Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2018-3314 | Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software 11.4 Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Customer). | 8.2 |
| 2019-04-23 | CVE-2018-3312 | Unspecified vulnerability in Oracle Retail Customer Engagement 16.0/17.0 Vulnerability in the Oracle Retail Customer Engagement component of Oracle Retail Applications (subcomponent: Segment). | 5.5 |
| 2019-04-23 | CVE-2018-3123 | Unspecified vulnerability in Oracle Mysql Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: libmysqld). | 5.9 |
| 2019-04-23 | CVE-2018-3120 | Unspecified vulnerability in Oracle Micros Lucas 2.9.5.6/2.9.5.7 Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security). | 7.5 |
| 2019-04-23 | CVE-2018-2880 | Unspecified vulnerability in Oracle Micros Retail-J 12.1.2 Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). | 7.5 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |
| 2019-04-22 | CVE-2019-10247 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 7.x, 8.x, 9.2.27 and older, 9.3.26 and older, and 9.4.16 and older, the server running on any OS and Jetty version combination will reveal the configured fully qualified directory base resource location on the output of the 404 error for not finding a Context that matches the requested path. | 5.3 |
| 2019-04-22 | CVE-2019-10246 | Information Exposure vulnerability in multiple products In Eclipse Jetty version 9.2.27, 9.3.26, and 9.4.16, the server running on Windows is vulnerable to exposure of the fully qualified Base Resource directory name on Windows to a remote client when it is configured for showing a Listing of directory contents. | 5.3 |
| 2019-04-22 | CVE-2019-10241 | Cross-site Scripting vulnerability in multiple products In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. | 6.1 |
| 2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |