High

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-18	CVE-2018-2882	Unspecified vulnerability in Oracle Micros Retail-J Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Interfaces). network low complexity oracle	7.7
2018-06-25	CVE-2018-11040	Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. network low complexity vmware oracle debian CWE-829	7.5
2018-06-05	CVE-2018-1000194	Path Traversal vulnerability in multiple products A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. network low complexity jenkins oracle CWE-22	8.1
2018-06-05	CVE-2018-1000180	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. network low complexity bouncycastle debian oracle netapp redhat CWE-327	7.5
2018-05-21	CVE-2018-8012	Missing Authorization vulnerability in multiple products No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. network low complexity apache debian oracle CWE-862	7.5
2018-05-18	CVE-2018-11237	Out-of-bounds Write vulnerability in multiple products An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper. local low complexity gnu redhat oracle netapp canonical CWE-787	7.8
2018-05-11	CVE-2018-1258	Incorrect Authorization vulnerability in multiple products Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. network low complexity pivotal-software vmware oracle netapp redhat CWE-863	8.8
2018-04-19	CVE-2018-2876	Unspecified vulnerability in Oracle Retail Integration BUS 13.2 Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). network low complexity oracle	7.1
2018-04-19	CVE-2018-2862	Unspecified vulnerability in Oracle Retail Point-Of-Service Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: User Interface). network low complexity oracle	7.1
2018-04-19	CVE-2018-2860	Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). local low complexity oracle	8.2