Vulnerabilities > Oracle > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-2908 | Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). | 7.7 |
| 2018-07-18 | CVE-2018-2907 | Unspecified vulnerability in Oracle Hyperion Financial Reporting 11.1.2 Vulnerability in the Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). | 8.6 |
| 2018-07-18 | CVE-2018-2900 | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0 Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Layout Tools). | 8.2 |
| 2018-07-18 | CVE-2018-2892 | Unspecified vulnerability in Oracle Solaris 10.0/11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Availability Suite Service). | 7.8 |
| 2018-07-18 | CVE-2018-2882 | Unspecified vulnerability in Oracle Micros Retail-J Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). | 7.7 |
| 2018-06-25 | CVE-2018-11040 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. | 7.5 |
| 2018-06-05 | CVE-2018-1000194 | Path Traversal vulnerability in multiple products A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. | 8.1 |
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-05-21 | CVE-2018-8012 | Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. | 7.5 |
| 2018-05-18 | CVE-2018-11237 | Out-of-bounds Write vulnerability in multiple products An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. | 7.8 |