Max CVSS 10.0 Min CVSS 1.9 Total Count188
IDCVSSSummaryLast (major) updatePublished
CVE-2018-2879 6.8
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated atta
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2878 5.8
Vulnerability in the PeopleSoft Enterprise HCM Shared Components component of Oracle PeopleSoft Products (subcomponent: Notepad). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with net
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2877 1.9
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: ndbcluster/plugin). Supported versions that are affected are 7.2.27 and prior, 7.3.16 and prior, 7.4.14 and prior and 7.5.5 and prior. Easily exploitable vulnerabili
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2876 6.8
Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2874 1.9
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Applic
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2873 5.0
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2872 5.0
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2871 6.4
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2870 6.4
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2869 5.0
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2868 5.0
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnera
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2867 5.0
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2866 5.0
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2865 5.0
Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2864 5.0
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2863 4.0
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2862 5.5
Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). Supported versions that are affected are 13.3.8, 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows low privil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2861 6.4
Vulnerability in the Oracle Retail Back Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker with
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2860 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows high privileged attacker with log
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2859 5.8
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2858 5.0
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows unaut
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2857 6.5
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems). The supported version that is affected is Prior to 8.7.17. Easily exploitable vulnerability allows low p
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2856 5.5
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2855 5.5
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerabilit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2854 5.8
Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications (subcomponent: Portfolio, Attribution). The supported version that is affected is 8.0.x. Easily exploitable vulnerabilit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2853 5.5
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2852 5.5
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with net
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2851 5.5
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows l
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2850 7.5
Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Fleet Management System Suite). The supported version that is affected is 9.x. Easily exploitable vulnerability allows
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2849 4.0
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Supported versions that are affected are 16.2 and 17.1 - 17.12. Easily exploitable vulnerabil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2848 5.0
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unaut
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2847 4.0
Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attac
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2846 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2845 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2844 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2843 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2842 4.6
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2841 6.0
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure priv
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2840 6.8
Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.5.11, 7.0.6, 7.1.6, 15.0.1 and 16.0.2. Easily exploitable vulnerability allow
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2839 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple prot
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2838 5.8
Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1. Easily exploitable vulnerability allows unauthenticated attacker wi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2837 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2836 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2835 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2834 4.4
Vulnerability in the Oracle Data Visualization Desktop component of Oracle Fusion Middleware (subcomponent: Security). The supported version that is affected is 12.2.4.1.1. Easily exploitable vulnerability allows unauthenticated attacker with logon t
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2833 5.5
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.7, 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2832 5.0
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. The supported version that is affected is 12.2.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GoldenGate.
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2831 2.1
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2830 4.4
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2829 7.5
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). The supported version that is affected is 2.10. Easily exploitable vulnerability allows unauthenticated attac
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2828 6.0
Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2827 6.0
Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Profile). The supported version that is affected is 8.x. Easily exploitable vulnerability allows low privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2826 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2825 5.1
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols t
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2824 4.0
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 2.8, 2.9 and 2.10. Easily exploitable vulnerability allows low privi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2823 4.0
Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Database). The supported version that is affected is 6.4.3. Easily exploitable vulnerability allows low privileged attacker with netw
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2822 4.6
Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: Cluster Geo). The supported version that is affected is 4.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastr
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2821 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated att
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2820 4.0
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged attacker w
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2819 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2818 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2817 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2816 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2815 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2814 5.1
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unaut
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2813 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2812 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2811 3.7
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2810 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2809 4.3
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Homepage & Navigation). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthen
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2808 4.7
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2807 5.8
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Securities). Supported versions that are affected are 11.5.0, 11.6.0 and 11.7.0. Easily exploitable vulnerability allows unauthentica
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2806 5.8
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2805 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.6.39 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple pro
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2804 5.8
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: DB Privileges). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Difficult to exploit vulnerability
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2803 5.5
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with n
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2802 5.5
