Vulnerabilities > Oracle > High

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-3011 Unspecified vulnerability in Oracle Trade Management
Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface).
network
low complexity
oracle
8.2
8.2
2018-10-17 CVE-2018-2914 NULL Pointer Dereference vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager).
network
low complexity
oracle CWE-476
7.5
7.5
2018-10-17 CVE-2018-2912 NULL Pointer Dereference vulnerability in Oracle Goldengate 12.1.2.1.0/12.2.0.2.0/12.3.0.1.0
Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager).
network
low complexity
oracle CWE-476
7.5
7.5
2018-10-17 CVE-2018-2911 Unspecified vulnerability in Oracle Glassfish Server 3.1.2
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Java Server Faces).
network
low complexity
oracle
8.3
8.3
2018-10-17 CVE-2018-2909 Unspecified vulnerability in Oracle VM Virtualbox
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core).
local
low complexity
oracle
8.6
8.6
2018-10-17 CVE-2018-2889 Unspecified vulnerability in Oracle Micros Retail-J 12.1.2
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Internal Operations).
network
low complexity
oracle
7.5
7.5
2018-10-09 CVE-2018-17962 Integer Overflow or Wraparound vulnerability in multiple products
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
network
low complexity
qemu suse debian canonical redhat oracle CWE-190
7.5
7.5
2018-09-19 CVE-2018-11761 XXE vulnerability in multiple products
In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion.
network
low complexity
apache oracle CWE-611
7.5
7.5
2018-09-18 CVE-2018-16952 Cross-Site Request Forgery (CSRF) vulnerability in Oracle Webcenter Interaction 10.3.3
The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design.
network
low complexity
oracle CWE-352
8.8
8.8
2018-09-10 CVE-2018-11775 Improper Certificate Validation vulnerability in multiple products
TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server.
network
high complexity
apache oracle CWE-295
7.4
7.4