Max CVSS 9.3 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-10086 7.5
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by defa
23-11-2020 - 16:15 20-08-2019 - 21:15
CVE-2016-6489 5.0
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
16-11-2020 - 20:20 14-04-2017 - 18:59
CVE-2018-8039 6.8
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try to ma
12-11-2020 - 14:15 02-07-2018 - 13:29
CVE-2019-12406 4.3
Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message. This leaves open the possibility of a denial of service type attack, where a malicious user crafts a message containing a very large nu
12-11-2020 - 14:15 06-11-2019 - 21:15
CVE-2019-12419 7.5
Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged OpenId Connect service. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is
12-11-2020 - 14:15 06-11-2019 - 21:15
CVE-2020-2760 5.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu
11-11-2020 - 03:15 15-04-2020 - 14:15
CVE-2020-2812 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged
11-11-2020 - 03:15 15-04-2020 - 14:15
CVE-2020-2780 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with
11-11-2020 - 03:15 15-04-2020 - 14:15
CVE-2020-2814 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with net
11-11-2020 - 03:15 15-04-2020 - 14:15
CVE-2020-2752 3.5
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with net
11-11-2020 - 03:15 15-04-2020 - 14:15
CVE-2019-19959 5.0
ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind.
09-11-2020 - 21:47 03-01-2020 - 22:15
CVE-2019-19317 7.5
lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
09-11-2020 - 21:47 05-12-2019 - 14:15
CVE-2019-19646 7.5
pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns.
09-11-2020 - 21:47 09-12-2019 - 19:15
CVE-2019-17571 7.5
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic fo
03-11-2020 - 21:15 20-12-2019 - 17:15
CVE-2015-9251 4.3
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
26-10-2020 - 18:15 18-01-2018 - 23:29
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
26-10-2020 - 18:15 20-04-2019 - 00:29
CVE-2018-10237 4.3
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray
22-10-2020 - 20:15 26-04-2018 - 21:29
CVE-2019-9517 7.8
Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so
22-10-2020 - 17:22 13-08-2019 - 21:15
CVE-2020-5398 7.6
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response
21-10-2020 - 18:15 17-01-2020 - 00:15
CVE-2019-2904 7.5
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacke
21-10-2020 - 14:15 16-10-2019 - 18:15
CVE-2019-5443 4.6
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privile
20-10-2020 - 22:15 02-07-2019 - 19:15
CVE-2019-5481 7.5
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
20-10-2020 - 22:15 16-09-2019 - 19:15
CVE-2019-5427 5.0
c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.
20-10-2020 - 22:15 22-04-2019 - 21:29
CVE-2020-8840 7.5
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
20-10-2020 - 22:15 10-02-2020 - 21:56
CVE-2019-20330 7.5
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
20-10-2020 - 22:15 03-01-2020 - 04:15
CVE-2019-5482 7.5
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
20-10-2020 - 22:15 16-09-2019 - 19:15
CVE-2020-5397 2.6
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vul
20-10-2020 - 22:15 17-01-2020 - 19:15
CVE-2019-16942 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.
20-10-2020 - 22:15 01-10-2019 - 17:15
CVE-2019-17091 4.3
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
20-10-2020 - 22:15 02-10-2019 - 14:15
CVE-2019-17531 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-ext
20-10-2020 - 22:15 12-10-2019 - 21:15
CVE-2019-17359 5.0
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
20-10-2020 - 22:15 08-10-2019 - 14:15
CVE-2019-16943 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) ja
20-10-2020 - 22:15 01-10-2019 - 17:15
CVE-2018-20843 7.8
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
20-10-2020 - 22:15 24-06-2019 - 17:15
CVE-2019-5435 4.3
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.
20-10-2020 - 22:15 28-05-2019 - 19:29
CVE-2019-5436 4.6
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
20-10-2020 - 22:15 28-05-2019 - 19:29
CVE-2017-5645 7.5
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
20-10-2020 - 22:15 17-04-2017 - 21:59
CVE-2019-16335 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
20-10-2020 - 22:15 15-09-2019 - 22:15
CVE-2019-15903 5.0
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-r
20-10-2020 - 22:15 04-09-2019 - 06:15
CVE-2019-1563 4.3
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decryp
20-10-2020 - 22:15 10-09-2019 - 17:15
CVE-2019-1547 1.9
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those case
20-10-2020 - 22:15 10-09-2019 - 17:15
CVE-2018-15769 5.0
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients dur
20-10-2020 - 22:15 16-11-2018 - 21:29
CVE-2016-6306 4.3
The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
20-10-2020 - 22:15 26-09-2016 - 19:59
CVE-2016-8610 5.0
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL ser
20-10-2020 - 22:15 13-11-2017 - 22:29
CVE-2019-13990 7.5
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
20-10-2020 - 22:15 26-07-2019 - 19:15
CVE-2019-12415 2.1
In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML E
20-10-2020 - 22:15 23-10-2019 - 20:15
CVE-2019-1552 1.9
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --opens
20-10-2020 - 22:15 30-07-2019 - 17:15
CVE-2019-1549 5.0
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this pro
20-10-2020 - 22:15 10-09-2019 - 17:15
CVE-2019-14379 7.5
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
20-10-2020 - 22:15 29-07-2019 - 12:15
CVE-2018-14718 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
20-10-2020 - 22:15 02-01-2019 - 18:29
CVE-2019-12402 5.0
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names insi
20-10-2020 - 22:15 30-08-2019 - 09:15
CVE-2019-14540 7.5
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
20-10-2020 - 22:15 15-09-2019 - 22:15
CVE-2019-12384 4.3
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
20-10-2020 - 22:15 24-06-2019 - 16:15
CVE-2018-11054 5.0
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2016-2183 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birth
20-10-2020 - 22:15 01-09-2016 - 00:59
CVE-2018-12022 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in
20-10-2020 - 22:15 21-03-2019 - 16:00
CVE-2018-12023 5.1
An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid
20-10-2020 - 22:15 21-03-2019 - 16:00
CVE-2018-11307 7.5
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
20-10-2020 - 22:15 09-07-2019 - 16:15
CVE-2018-11056 4.0
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2018-11058 7.5
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote att
20-10-2020 - 22:15 14-09-2018 - 20:29
CVE-2018-11057 4.3
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2018-11055 2.1
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by
20-10-2020 - 22:15 31-08-2018 - 18:29
CVE-2017-12626 5.0
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and
20-10-2020 - 22:15 29-01-2018 - 17:29
CVE-2019-10173 7.5
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshall
20-10-2020 - 22:15 23-07-2019 - 13:15
CVE-2018-1000180 5.0
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. T
20-10-2020 - 22:15 05-06-2018 - 13:29
CVE-2019-10247 5.0
In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 4
20-10-2020 - 22:15 22-04-2019 - 20:29
CVE-2015-1832 6.4
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumpti
20-10-2020 - 22:15 03-10-2016 - 21:59
CVE-2018-1000613 7.5
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT priv
20-10-2020 - 22:15 09-07-2018 - 20:29
CVE-2019-10097 6.0
In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was configured to use a trusted intermediary proxy server using the "PROXY" protocol, a specially crafted PROXY header could trigger a stack buffer overflow or NULL pointer deference. This vulner
20-10-2020 - 22:15 26-09-2019 - 16:15
CVE-2019-10246 5.0
In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory co
20-10-2020 - 22:15 22-04-2019 - 20:29
CVE-2018-1000873 4.3
Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious
20-10-2020 - 22:15 20-12-2018 - 17:29
CVE-2019-10072 5.0
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) cl
20-10-2020 - 22:15 21-06-2019 - 18:15
CVE-2016-1000031 7.5
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Per Apache: "Having reviewed your report we have concluded that it does not represent a valid vulnerability in Apache Commons File Upload. If an application d
20-10-2020 - 22:15 25-10-2016 - 14:29
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
20-10-2020 - 22:15 17-05-2019 - 17:29
CVE-2016-0701 2.6
The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent
20-10-2020 - 22:15 15-02-2016 - 02:59
CVE-2020-2754 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticate
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2764 4.3
Vulnerability in the Java SE product of Oracle Java SE (component: Advanced Management Console). The supported version that is affected is Java Advanced Management Console: 2.16. Difficult to exploit vulnerability allows unauthenticated attacker with
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2756 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows una
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2757 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows una
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2755 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticate
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2773 4.3
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthen
14-10-2020 - 08:15 15-04-2020 - 14:15
CVE-2019-14889 9.3
A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the
09-10-2020 - 13:34 10-12-2019 - 23:15
CVE-2019-15606 7.5
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
07-10-2020 - 18:07 07-02-2020 - 15:15
CVE-2019-12086 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java ja
01-10-2020 - 00:15 17-05-2019 - 17:29
CVE-2020-2875 4.0
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2934 5.1
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2933 3.5
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2875 4.0
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2933 3.5
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple pro
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2934 5.1
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ac
25-09-2020 - 19:15 15-04-2020 - 14:15
CVE-2018-9252 4.3
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
25-09-2020 - 12:15 04-04-2018 - 02:29
CVE-2018-19139 4.3
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
25-09-2020 - 12:15 09-11-2018 - 21:29
CVE-2018-20622 4.3
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
25-09-2020 - 12:15 31-12-2018 - 19:29
CVE-2018-19543 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
25-09-2020 - 12:15 26-11-2018 - 03:29
CVE-2018-18873 4.3
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
25-09-2020 - 12:15 31-10-2018 - 16:29
CVE-2018-20570 4.3
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
25-09-2020 - 12:15 28-12-2018 - 16:29
CVE-2018-19543 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jp2_decode in libjasper/jp2/jp2_dec.c.
25-09-2020 - 12:15 26-11-2018 - 03:29
CVE-2018-9252 4.3
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_abstorelstepsize in libjasper/jpc/jpc_enc.c.
25-09-2020 - 12:15 04-04-2018 - 02:29
CVE-2018-20622 4.3
JasPer 2.0.14 has a memory leak in base/jas_malloc.c in libjasper.a when "--output-format jp2" is used.
25-09-2020 - 12:15 31-12-2018 - 19:29
CVE-2018-18873 4.3
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
25-09-2020 - 12:15 31-10-2018 - 16:29
CVE-2018-19139 4.3
An issue has been found in JasPer 2.0.14. There is a memory leak in jas_malloc.c when called from jpc_unk_getparms in jpc_cs.c.
25-09-2020 - 12:15 09-11-2018 - 21:29
CVE-2018-20570 4.3
jp2_encode in jp2/jp2_enc.c in JasPer 2.0.14 has a heap-based buffer over-read.
25-09-2020 - 12:15 28-12-2018 - 16:29
CVE-2018-5407 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
18-09-2020 - 16:58 15-11-2018 - 21:29
CVE-2016-2381 5.0
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
10-09-2020 - 13:20 08-04-2016 - 15:59
CVE-2019-0222 5.0
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
10-09-2020 - 11:15 28-03-2019 - 22:29
CVE-2018-1165 6.9
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order t
09-09-2020 - 14:52 21-02-2018 - 14:29
CVE-2020-2830 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthe
09-09-2020 - 08:15 15-04-2020 - 14:15
CVE-2020-2781 5.0
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticate
09-09-2020 - 08:15 15-04-2020 - 14:15
CVE-2018-19361 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19360 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19362 7.5
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-14721 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-14720 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-14719 7.5
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
31-08-2020 - 14:15 02-01-2019 - 18:29
CVE-2018-19626 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the DCOM dissector could crash. This was addressed in epan/dissectors/packet-dcom.c by adding '\0' termination.
24-08-2020 - 17:37 29-11-2018 - 04:29
CVE-2019-18197 5.1
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be
24-08-2020 - 17:37 18-10-2019 - 21:15
CVE-2019-19244 5.0
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage.
24-08-2020 - 17:37 25-11-2019 - 20:15
CVE-2018-19539 4.3
An issue was discovered in JasPer 2.0.14. There is an access violation in the function jas_image_readcmpt in libjasper/base/jas_image.c, leading to a denial of service.
24-08-2020 - 17:37 26-11-2018 - 03:29
CVE-2019-2853 7.5
Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network
24-08-2020 - 17:37 23-07-2019 - 23:15
CVE-2019-19553 5.0
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
24-08-2020 - 17:37 05-12-2019 - 01:15
CVE-2018-20584 4.3
JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.
24-08-2020 - 17:37 30-12-2018 - 05:29
CVE-2019-14439 5.0
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logbac
24-08-2020 - 17:37 30-07-2019 - 11:15
CVE-2019-15165 5.0
sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.
24-08-2020 - 17:37 03-10-2019 - 19:15
CVE-2018-19540 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer overflow of size 1 in the function jas_icctxtdesc_input in libjasper/base/jas_icc.c.
24-08-2020 - 17:37 26-11-2018 - 03:29
CVE-2019-13057 3.5
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not pro
24-08-2020 - 17:37 26-07-2019 - 13:15
CVE-2018-18311 7.5
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
24-08-2020 - 17:37 07-12-2018 - 21:29
CVE-2019-15161 5.0
rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.
24-08-2020 - 17:37 03-10-2019 - 19:15
CVE-2019-12387 4.3
In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.
24-08-2020 - 17:37 10-06-2019 - 12:29
CVE-2019-16056 5.0
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and imple
24-08-2020 - 17:37 06-09-2019 - 18:15
CVE-2019-13565 5.0
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simpl
24-08-2020 - 17:37 26-07-2019 - 13:15
CVE-2018-11797 4.3
In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
24-08-2020 - 17:37 05-10-2018 - 20:29
CVE-2019-10093 4.3
In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
24-08-2020 - 17:37 02-08-2019 - 19:15
CVE-2019-10094 6.8
A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.
24-08-2020 - 17:37 02-08-2019 - 19:15
CVE-2019-10088 6.8
A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.
24-08-2020 - 17:37 02-08-2019 - 19:15
CVE-2019-1010238 7.5
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condit
24-08-2020 - 17:37 19-07-2019 - 17:15
CVE-2019-10081 5.0
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header value
24-08-2020 - 17:37 15-08-2019 - 22:15
CVE-2019-0220 5.0
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions
24-08-2020 - 17:37 11-06-2019 - 21:29
CVE-2018-0734 4.3
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.
24-08-2020 - 17:37 30-10-2018 - 12:29
CVE-2019-0215 6.0
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions.
24-08-2020 - 17:37 08-04-2019 - 20:29
CVE-2019-0211 7.2
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with
24-08-2020 - 17:37 08-04-2019 - 22:29
CVE-2019-0232 9.3
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments
24-08-2020 - 17:37 15-04-2019 - 15:29
CVE-2018-20506 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to exe
23-08-2020 - 01:15 03-04-2019 - 18:29
CVE-2019-20218 5.0
selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error.
23-08-2020 - 01:15 02-01-2020 - 14:16
CVE-2018-20346 6.8
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by l
23-08-2020 - 01:15 21-12-2018 - 21:29
CVE-2019-16168 4.3
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
23-08-2020 - 01:15 09-09-2019 - 17:15
CVE-2018-20852 5.0
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a serv
22-08-2020 - 17:15 13-07-2019 - 21:15
CVE-2019-10092 4.3
In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only
08-08-2020 - 15:15 26-09-2019 - 16:15
CVE-2019-19926 5.0
multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
06-08-2020 - 19:15 23-12-2019 - 01:15
CVE-2018-1000632 5.0
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo
23-07-2020 - 14:19 20-08-2018 - 19:31
CVE-2019-2729 7.5
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated at
15-07-2020 - 18:15 19-06-2019 - 23:15
CVE-2018-8032 4.3
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
15-07-2020 - 03:15 02-08-2018 - 13:29
CVE-2019-17563 5.1
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be p
15-07-2020 - 03:15 23-12-2019 - 17:15
CVE-2019-8457 7.5
SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.
15-07-2020 - 03:15 30-05-2019 - 16:29
CVE-2018-15756 5.0
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,
15-07-2020 - 03:15 18-10-2018 - 22:29
CVE-2018-1258 6.5
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted
15-07-2020 - 03:15 11-05-2018 - 20:29
CVE-2016-4000 7.5
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
15-07-2020 - 03:15 06-07-2017 - 16:29
CVE-2019-10082 6.4
In Apache HTTP Server 2.4.18-2.4.39, using fuzzed network input, the http/2 session handling could be made to read memory after being freed, during connection shutdown.
15-07-2020 - 03:15 26-09-2019 - 16:15
CVE-2019-0227 5.4
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to buil
15-07-2020 - 03:15 01-05-2019 - 21:29
CVE-2020-2929 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacke
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2914 4.4
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2908 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2902 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacke
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2959 5.0
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows unauthenticated attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2894 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2742 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2951 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacke
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2907 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged atta
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2909 4.3
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacke
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2905 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2748 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2913 4.4
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows low privileged attacker with logon to
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2743 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2758 4.6
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2911 4.4
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged atta
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2910 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows low privileged attacker with logon to t
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2741 2.1
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attack
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2958 4.4
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged atta
03-07-2020 - 18:15 15-04-2020 - 14:15
CVE-2020-2800 5.8
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2020-2803 5.1
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthe
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2020-2805 5.1
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthe
24-06-2020 - 12:15 15-04-2020 - 14:15
CVE-2015-3253 7.5
The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.
24-06-2020 - 05:15 13-08-2015 - 14:59
CVE-2019-0228 7.5
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
18-06-2020 - 07:15 17-04-2019 - 15:29
CVE-2020-2801 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated att
17-06-2020 - 13:15 15-04-2020 - 14:15
CVE-2019-19645 2.1
alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements.
16-06-2020 - 20:15 09-12-2019 - 16:15
CVE-2019-19603 5.0
SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.
