponent: Core Components). The supported version that is affected is 11.1.1.5.8. Easily exploitable vulnerability allows low privileged attacker with network a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3140 | 5.8 |
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3132 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3011 | 5.8 |
Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerabi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2922 | 1.9 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure whe
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3274 | 6.3 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to comprom
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3263 | 6.8 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple prot
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3239 | 5.0 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacke
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3226 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3217 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3161 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3244 | 5.0 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vuln
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3231 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3221 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3204 | 5.8 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3198 | 5.0 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3188 | 5.8 |
Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Web interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3178 | 5.8 |
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3158 | 5.5 |
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privile
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3153 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3126 | 6.0 |
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xenvironment). Supported versions that are affected are 15.0.2, 16.0.4 and 17.0.2. Difficult to exploit vulnerability allows high privil
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2971 | 4.0 |
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: REST Services). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2909 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3298 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3283 | 3.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3292 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3265 | 4.4 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure whe
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3238 | 4.9 |
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3289 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3276 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3262 | 4.3 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3250 | 5.8 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3243 | 5.8 |
Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: None). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3229 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3219 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3210 | 5.0 |
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3187 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3177 | 5.8 |
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3297 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3163 | 6.4 |
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows unauthentic
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3157 | 4.3 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to co
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3142 | 4.0 |
Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows low privileged attacker with network a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3134 | 2.6 |
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). The supported version that is affected is 6.2.0.0. Difficult to exploit vulnerability al
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3128 | 5.5 |
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3115 | 6.0 |
Vulnerability in the Oracle Retail Sales Audit component of Oracle Retail Applications (subcomponent: Operational Insights). Supported versions that are affected are 15.0 and 16.0. Difficult to exploit vulnerability allows low privileged attacker wit
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3281 | 5.8 |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8.
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3127 | 4.3 |
Vulnerability in the Oracle Demantra Demand Management component of Oracle Supply Chain Products Suite (subcomponent: Product Security). Supported versions that are affected are 7.3.5 and 12.2. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3288 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3175 | 5.8 |
Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3148 | 5.8 |
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 15.1, 15.2, 16.1, 16.2, 17.1-17.12 and 18.1-18.8. Easily exploitable vulnerability allo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3138 | 5.8 |
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vuln
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3131 | 3.6 |
Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker having Report privilege with l
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3122 | 4.9 |
Vulnerability in the Oracle Retail Open Commerce Platform component of Oracle Retail Applications (subcomponent: Integrations). Supported versions that are affected are 6.0, 6.0.1 and 5.3. Difficult to exploit vulnerability allows low privileged atta
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3290 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3197 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3189 | 5.8 |
Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: Outcome-Result). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3179 | 6.4 |
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3059 | 5.8 |
Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 18.7, 18.8 and 18.9. Easily exploitable vulnerability allows unauthenticated attacker with network access vi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2889 | 5.0 |
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations). The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3266 | 4.4 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastruc
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3253 | 6.0 |
Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Manager). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privilege
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3241 | 5.8 |
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 8.4, 15.1, 15.2, 16.1, 16.2, 17.7 - 17.12 and 18.8.
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3225 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3155 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3150 | 4.3 |
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Utility). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-8014 | 7.5 |
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter
|
03-10-2019 - 00:03 | 16-05-2018 - 16:29 | |
CVE-2018-3264 | 3.6 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3230 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3215 | 5.8 |
Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Supported versions that are affected are 3.1.0 and 3.2.0. Easily exploitable vulnerability allows unauthenticate
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2887 | 6.4 |
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 13.0.0 and 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3171 | 4.9 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Partition). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows high privileged attacker with net
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3159 | 3.6 |
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged at
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3154 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3144 | 4.3 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Difficult to exploit vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3293 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-2911 | 6.8 |
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network acces
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3294 | 6.0 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows low privileged attacker with network access via VRDP
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3278 | 4.0 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacke
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3271 | 4.7 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastruct
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3258 | 6.5 |
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3233 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3152 | 5.0 |
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access v
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3291 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3208 | 4.0 |
Vulnerability in the Hyperion Data Relationship Management component of Oracle Hyperion (subcomponent: Access and Security). The supported version that is affected is 11.1.2.4.345. Easily exploitable vulnerability allows low privileged attacker with
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3202 | 5.0 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Performance Monitor). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attack
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3193 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3184 | 3.5 |
Vulnerability in the Hyperion BI+ component of Oracle Hyperion (subcomponent: IQR - Foundation Services). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTT
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3166 | 4.0 |
Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privile
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3267 | 5.0 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LFTP). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via FTP to compromi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3252 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3224 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3205 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3196 | 5.8 |
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dashboard). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vuln
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3164 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2017-7407 | 2.1 |
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argum
|
03-10-2019 - 00:03 | 03-04-2017 - 20:59 | |
CVE-2018-3302 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3222 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3135 | 4.3 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3129 | 4.3 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3272 | 4.9 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with log
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3257 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attack
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3236 | 5.5 |
Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: Reports). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows high privile
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3223 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3191 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3167 | 5.0 |
Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily expl
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3160 | 4.4 |
Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC Admin, OHC Management). The supported version that is affected is 8.0. Easily exploitable vulnerabilit
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3299 | 5.8 |
Vulnerability in the Oracle Text component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocol
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3247 | 5.5 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attac
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3146 | 5.8 |
Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3130 | 5.5 |
Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). The supported version that is affected is 9.1.0.0. Easily exploitable vulnerability allows low privileged attacker
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3296 | 4.4 |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastru
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3270 | 1.2 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure wh
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3256 | 4.3 |
Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerabilit
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3248 | 4.3 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3245 | 7.5 |
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated a
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3232 | 5.8 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3194 | 5.8 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker wi
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3172 | 5.0 |
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via Portmap v3
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3165 | 6.5 |
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2018-3147 | 4.3 |
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker w
|
03-10-2019 - 00:03 | 17-10-2018 - 01:31 | |
CVE-2017-5533 | 5.0 |
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and
|
03-10-2019 - 00:03 | 15-11-2017 - 21:29 | |
CVE-2018-1304 | 4.3 |
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti
|
03-10-2019 - 00:03 | 28-02-2018 - 20:29 | |
CVE-2018-1305 | 4.0 |
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap
|
03-10-2019 - 00:03 | 23-02-2018 - 23:29 | |
CVE-2018-1000301 | 6.4 |
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP
|
03-10-2019 - 00:03 | 24-05-2018 - 13:29 | |
CVE-2018-1000122 | 6.4 |
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
|
03-10-2019 - 00:03 | 14-03-2018 - 18:29 | |
CVE-2018-1000121 | 5.0 |
A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service
|
23-07-2019 - 23:15 | 14-03-2018 - 18:29 | |
CVE-2018-1000120 | 7.5 |
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.
