Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-2767 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). | 3.1 |
| 2018-07-18 | CVE-2018-2598 | Unspecified vulnerability in Oracle Mysql Workbench Vulnerability in the MySQL Workbench component of Oracle MySQL (subcomponent: Workbench: Security: Encryption). | 3.7 |
| 2018-07-16 | CVE-2018-14324 | Use of Hard-coded Credentials vulnerability in Oracle Glassfish Server 5.0 The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. | 9.8 |
| 2018-07-13 | CVE-2018-14048 | An issue has been found in libpng 1.6.34. | 6.5 |
| 2018-07-10 | CVE-2018-3693 | Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. | 5.6 |
| 2018-07-09 | CVE-2018-1000613 | Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. | 9.8 |
| 2018-07-09 | CVE-2018-13785 | Integer Overflow or Wraparound vulnerability in multiple products In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. | 6.5 |
| 2018-06-27 | CVE-2018-12536 | In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a java.nio.file.InvalidPathException which includes the full path to the base resource directory that the DefaultServlet and/or webapp is using. | 5.3 |
| 2018-06-26 | CVE-2017-7658 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. | 9.8 |
| 2018-06-26 | CVE-2017-7657 | HTTP Request Smuggling vulnerability in multiple products In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. | 9.8 |