16-06-2020 - 20:15 09-12-2019 - 19:15
CVE-2016-7103 4.3
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
15-06-2020 - 18:14 15-03-2017 - 16:59
CVE-2020-2883 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated att
04-06-2020 - 22:15 15-04-2020 - 14:15
CVE-2018-1320 5.0
Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed co
04-06-2020 - 17:15 07-01-2019 - 17:29
CVE-2020-2778 4.3
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2816 5.0
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Ja
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2767 5.8
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise
02-06-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2915 7.5
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows u
26-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2828 5.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access
26-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2798 6.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high pr
26-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2963 6.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privil
26-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2884 7.5
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated att
26-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2018-6942 4.3
An issue was discovered in FreeType 2 through 2.9. A NULL pointer dereference in the Ins_GETVARIATION() function within ttinterp.c could lead to DoS via a crafted font file.
24-05-2020 - 00:15 13-02-2018 - 05:29
CVE-2018-11775 5.8
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by def
14-05-2020 - 07:15 10-09-2018 - 20:29
CVE-2020-2575 4.4
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged atta
07-05-2020 - 18:10 29-04-2020 - 15:15
CVE-2020-2904 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2901 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2928 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2903 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mu
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2804 7.1
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Memcached). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated atta
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2924 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2923 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2930 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple prot
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2925 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2926 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication GCS). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access vi
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2922 4.3
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with ne
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2020-2898 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). The supported version that is affected is 8.0.19. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to
05-05-2020 - 15:15 15-04-2020 - 14:15
CVE-2017-5754 4.7
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
05-05-2020 - 11:31 04-01-2018 - 13:29
CVE-2020-2783 5.0
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access
24-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2785 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access
24-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2786 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access
24-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2787 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). Supported versions that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access
24-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2936 5.5
Vulnerability in the Oracle Financial Services Balance Sheet Planning product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low privileg
22-04-2020 - 15:50 15-04-2020 - 14:15
CVE-2020-2944 7.2
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructur
17-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2851 4.4
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastruct
17-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2771 1.2
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Sola
17-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2836 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 17:29 15-04-2020 - 14:15
CVE-2020-2835 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 17:16 15-04-2020 - 14:15
CVE-2020-2834 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 17:13 15-04-2020 - 14:15
CVE-2020-2833 5.8
Vulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: Courseware). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to c
17-04-2020 - 17:12 15-04-2020 - 14:15
CVE-2020-2810 4.3
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network
17-04-2020 - 17:03 15-04-2020 - 14:15
CVE-2020-2813 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: KB Search). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with networ
17-04-2020 - 17:03 15-04-2020 - 14:15
CVE-2020-2807 5.8
Vulnerability in the Oracle Marketing Encyclopedia System product of Oracle E-Business Suite (component: Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with ne
17-04-2020 - 17:03 15-04-2020 - 14:15
CVE-2020-2808 5.8
Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 17:02 15-04-2020 - 14:15
CVE-2020-2809 5.8
Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 17:02 15-04-2020 - 14:15
CVE-2020-2820 5.8
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker
17-04-2020 - 16:56 15-04-2020 - 14:15
CVE-2020-2819 5.8
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker wi
17-04-2020 - 16:48 15-04-2020 - 14:15
CVE-2020-2815 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com
17-04-2020 - 16:43 15-04-2020 - 14:15
CVE-2020-2817 5.8
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
17-04-2020 - 16:34 15-04-2020 - 14:15
CVE-2020-2818 5.8
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker wi
17-04-2020 - 16:27 15-04-2020 - 14:15
CVE-2020-2822 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claims). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
17-04-2020 - 16:23 15-04-2020 - 14:15
CVE-2020-2821 5.8
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Budget). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with netwo
17-04-2020 - 16:19 15-04-2020 - 14:15
CVE-2020-2823 5.8
Vulnerability in the Oracle Common Applications Calendar product of Oracle E-Business Suite (component: Notes). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 16:13 15-04-2020 - 14:15
CVE-2020-2824 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acc
17-04-2020 - 15:48 15-04-2020 - 14:15
CVE-2020-2825 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acc
17-04-2020 - 15:44 15-04-2020 - 14:15
CVE-2020-2826 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acc
17-04-2020 - 15:31 15-04-2020 - 14:15
CVE-2020-2827 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acc
17-04-2020 - 15:21 15-04-2020 - 14:15
CVE-2020-2831 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 14:50 15-04-2020 - 14:15
CVE-2020-2832 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acc
17-04-2020 - 14:40 15-04-2020 - 14:15
CVE-2020-2837 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
17-04-2020 - 14:27 15-04-2020 - 14:15
CVE-2020-2900 3.6
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Tools). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via
17-04-2020 - 14:17 15-04-2020 - 14:15
CVE-2020-2878 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Mail). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compro
17-04-2020 - 14:11 15-04-2020 - 14:15
CVE-2020-2879 5.8
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with netwo
17-04-2020 - 14:04 15-04-2020 - 14:15
CVE-2020-2880 5.8
Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: OTA Training Activities). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated
17-04-2020 - 13:54 15-04-2020 - 14:15
CVE-2020-2870 5.8
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacke
17-04-2020 - 13:38 15-04-2020 - 14:15
CVE-2020-2954 5.8
Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Candidate Gateway). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
17-04-2020 - 13:33 15-04-2020 - 14:15
CVE-2020-2927 4.4
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastruct
16-04-2020 - 20:10 15-04-2020 - 14:15
CVE-2020-2838 5.0
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated a
16-04-2020 - 20:10 15-04-2020 - 14:15
CVE-2019-2880 6.5
Vulnerability in the Oracle Retail Store Inventory Management product of Oracle Retail Applications (component: Security). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with network ac
16-04-2020 - 20:08 15-04-2020 - 14:15
CVE-2020-2949 5.0
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching, CacheStore, Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows u
16-04-2020 - 20:06 15-04-2020 - 14:15
CVE-2020-2839 5.8
Vulnerability in the Oracle Service Intelligence product of Oracle E-Business Suite (component: Internal Operations- Search). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker wit
16-04-2020 - 20:05 15-04-2020 - 14:15
CVE-2020-2932 4.3
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access v
16-04-2020 - 20:02 15-04-2020 - 14:15
CVE-2020-2931 7.5
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Web Applications - InfoCenter). Supported versions that are affected are 8.6.0-8.6.3. Easily exploitable vulnerability allows unauthenticated attacker with network access v
16-04-2020 - 20:01 15-04-2020 - 14:15
CVE-2020-2920 5.8
Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). Supported versions that are affected are 9.3.3, 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
16-04-2020 - 20:00 15-04-2020 - 14:15
CVE-2020-2912 4.0
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Self-Service). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access
16-04-2020 - 19:57 15-04-2020 - 14:15
CVE-2020-2906 4.0
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Supplier Change). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access vi
16-04-2020 - 19:52 15-04-2020 - 14:15
CVE-2020-2946 6.5
Vulnerability in the Application Performance Management product of Oracle Enterprise Manager (component: EM Request Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high pr
16-04-2020 - 19:50 15-04-2020 - 14:15
CVE-2020-2829 4.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Management Services). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network acce
16-04-2020 - 19:50 15-04-2020 - 14:15
CVE-2020-2811 5.8
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 19:41 15-04-2020 - 14:15
CVE-2020-2945 5.5
Vulnerability in the Oracle Financial Services Deposit Insurance Calculations for Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). Supported versions that are affected are 8.0.7 and 8.0.8. Easi
16-04-2020 - 19:40 15-04-2020 - 14:15
CVE-2020-2947 4.0
Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft (component: Absence Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with networ
16-04-2020 - 19:38 15-04-2020 - 14:15
CVE-2020-2806 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.28 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple pr
16-04-2020 - 19:35 15-04-2020 - 14:15
CVE-2020-2942 5.5
Vulnerability in the Oracle Financial Services Price Creation and Discovery product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.0.7. Easily exploitable vulnerability allows low pr
16-04-2020 - 19:27 15-04-2020 - 14:15
CVE-2020-2895 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2761 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2790 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2768 4.9
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior and 8.0.19 and prior. Easily exploitable vulnera
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2956 5.5
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attack
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2950 7.5
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2759 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2893 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2921 3.5
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.19 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2892 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2897 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple pro
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2882 5.5
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attack
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2896 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via mul
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2853 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2774 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2763 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged atta
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2779 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via m
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2770 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple proto
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2765 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network ac
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2762 4.0
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to c
16-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2594 6.0
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 1
16-04-2020 - 19:10 15-04-2020 - 14:15
CVE-2020-2737 4.6
Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Execute
16-04-2020 - 19:04 15-04-2020 - 14:15
CVE-2020-2777 2.1
Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Security). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP t
16-04-2020 - 18:57 15-04-2020 - 14:15
CVE-2020-2943 5.5
Vulnerability in the Oracle Financial Services Liquidity Risk Measurement and Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7 and 8.0.8. Easily exploitable vulne
16-04-2020 - 18:52 15-04-2020 - 14:15
CVE-2020-2772 4.3
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Absence Recording, Maintenance). Supported versions that are affected are 12.2.6-12.2.9. Easily exploitable vulnerability allows low privileged attacker with n
16-04-2020 - 18:50 15-04-2020 - 14:15
CVE-2020-2769 3.5
Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Web Based Report Designer). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network acc
16-04-2020 - 18:41 15-04-2020 - 14:15
CVE-2020-2941 5.5
Vulnerability in the Oracle Financial Services Funds Transfer Pricing product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows low
16-04-2020 - 18:30 15-04-2020 - 14:15
CVE-2020-2940 5.5
Vulnerability in the Oracle Financial Services Profitability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows l
16-04-2020 - 18:23 15-04-2020 - 14:15
CVE-2020-2939 5.5
Vulnerability in the Oracle Financial Services Asset Liability Management product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 and 8.0.7. Easily exploitable vulnerability allows
16-04-2020 - 18:11 15-04-2020 - 14:15
CVE-2020-2766 5.0
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 18:09 15-04-2020 - 14:15
CVE-2020-2793 5.5
Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerabil
16-04-2020 - 18:07 15-04-2020 - 14:15
CVE-2020-2938 5.5
Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.8. Easily exploitable vulnerabil
16-04-2020 - 18:03 15-04-2020 - 14:15
CVE-2020-2775 5.0
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acces
16-04-2020 - 17:52 15-04-2020 - 14:15
CVE-2020-2937 5.5
Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileged at
16-04-2020 - 17:51 15-04-2020 - 14:15
CVE-2020-2776 5.0
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access vi
16-04-2020 - 17:51 15-04-2020 - 14:15
CVE-2020-2782 6.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network access
16-04-2020 - 17:44 15-04-2020 - 14:15
CVE-2020-2784 7.5
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 17:40 15-04-2020 - 14:15
CVE-2020-2955 6.5
Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Financial Services Applications (component: Transaction Processing). The supported version that is affected is 4.0. Easily exploitable vulnerability allows low privileged attacker wi
16-04-2020 - 17:39 15-04-2020 - 14:15
CVE-2020-2935 5.5
Vulnerability in the Oracle Financial Services Hedge Management and IFRS Valuations product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.8. Easily exploitable vulnerabilit
16-04-2020 - 17:33 15-04-2020 - 14:15
CVE-2020-2953 7.5
Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 17:25 15-04-2020 - 14:15
CVE-2020-2789 4.3
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with netwo
16-04-2020 - 17:20 15-04-2020 - 14:15
CVE-2020-2791 7.5
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via
16-04-2020 - 17:14 15-04-2020 - 14:15
CVE-2020-2794 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Email Address list and Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthe
16-04-2020 - 17:12 15-04-2020 - 14:15
CVE-2020-2795 6.0
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the inf
16-04-2020 - 17:04 15-04-2020 - 14:15
CVE-2020-2796 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with
16-04-2020 - 16:50 15-04-2020 - 14:15
CVE-2020-2952 6.4
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP
16-04-2020 - 16:49 15-04-2020 - 14:15
CVE-2020-2797 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with ne
16-04-2020 - 16:39 15-04-2020 - 14:15
CVE-2020-2964 5.5
Vulnerability in the Oracle Financial Services Data Foundation product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.9. Easily exploitable vulnerability allows low privileg
16-04-2020 - 16:34 15-04-2020 - 14:15
CVE-2020-2799 3.5
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Difficult to exploit vulnerability allows low privileged attacker with network
16-04-2020 - 16:26 15-04-2020 - 14:15
CVE-2020-2802 4.0
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). Supported versions that are affected are 19.3.1 and 20.0.0. Easily exploitable vulnerability allows low privileged attacker with network a
16-04-2020 - 16:24 15-04-2020 - 14:15
CVE-2020-2859 5.0
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: nVision). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 16:23 15-04-2020 - 14:15
CVE-2020-2865 5.0
Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: Installation). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t
16-04-2020 - 16:16 15-04-2020 - 14:15
CVE-2020-2867 6.4
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attack
16-04-2020 - 16:13 15-04-2020 - 14:15
CVE-2020-2868 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows unauthenticated attacker with
16-04-2020 - 16:06 15-04-2020 - 14:15
CVE-2020-2869 4.3
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 16:02 15-04-2020 - 14:15
CVE-2020-2961 7.5
Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework (Oracle OHS)). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows unauthen
16-04-2020 - 15:53 15-04-2020 - 14:15
CVE-2020-2863 5.5
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with netwo
16-04-2020 - 15:51 15-04-2020 - 14:15
CVE-2020-2866 5.0
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker wit
16-04-2020 - 15:34 15-04-2020 - 14:15
CVE-2020-2891 5.5
Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interfaces). The supported version that is affected is 8.0.6. Easily exploitable vulnerability allows low priv
16-04-2020 - 15:33 15-04-2020 - 14:15
CVE-2020-2864 5.0
Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Accounts). Supported versions that are affected are 12.1.3 and 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network ac
16-04-2020 - 15:24 15-04-2020 - 14:15
CVE-2020-2871 5.8
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 15:16 15-04-2020 - 14:15
CVE-2020-2872 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com
16-04-2020 - 15:06 15-04-2020 - 14:15
CVE-2020-2840 5.8
Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 15:04 15-04-2020 - 14:15
CVE-2020-2841 5.8
Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acces
16-04-2020 - 14:57 15-04-2020 - 14:15
CVE-2020-2899 4.9
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HT
16-04-2020 - 14:55 15-04-2020 - 14:15
CVE-2020-2842 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:54 15-04-2020 - 14:15
CVE-2020-2877 5.8
Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:38 15-04-2020 - 14:15
CVE-2020-2843 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Profile). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to com
16-04-2020 - 14:31 15-04-2020 - 14:15
CVE-2020-2844 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:20 15-04-2020 - 14:15
CVE-2020-2873 5.8
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated
16-04-2020 - 14:13 15-04-2020 - 14:15
CVE-2020-2845 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:12 15-04-2020 - 14:15
CVE-2020-2846 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:11 15-04-2020 - 14:15
CVE-2020-2847 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:07 15-04-2020 - 14:15
CVE-2020-2874 5.8
Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Customer Search). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via
16-04-2020 - 14:02 15-04-2020 - 14:15
CVE-2020-2849 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:01 15-04-2020 - 14:15
CVE-2020-2848 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 14:01 15-04-2020 - 14:15
CVE-2020-2850 5.8
Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with networ
16-04-2020 - 13:58 15-04-2020 - 14:15
CVE-2020-2852 5.8
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Calendar). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac
16-04-2020 - 13:53 15-04-2020 - 14:15
CVE-2020-2885 5.8
Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite (component: Attachments). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthent
16-04-2020 - 13:52 15-04-2020 - 14:15
CVE-2020-2733 7.5
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network acc
16-04-2020 - 13:47 15-04-2020 - 14:15
CVE-2020-2854 5.8
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with netw
16-04-2020 - 13:47 15-04-2020 - 14:15
CVE-2020-2735 4.6
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege wi
16-04-2020 - 13:46 15-04-2020 - 14:15
CVE-2020-2890 5.8
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with n
16-04-2020 - 13:44 15-04-2020 - 14:15
CVE-2020-2855 5.8
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Admin). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compr
16-04-2020 - 13:42 15-04-2020 - 14:15
CVE-2020-2734 3.5
Vulnerability in the RDBMS/Optimizer component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_SQLTUNE privil
16-04-2020 - 13:42 15-04-2020 - 14:15
CVE-2020-2856 5.8
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with netw
16-04-2020 - 13:34 15-04-2020 - 14:15
CVE-2020-2889 5.0
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with
16-04-2020 - 13:34 15-04-2020 - 14:15
CVE-2020-2857 5.8
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with netw
16-04-2020 - 13:31 15-04-2020 - 14:15
CVE-2020-2858 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 13:28 15-04-2020 - 14:15
CVE-2020-2860 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 13:22 15-04-2020 - 14:15
CVE-2020-2862 4.3
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacke
16-04-2020 - 13:21 15-04-2020 - 14:15
CVE-2020-2861 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network acce
16-04-2020 - 13:21 15-04-2020 - 14:15
CVE-2020-2881 5.8
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network ac
16-04-2020 - 13:14 15-04-2020 - 14:15
CVE-2020-2876 5.8
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker
16-04-2020 - 13:00 15-04-2020 - 14:15
CVE-2020-2886 4.3
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with
16-04-2020 - 12:32 15-04-2020 - 14:15
CVE-2020-2888 5.0
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Partners). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network ac
16-04-2020 - 12:21 15-04-2020 - 14:15
CVE-2019-19242 4.3
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN case in sqlite3ExprCodeTarget in expr.c.
15-04-2020 - 21:15 27-11-2019 - 17:15
CVE-2018-19542 4.3
An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function jp2_decode in libjasper/jp2/jp2_dec.c, leading to a denial of service.
15-04-2020 - 21:15 26-11-2018 - 03:29
CVE-2017-3160 5.8
After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and
15-04-2020 - 21:15 01-02-2018 - 21:29
CVE-2018-1336 5.0
An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and
15-04-2020 - 21:15 02-08-2018 - 14:29
CVE-2016-10244 6.8
The parse_charstrings function in type1/t1load.c in FreeType 2 before 2.7 does not ensure that a font contains a glyph name, which allows remote attackers to cause a denial of service (heap-based buffer over-read) or possibly have unspecified other i
15-04-2020 - 21:15 06-03-2017 - 06:59
CVE-2020-2753 5.0
Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker wit
15-04-2020 - 20:30 15-04-2020 - 14:15
CVE-2020-2887 5.0
Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated
15-04-2020 - 19:49 15-04-2020 - 14:15
CVE-2020-2738 4.0
Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI, SWSE). Supported versions that are affected are 20.2 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to com
15-04-2020 - 19:25 15-04-2020 - 14:15
CVE-2020-2739 4.3
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H
15-04-2020 - 19:15 15-04-2020 - 14:15
CVE-2020-2740 4.9
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker wit
15-04-2020 - 19:14 15-04-2020 - 14:15
CVE-2020-2751 5.8
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via
15-04-2020 - 18:51 15-04-2020 - 14:15
CVE-2020-2744 4.9
Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily exploitable vulnerability allows low privileged attacker with network
15-04-2020 - 18:47 15-04-2020 - 14:15
CVE-2020-2745 4.3
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Federation). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network
15-04-2020 - 18:44 15-04-2020 - 14:15
CVE-2020-2750 5.0
Vulnerability in the Oracle General Ledger product of Oracle E-Business Suite (component: Account Hierarchy Manager). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated at
15-04-2020 - 18:42 15-04-2020 - 14:15
CVE-2020-2749 2.1
Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where O
15-04-2020 - 18:42 15-04-2020 - 14:15
CVE-2020-2746 5.5
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin privileg
15-04-2020 - 18:39 15-04-2020 - 14:15
CVE-2020-2747 4.9
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network a
15-04-2020 - 18:35 15-04-2020 - 14:15
CVE-2020-2553 5.8
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access v
15-04-2020 - 18:34 15-04-2020 - 14:15
CVE-2020-2524 4.3
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: InQuira Search). Supported versions that are affected are 8.6.0-8.6.3. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to co
15-04-2020 - 18:33 15-04-2020 - 14:15
CVE-2020-2522 4.3
Vulnerability in the Oracle Knowledge product of Oracle Knowledge (component: Information Manager Console). Supported versions that are affected are 8.6.0-8.6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via
15-04-2020 - 18:32 15-04-2020 - 14:15
CVE-2020-2514 4.9
Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network
15-04-2020 - 18:27 15-04-2020 - 14:15
CVE-2020-2706 5.8
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Project Manager). Supported versions that are affected are 16.2.0.0 - 16.2.19.3, 17.12.0.0 - 17.12.17.0, 18.8.0.0 - 1
15-04-2020 - 17:15 15-04-2020 - 14:15
CVE-2019-2899 3.5
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Supported versions that are affected are 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged a
15-04-2020 - 14:15 16-10-2019 - 18:15
CVE-2019-10098 5.8
In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL.
01-04-2020 - 15:15 25-09-2019 - 17:15
CVE-2019-15604 5.0
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
20-03-2020 - 21:15 07-02-2020 - 15:15
CVE-2018-19625 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the dissection engine could crash. This was addressed in epan/tvbuff_composite.c by preventing a heap-based buffer over-read.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19624 4.3
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the PVFS dissector could crash. This was addressed in epan/dissectors/packet-pvfs2.c by preventing a NULL pointer dereference.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19628 5.0
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19622 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the MMSE dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-mmse.c by preventing length overflows.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2020-7044 5.0
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
20-03-2020 - 01:15 16-01-2020 - 04:15
CVE-2018-19627 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-19623 5.0
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the LBMPDM dissector could crash. In addition, a remote attacker could write arbitrary data to any memory locations before the packet-scoped memory. This was addressed in epan/dissectors/packet-lbmpdm.
20-03-2020 - 01:15 29-11-2018 - 04:29
CVE-2018-18227 5.0
In Wireshark 2.6.0 to 2.6.3 and 2.4.0 to 2.4.9, the MS-WSP protocol dissector could crash. This was addressed in epan/dissectors/packet-mswsp.c by properly handling NULL return values.
20-03-2020 - 01:15 12-10-2018 - 06:29
CVE-2019-15605 7.5
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
11-03-2020 - 22:25 07-02-2020 - 15:15
CVE-2019-19880 5.0
exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled.
14-01-2020 - 11:15 18-12-2019 - 06:15
CVE-2019-19924 5.0
SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling.
14-01-2020 - 11:15 24-12-2019 - 16:15
CVE-2019-19925 5.0
zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive.
14-01-2020 - 11:15 24-12-2019 - 17:15
CVE-2019-19923 5.0
flattenSubquery in select.c in SQLite 3.30.1 mishandles certain uses of SELECT DISTINCT involving a LEFT JOIN in which the right-hand side is a view. This can cause a NULL pointer dereference (or incorrect results).
14-01-2020 - 11:15 24-12-2019 - 16:15
CVE-2019-19269 4.0
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. A dereference of a NULL pointer may occur. This pointer is returned by the OpenSSL sk_X509_REVOKED_value() function when encountering an empty CRL installed by a system administrato
13-01-2020 - 22:15 30-11-2019 - 23:15
CVE-2019-12418 4.4
When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perf
07-01-2020 - 08:15 23-12-2019 - 18:15
CVE-2019-0217 6.0
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictio
10-12-2019 - 13:15 08-04-2019 - 21:29
CVE-2019-17195 6.8
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
07-11-2019 - 18:15 15-10-2019 - 14:15
CVE-2019-15164 5.0
rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.
