Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-17 | CVE-2018-15473 | Race Condition vulnerability in multiple products OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. | 5.3 |
| 2018-08-16 | CVE-2018-11771 | Infinite Loop vulnerability in multiple products When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. | 5.5 |
| 2018-08-14 | CVE-2018-12539 | Deserialization of Untrusted Data vulnerability in multiple products In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. | 7.8 |
| 2018-08-10 | CVE-2018-3110 | Unspecified vulnerability in Oracle Database Server A vulnerability was discovered in the Java VM component of Oracle Database Server. | 9.9 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-08-02 | CVE-2018-3109 | Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3 Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). | 6.5 |
| 2018-08-02 | CVE-2018-3108 | Unspecified vulnerability in Oracle Fusion Middleware 12.2.1.2/12.2.1.3 Vulnerability in the Oracle Fusion Middleware component of Oracle Fusion Middleware (subcomponent: Oracle Notification Service). | 6.5 |
| 2018-08-02 | CVE-2018-2933 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 4.9 |
| 2018-08-01 | CVE-2018-8034 | Improper Certificate Validation vulnerability in multiple products The host name verification when using TLS with the WebSocket client was missing. | 7.5 |
| 2018-08-01 | CVE-2016-9583 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. | 7.8 |