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 2.8 and 2.9. Easily exploitable vulnerability allows low privileged atta
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2801 5.8
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Image Export SDK). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker wit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2800 4.0
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2799 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabil
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2798 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2797 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2796 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vul
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2795 5.0
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2794 3.7
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162, 10 and JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated att
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2793 2.1
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: PsAdmin). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2792 5.5
Vulnerability in the Hardware Management Pack component of Oracle Sun Systems Products Suite (subcomponent: Ipmitool). The supported version that is affected is Prior to 2.4.3. Easily exploitable vulnerability allows high privileged attacker with net
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2791 5.8
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2790 2.6
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unau
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2789 4.0
Vulnerability in the Siebel Core - Server Framework component of Oracle Siebel CRM (subcomponent: Services). The supported version that is affected is 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2788 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with n
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2787 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2786 5.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2785 4.3
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Stylesheet). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2784 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2783 5.8
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u181, 7u161 and 8u152; Java SE Embedded: 8u152; JRockit: R28.3.17. Difficult to exploit v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2782 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access vi
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2781 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2780 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2779 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2778 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multipl
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2777 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2776 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Group Replication GCS). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via XCo
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2775 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2774 7.5
Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: SQR). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2773 1.9
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2772 6.5
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows low privileged atta
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2771 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Locking). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows high privileged a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2770 4.9
Vulnerability in the Oracle Adaptive Access Manager component of Oracle Fusion Middleware (subcomponent: OAAM Admin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows low privileged attacker with network a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2769 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2768 5.8
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2766 6.8
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2765 5.0
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows una
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2764 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2763 2.1
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NTPD). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where S
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2762 2.1
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructu
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2761 4.3
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2760 4.3
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network a
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2759 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2758 4.0
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacke
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2756 4.9
Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: WebUI). Supported versions that are affected are 7.2.4.3.0, 7.3.0.1.x, 7.3.1.0.7 and 7.3.5.0.x. Easily exploitable
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2755 3.7
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticat
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2754 3.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: ZVNET Driver). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructur
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2753 2.6
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Python modules). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastruc
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2752 4.9
Vulnerability in the PeopleSoft Enterprise HCM component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HT
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2750 6.8
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated atta
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2749 4.9
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2748 5.8
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2747 4.0
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2746 5.5
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0 and 14.0.0. Easily exploitable vulnerability allows
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2742 7.5
Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite (subcomponent: Framework). Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated at
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2739 5.8
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticate
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2738 6.4
Vulnerability in the Oracle Retail Central Office component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated attacker w
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2737 6.4
Vulnerability in the Oracle Retail Returns Management component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 2.3.8, 2.4.9, 14.0.4 and 14.1.3. Easily exploitable vulnerability allows unauthenticated
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2718 7.8
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RPC). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to com
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2628 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthe
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2587 5.8
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Supported versions that are affected are 10.1.4.3.0, 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthentica
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2572 5.8
Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). Supported versions that are affected are 6.1.1.6, 6.2.0.0 and 6.2.1.0. Easily exploitable vulnera
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-2563 4.9
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via
18-04-2018 - 22:29 18-04-2018 - 22:29
CVE-2018-0739 4.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used w
27-03-2018 - 17:29 27-03-2018 - 17:29
CVE-2018-7489 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously c
26-02-2018 - 10:29 26-02-2018 - 10:29
CVE-2017-7525 7.5
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the Obj
06-02-2018 - 10:29 06-02-2018 - 10:29
CVE-2017-15095 7.5
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMappe
06-02-2018 - 10:29 06-02-2018 - 10:29
CVE-2016-6814 7.5
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f
18-01-2018 - 13:29 18-01-2018 - 13:29
CVE-2017-5753 4.7
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
04-01-2018 - 08:29 04-01-2018 - 08:29
CVE-2017-17562 6.8
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler fu
12-12-2017 - 14:29 12-12-2017 - 14:29
CVE-2017-3738 4.3
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult
07-12-2017 - 11:29 07-12-2017 - 11:29
CVE-2017-3737 4.3
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an "error state" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue
07-12-2017 - 11:29 07-12-2017 - 11:29
CVE-2017-15707 5.0
In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload.
01-12-2017 - 11:29 01-12-2017 - 11:29
CVE-2015-7501 10.0
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x
09-11-2017 - 12:29 09-11-2017 - 12:29
CVE-2017-3736 4.0
There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very
02-11-2017 - 13:29 02-11-2017 - 13:29
CVE-2017-13082 5.8
Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt,
17-10-2017 - 09:29 17-10-2017 - 09:29
CVE-2017-13080 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.
17-10-2017 - 09:29 17-10-2017 - 09:29
CVE-2017-13078 2.9
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients.
17-10-2017 - 09:29 17-10-2017 - 09:29
CVE-2017-13077 5.4
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
16-10-2017 - 22:29 16-10-2017 - 22:29
CVE-2017-12617 6.8
When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload
03-10-2017 - 21:29 03-10-2017 - 21:29
CVE-2017-9798 5.0
Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2
18-09-2017 - 11:29 18-09-2017 - 11:29
CVE-2017-3735 5.0
While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of Op
28-08-2017 - 15:29 28-08-2017 - 15:29
CVE-2017-7674 4.3
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poi
10-08-2017 - 22:29 10-08-2017 - 22:29
CVE-2016-8745 5.0
A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the
10-08-2017 - 18:29 10-08-2017 - 18:29
CVE-2017-5664 5.0
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request
06-06-2017 - 10:29 06-06-2017 - 10:29
CVE-2016-5007 5.0
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching me
25-05-2017 - 13:29 25-05-2017 - 13:29
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
09-05-2017 - 21:29 31-08-2016 - 20:59
CVE-2017-5662 7.9
In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable ap
25-04-2017 - 11:06 18-04-2017 - 10:59
CVE-2016-3506 6.8
Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3
24-04-2017 - 21:59 21-07-2016 - 06:12
CVE-2016-0635 9.0
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.
24-04-2017 - 21:59 21-07-2016 - 06:12
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
24-04-2017 - 20:32 17-04-2017 - 17:59
CVE-2016-2182 7.5
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified ot
07-03-2017 - 21:59 16-09-2016 - 01:59
CVE-2016-2178 2.1
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-2177 7.5
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveragi
23-02-2017 - 14:43 19-06-2016 - 21:59
CVE-2016-6302 5.0
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
23-02-2017 - 14:22 16-09-2016 - 01:59
CVE-2016-2181 5.0
The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops
23-02-2017 - 14:12 16-09-2016 - 01:59
CVE-2016-2180 5.0
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application cra
23-02-2017 - 14:11 31-07-2016 - 22:59
CVE-2016-2179 5.0
The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many
23-02-2017 - 14:10 16-09-2016 - 01:59
CVE-2016-6303 7.5
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vect
23-02-2017 - 12:40 16-09-2016 - 01:59
CVE-2016-7052 5.0
crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6309 10.0
statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6308 7.1
statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6307 4.3
The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6305 5.0
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-6304 7.8
Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions.
01-02-2017 - 21:59 26-09-2016 - 15:59
CVE-2016-9878 5.0
An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. Paths provided to the ResourceServlet were not properly sanitized and as a result exposed to directory traversal attacks.
03-01-2017 - 13:21 29-12-2016 - 04:59
CVE-2015-7940 5.0
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "
07-12-2016 - 13:25 09-11-2015 - 11:59
CVE-2016-3092 7.8
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
28-11-2016 - 15:06 04-07-2016 - 18:59
CVE-2014-0054 6.8
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct
28-11-2016 - 14:10 17-04-2014 - 10:55
CVE-2016-5019 7.5
CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x before 2.0.2, and 2.1.x before 2.1.2 might allow attackers to conduct deserialization attacks via a crafted serialized view state string.
26-10-2016 - 22:00 03-10-2016 - 14:59
CVE-2013-1768 7.5
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for rem
03-01-2014 - 23:45 11-07-2013 - 18:55
Back to Top Mark selected
Back to Top