27-10-2019 - 03:15 03-10-2019 - 19:15
CVE-2019-15162 5.0
rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.
27-10-2019 - 03:15 03-10-2019 - 19:15
CVE-2019-15163 5.0
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
27-10-2019 - 03:15 03-10-2019 - 19:15
CVE-2017-14232 4.3
The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.
22-10-2019 - 19:15 15-08-2019 - 17:15
CVE-2018-19541 6.8
An issue was discovered in JasPer 2.0.14. There is a heap-based buffer over-read of size 8 in the function jas_image_depalettize in libjasper/base/jas_image.c.
07-10-2019 - 21:15 26-11-2018 - 03:29
CVE-2018-5711 4.3
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated
03-10-2019 - 00:03 16-01-2018 - 09:29
CVE-2018-8036 4.3
In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
03-10-2019 - 00:03 03-07-2018 - 20:29
CVE-2018-8014 7.5
The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter
03-10-2019 - 00:03 16-05-2018 - 16:29
CVE-2018-9055 4.3
JasPer 2.0.14 allows denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.
03-10-2019 - 00:03 27-03-2018 - 04:29
CVE-2018-17197 4.3
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
03-10-2019 - 00:03 24-12-2018 - 14:29
CVE-2017-5533 5.0
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and
03-10-2019 - 00:03 15-11-2017 - 21:29
CVE-2018-1304 4.3
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definiti
03-10-2019 - 00:03 28-02-2018 - 20:29
CVE-2018-1305 4.0
Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way ap
03-10-2019 - 00:03 23-02-2018 - 23:29
CVE-2017-13745 5.0
There is a reachable assertion abort in the function jpc_dec_process_sot() in jpc/jpc_dec.c in JasPer 2.0.12 that will lead to a remote denial of service attack by triggering an unexpected jpc_ppmstabtostreams return value, a different vulnerability
03-10-2019 - 00:03 29-08-2017 - 06:29
CVE-2018-0737 4.3
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixe
03-10-2019 - 00:03 16-04-2018 - 18:29
CVE-2019-14821 7.2
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher
24-09-2019 - 03:15 19-09-2019 - 18:15
CVE-2018-5712 4.3
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
19-08-2019 - 11:15 16-01-2018 - 09:29
CVE-2019-12855 5.8
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
14-08-2019 - 03:15 16-06-2019 - 12:29
CVE-2018-9154 5.0
There is a reachable abort in the function jpc_dec_process_sot in libjasper/jpc/jpc_dec.c of JasPer 2.0.14 that will lead to a remote denial of service attack by triggering an unexpected jas_alloc2 return value, a different vulnerability than CVE-201
09-08-2019 - 23:15 04-05-2018 - 21:29
CVE-2017-5130 6.8
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
19-07-2019 - 09:15 07-02-2018 - 23:29
CVE-2019-0197 4.9
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38. When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection cou
17-06-2019 - 19:15 11-06-2019 - 22:29
CVE-2019-0196 5.0
A vulnerability was found in Apache HTTP Server 2.4.17 to 2.4.38. Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparison when determining the method of a request and thus process the request
17-06-2019 - 19:15 11-06-2019 - 22:29
CVE-2018-11784 4.3
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause
11-06-2019 - 22:29 04-10-2018 - 13:29
CVE-2019-0221 4.3
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debu
07-06-2019 - 21:29 28-05-2019 - 22:29
CVE-2019-1543 5.8
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 b
03-06-2019 - 20:29 06-03-2019 - 21:29
CVE-2018-0732 5.0
During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime result
30-05-2019 - 18:29 12-06-2018 - 13:29
CVE-2019-0199 5.0
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping str
28-05-2019 - 21:29 10-04-2019 - 15:29
CVE-2018-8034 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
14-05-2019 - 17:29 01-08-2018 - 18:29
CVE-2017-8287 7.5
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.
23-04-2019 - 19:31 27-04-2017 - 00:59
CVE-2017-8105 7.5
FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_decoder_parse_charstrings function in psaux/t1decode.c.
23-04-2019 - 19:31 24-04-2017 - 18:59
CVE-2016-3092 7.8
The MultipartStream class in Apache Commons Fileupload before 1.3.2, as used in Apache Tomcat 7.x before 7.0.70, 8.x before 8.0.36, 8.5.x before 8.5.3, and 9.x before 9.0.0.M7 and other products, allows remote attackers to cause a denial of service (
23-04-2019 - 19:29 04-07-2016 - 22:59
CVE-2018-8037 4.3
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
15-04-2019 - 16:31 02-08-2018 - 14:29
CVE-2017-15706 5.0
As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script
15-04-2019 - 16:31 31-01-2018 - 14:29
CVE-2015-0254 7.5
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag. <a href="http://cwe.mitre.org/data/
25-03-2019 - 11:34 09-03-2015 - 14:59
CVE-2015-7940 5.0
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "
16-01-2019 - 19:29 09-11-2015 - 16:59
CVE-2017-14735 4.3
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.
16-01-2019 - 19:29 25-09-2017 - 21:29
CVE-2016-4463 5.0
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
07-11-2018 - 11:29 08-07-2016 - 19:59
CVE-2017-5529 4.0
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (v
17-10-2018 - 01:30 29-06-2017 - 14:29
CVE-2016-10251 6.8
Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in JasPer before 1.900.20 allows remote attackers to have unspecified impact via a crafted file, which triggers use of an uninitialized value.
05-01-2018 - 02:30 15-03-2017 - 14:59
CVE-2017-7857 7.5
FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
01-07-2017 - 01:30 14-04-2017 - 04:59
CVE-2017-7858 7.5
FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c.
01-07-2017 - 01:30 14-04-2017 - 04:59
CVE-2017-7864 7.5
FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c.
01-07-2017 - 01:30 14-04-2017 - 04:59
CVE-2016-10328 7.5
FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c.
01-07-2017 - 01:29 14-04-2017 - 04:59
Back to Top Mark selected
Back to Top