| 2018-10-30 | CVE-2018-0734 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
| 2018-10-29 | CVE-2018-0735 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. | 5.9 |
| 2018-08-22 | CVE-2018-11776 | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn't have value and action set and in same time, its upper package have no or wildcard namespace. | 8.1 |
| 2018-08-20 | CVE-2018-1656 | Path Traversal vulnerability in multiple products
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. | 6.5 |
| 2018-08-14 | CVE-2018-12539 | Deserialization of Untrusted Data vulnerability in multiple products
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. | 7.8 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-06-25 | CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. | 5.9 |
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 6.5 |
| 2018-04-19 | CVE-2018-2750 | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5
Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). | 7.1 |