Vulnerabilities > Oracle

DATE CVE VULNERABILITY TITLE RISK
2018-10-04 CVE-2018-11784 Open Redirect vulnerability in multiple products
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
network
low complexity
apache debian canonical netapp redhat oracle CWE-601
4.3
4.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
5.9
2018-09-19 CVE-2018-11761 XXE vulnerability in multiple products
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion.
network
low complexity
apache oracle CWE-611
7.5
7.5
2018-09-18 CVE-2018-16959 Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-200
5.3
5.3
2018-09-18 CVE-2018-16958 Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-732
5.4
5.4
2018-09-18 CVE-2018-16957 Use of Hard-coded Credentials vulnerability in Oracle Webcenter Interaction 10.3.3
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password.
network
low complexity
oracle CWE-798
critical
 9.8
9.8
2018-09-18 CVE-2018-16956 Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests.
network
low complexity
oracle CWE-20
6.5
6.5
2018-09-18 CVE-2018-16955 Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).
network
low complexity
oracle CWE-79
6.1
6.1
2018-09-18 CVE-2018-16954 Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-601
6.1
6.1
2018-09-18 CVE-2018-16953 Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3
The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).
network
low complexity
oracle CWE-79
6.1
6.1