Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-2516 | Unspecified vulnerability in Oracle Database Server Vulnerability in the Portable Clusterware component of Oracle Database Server. | 8.2 |
| 2019-04-23 | CVE-2019-2424 | Unspecified vulnerability in Oracle Retail Convenience Store Back Office 3.6 Vulnerability in the Oracle Retail Convenience Store Back Office component of Oracle Retail Applications (subcomponent: Level 3 Maintenance Functions). | 7.3 |
| 2019-04-23 | CVE-2018-3314 | Unspecified vulnerability in Oracle Micros Relate Customer Relationship Management Software 11.4 Vulnerability in the MICROS Relate CRM Software component of Oracle Retail Applications (subcomponent: Customer). | 8.2 |
| 2019-04-23 | CVE-2018-3120 | Unspecified vulnerability in Oracle Micros Lucas 2.9.5.6/2.9.5.7 Vulnerability in the MICROS Lucas component of Oracle Retail Applications (subcomponent: Security). | 7.5 |
| 2019-04-23 | CVE-2018-2880 | Unspecified vulnerability in Oracle Micros Retail-J 12.1.2 Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). | 7.5 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |
| 2019-04-10 | CVE-2019-1003049 | Insufficient Session Expiration vulnerability in multiple products Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. | 8.1 |
| 2019-04-08 | CVE-2019-0211 | Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. | 7.8 |
| 2019-04-08 | CVE-2019-0217 | Race Condition vulnerability in multiple products In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. | 7.5 |
| 2019-03-28 | CVE-2019-0222 | In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive. | 7.5 |