Vulnerabilities > Oracle > Critical

DATE CVE VULNERABILITY TITLE RISK
2018-04-19 CVE-2018-2879 Unspecified vulnerability in Oracle Access Manager 11.1.2.3.0/12.2.1.3.0
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine).
network
high complexity
oracle
critical
9.0
2018-04-19 CVE-2018-2871 Unspecified vulnerability in Oracle Human Resources
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities).
network
low complexity
oracle
critical
9.1
2018-04-19 CVE-2018-2870 Unspecified vulnerability in Oracle Human Resources
Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities).
network
low complexity
oracle
critical
9.1
2018-04-19 CVE-2018-2739 Unspecified vulnerability in Oracle Access Manager 10.1.4.3.0/11.1.2.3.0/12.2.1.3.0
Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin).
network
low complexity
oracle
critical
9.3
2018-04-19 CVE-2018-2628 Deserialization of Untrusted Data vulnerability in Oracle Weblogic Server
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components).
network
low complexity
oracle CWE-502
critical
9.8
2018-04-11 CVE-2018-1275 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle
critical
9.8
2018-04-11 CVE-2018-1273 Injection vulnerability in multiple products
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements.
network
low complexity
pivotal-software apache oracle CWE-74
critical
9.8
2018-04-06 CVE-2018-1270 Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module.
network
low complexity
vmware oracle redhat debian
critical
9.8
2018-03-20 CVE-2018-8088 org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data.
network
low complexity
qos redhat oracle
critical
9.8
2018-03-14 CVE-2018-1000122 Out-of-bounds Read vulnerability in multiple products
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage
network
low complexity
debian canonical haxx redhat oracle CWE-125
critical
9.1