|
18-06-2019 - 22:15 | 14-03-2018 - 18:29 | |
CVE-2017-3736 | 4.0 |
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very
|
23-04-2019 - 19:30 | 02-11-2017 - 17:29 | |
CVE-2016-0635 | 9.0 |
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.
|
23-04-2019 - 19:29 | 21-07-2016 - 10:12 | |
CVE-2016-5244 | 5.0 |
The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.
|
22-04-2019 - 17:48 | 27-06-2016 - 10:59 | |
CVE-2018-8037 | 4.3 |
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
|
15-04-2019 - 16:31 | 02-08-2018 - 14:29 | |
CVE-2014-3490 | 7.5 |
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows
|
21-03-2019 - 14:22 | 19-08-2014 - 18:55 | |
CVE-2016-5419 | 5.0 |
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session.
|
13-11-2018 - 11:29 | 10-08-2016 - 14:59 | |
CVE-2016-8618 | 7.5 |
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
|
13-11-2018 - 11:29 | 31-07-2018 - 21:29 | |
CVE-2016-8621 | 5.0 |
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
|
13-11-2018 - 11:29 | 31-07-2018 - 22:29 | |
CVE-2016-7167 | 7.5 |
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a h
|
13-11-2018 - 11:29 | 07-10-2016 - 14:59 | |
CVE-2016-5420 | 5.0 |
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a diffe
|
13-11-2018 - 11:29 | 10-08-2016 - 14:59 | |
CVE-2016-8622 | 7.5 |
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32
|
13-11-2018 - 11:29 | 31-07-2018 - 21:29 | |
CVE-2016-7141 | 5.0 |
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file
|
13-11-2018 - 11:29 | 03-10-2016 - 21:59 | |
CVE-2015-3145 | 7.5 |
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via
|
30-10-2018 - 16:27 | 24-04-2015 - 14:59 | |
CVE-2018-2912 | 5.0 |
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
24-10-2018 - 13:27 | 17-10-2018 - 01:31 | |
CVE-2018-2914 | 5.0 |
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo
|
24-10-2018 - 13:20 | 17-10-2018 - 01:31 | |
CVE-2017-5529 | 4.0 |
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (v
|
17-10-2018 - 01:30 | 29-06-2017 - 14:29 | |
CVE-2015-7990 | 5.9 |
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket t
|
17-10-2018 - 01:29 | 28-12-2015 - 11:59 | |
CVE-2015-6937 | 4.9 |
The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was
|
17-10-2018 - 01:29 | 19-10-2015 - 10:59 | |
CVE-2016-5080 | 10.0 |
Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system run
|
17-10-2018 - 01:29 | 19-07-2016 - 22:59 | |
CVE-2015-3237 | 6.4 |
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
CVE-2015-3236 | 5.0 |
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain
|
17-10-2018 - 01:29 | 22-06-2015 - 19:59 | |
CVE-2015-3153 | 5.0 |
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
|
17-10-2018 - 01:29 | 01-05-2015 - 15:59 | |
CVE-2015-3144 | 9.0 |
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via
|
17-10-2018 - 01:29 | 24-04-2015 - 14:59 | |
CVE-2014-0014 | 3.5 |
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging an application using the "{{group}}" Helper and
|
17-10-2018 - 01:29 | 15-02-2018 - 21:29 | |
CVE-2016-0755 | 5.0 |
The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.
|
17-10-2018 - 01:29 | 29-01-2016 - 20:59 | |
CVE-2012-1007 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-co
|
17-10-2018 - 01:29 | 07-02-2012 - 04:09 | |
CVE-2016-0729 | 7.5 |
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corrupti
|
17-10-2018 - 01:29 | 07-04-2016 - 21:59 |