Vulnerabilities > Oracle > Primavera P6 Enterprise Project Portfolio Management

DATE CVE VULNERABILITY TITLE RISK
2019-01-02 CVE-2018-14719 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
network
low complexity
fasterxml debian oracle redhat netapp CWE-502
critical
9.8
2019-01-02 CVE-2018-14718 Deserialization of Untrusted Data vulnerability in multiple products
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
network
low complexity
fasterxml debian oracle netapp redhat CWE-502
critical
9.8
2018-11-15 CVE-2018-5407 Information Exposure Through Discrepancy vulnerability in multiple products
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
4.7
2018-10-29 CVE-2018-0735 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack.
network
high complexity
openssl canonical debian nodejs netapp oracle CWE-327
5.9
2018-10-17 CVE-2018-3281 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).
network
low complexity
oracle
6.1
2018-10-17 CVE-2018-3241 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).
network
low complexity
oracle
6.1
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
2018-07-26 CVE-2018-1288 In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
network
low complexity
apache redhat oracle
5.4
2018-07-18 CVE-2018-2963 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).
network
low complexity
oracle
4.3
2018-07-18 CVE-2018-2962 Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access).
network
high complexity
oracle
4.4