Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-06 | CVE-2019-16056 | An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. | 7.5 |
| 2019-08-30 | CVE-2019-12402 | Infinite Loop vulnerability in multiple products The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. | 7.5 |
| 2019-08-28 | CVE-2019-10384 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. | 8.8 |
| 2019-08-28 | CVE-2019-10383 | Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | 4.8 |
| 2019-08-23 | CVE-2019-12400 | Improper Input Validation vulnerability in multiple products In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. | 5.5 |
| 2019-08-23 | CVE-2019-10746 | Argument Injection or Modification vulnerability in multiple products mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. | 9.8 |
| 2019-08-20 | CVE-2019-10086 | Deserialization of Untrusted Data vulnerability in multiple products In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. | 7.3 |
| 2019-08-19 | CVE-2019-15218 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in the Linux kernel before 5.1.8. | 4.6 |
| 2019-08-13 | CVE-2019-9518 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. | 7.5 |
| 2019-08-13 | CVE-2019-9517 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. | 7.5 |