Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-10-17 CVE-2018-2902 Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Console).
network
low complexity
oracle
4.3
4.3
2018-10-17 CVE-2018-2887 Unspecified vulnerability in Oracle Micros Retail-J 12.1.2/13.0.0
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office).
network
low complexity
oracle
6.5
6.5
2018-10-05 CVE-2018-11797 In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
local
low complexity
apache fedoraproject oracle
5.5
5.5
2018-10-04 CVE-2018-11784 Open Redirect vulnerability in multiple products
When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g.
network
low complexity
apache debian canonical netapp redhat oracle CWE-601
4.3
4.3
2018-09-25 CVE-2018-11763 In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect.
network
high complexity
apache canonical redhat oracle netapp
5.9
5.9
2018-09-18 CVE-2018-16959 Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-200
5.3
5.3
2018-09-18 CVE-2018-16958 Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-732
5.4
5.4
2018-09-18 CVE-2018-16956 Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3
The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests.
network
low complexity
oracle CWE-20
6.5
6.5
2018-09-18 CVE-2018-16955 Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS).
network
low complexity
oracle CWE-79
6.1
6.1
2018-09-18 CVE-2018-16954 Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3.
network
low complexity
oracle CWE-601
6.1
6.1