| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-15262 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2019 | A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is… | ||
| CVE-2019-15261 | Hig | 0.56 | 8.6 | 0.01 | Oct 16, 2019 | A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The… | ||
| CVE-2019-15252 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15251 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15250 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15249 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15248 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15247 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15246 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15245 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15244 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15243 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15242 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15241 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-15240 | Hig | 0.52 | 8.0 | 0.01 | Oct 16, 2019 | Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based… | ||
| CVE-2019-12636 | Hig | 0.57 | 8.8 | 0.01 | Oct 16, 2019 | A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF… | ||
| CVE-2019-3028 | Hig | 0.57 | 8.8 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where… | ||
| CVE-2019-3017 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where… | ||
| CVE-2019-3010 | Hig | 0.73 | 8.8 | 0.13 | KEV | Oct 16, 2019 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise… | |
| CVE-2019-3000 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP… | ||
| CVE-2019-2995 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP… | ||
| CVE-2019-2994 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2990 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2986 | Hig | 0.50 | 7.7 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to… | ||
| CVE-2019-2972 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2971 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2970 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2965 | Hig | 0.49 | 7.5 | 0.02 | Oct 16, 2019 | Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via… | ||
| CVE-2019-2953 | Hig | 0.46 | 7.1 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Hospitality Cruise Dining Room Management product of Oracle Hospitality Applications (component: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows low privileged attacker with network access via… | ||
| CVE-2019-2947 | Hig | 0.46 | 7.1 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Inventory Integration privilege with… | ||
| CVE-2019-2944 | Hig | 0.47 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where… | ||
| CVE-2019-2942 | Hig | 0.53 | 8.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access… | ||
| CVE-2019-2937 | Hig | 0.53 | 8.1 | 0.02 | Oct 16, 2019 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with… | ||
| CVE-2019-2934 | Hig | 0.53 | 8.1 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with… | ||
| CVE-2019-2932 | Hig | 0.50 | 7.7 | 0.01 | Oct 16, 2019 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise… | ||
| CVE-2019-2907 | Hig | 0.47 | 7.2 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to… | ||
| CVE-2019-2906 | Hig | 0.53 | 8.2 | 0.02 | Oct 16, 2019 | Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with… | ||
| CVE-2019-2905 | Hig | 0.56 | 8.6 | 0.02 | Oct 16, 2019 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network… | ||
| CVE-2019-2903 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2902 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2901 | Hig | 0.48 | 7.3 | 0.01 | Oct 16, 2019 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise… | ||
| CVE-2019-2900 | Hig | 0.49 | 7.5 | 0.02 | Oct 16, 2019 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with… | ||
| CVE-2019-2895 | Hig | 0.49 | 7.5 | 0.01 | Oct 16, 2019 | Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low… | ||
| CVE-2019-2891 | Hig | 0.53 | 8.1 | 0.02 | Oct 16, 2019 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP… | ||
| CVE-2019-2890 | Hig | 0.50 | 7.2 | 0.38 | Oct 16, 2019 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3… | ||
| CVE-2019-15893 | Hig | 0.47 | 7.2 | 0.02 | Oct 16, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | ||
| CVE-2019-10453 | Hig | 0.51 | 7.8 | 0.00 | Oct 16, 2019 | Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | ||
| CVE-2019-10449 | Hig | 0.50 | 8.8 | 0.01 | Oct 16, 2019 | Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||
| CVE-2019-10448 | Hig | 0.57 | 8.8 | 0.01 | Oct 16, 2019 | Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system. | ||
| CVE-2019-10446 | Hig | 0.46 | 8.2 | 0.01 | Oct 16, 2019 | Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. |
- risk 0.49cvss 7.5epss 0.01
A vulnerability in the Secure Shell (SSH) session management for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the SSH process is…
- risk 0.56cvss 8.6epss 0.01
A vulnerability in the Point-to-Point Tunneling Protocol (PPTP) VPN packet processing functionality in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.52cvss 8.0epss 0.01
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters (ATAs) could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based…
- risk 0.57cvss 8.8epss 0.01
A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF…
- risk 0.57cvss 8.8epss 0.01
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where…
- risk 0.73cvss 8.8epss 0.13
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.50cvss 7.7epss 0.01
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.02
Vulnerability in the Siebel Core - DB Deployment and Configuration product of Oracle Siebel CRM (component: Install - Configuration). Supported versions that are affected are 19.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via…
- risk 0.46cvss 7.1epss 0.01
Vulnerability in the Oracle Hospitality Cruise Dining Room Management product of Oracle Hospitality Applications (component: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows low privileged attacker with network access via…
- risk 0.46cvss 7.1epss 0.01
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Inventory Integration privilege with…
- risk 0.47cvss 7.3epss 0.01
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where…
- risk 0.53cvss 8.2epss 0.01
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access…
- risk 0.53cvss 8.1epss 0.02
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with…
- risk 0.53cvss 8.1epss 0.01
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with…
- risk 0.50cvss 7.7epss 0.01
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise…
- risk 0.47cvss 7.2epss 0.01
Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware (component: SOAP with Attachments API for Java). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to…
- risk 0.53cvss 8.2epss 0.02
Vulnerability in the BI Publisher (formerly XML Publisher) product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…
- risk 0.56cvss 8.6epss 0.02
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.48cvss 7.3epss 0.01
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise…
- risk 0.49cvss 7.5epss 0.02
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with…
- risk 0.49cvss 7.5epss 0.01
Vulnerability in the Enterprise Manager for Exadata product of Oracle Enterprise Manager (component: Exadata Plug-In Deploy and Ins). Supported versions that are affected are 12.1.0.5.0, 13.2.2.0.0, 13.3.1.0.0 and 13.3.2.0.0. Difficult to exploit vulnerability allows low…
- risk 0.53cvss 8.1epss 0.02
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP…
- risk 0.50cvss 7.2epss 0.38
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via T3…
- risk 0.47cvss 7.2epss 0.02
Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution.
- risk 0.51cvss 7.8epss 0.00
Jenkins Delphix Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
- risk 0.50cvss 8.8epss 0.01
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- risk 0.57cvss 8.8epss 0.01
Jenkins Extensive Testing Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
- risk 0.46cvss 8.2epss 0.01
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM.