Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-02 | CVE-2018-2933 | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). | 4.9 |
| 2018-07-26 | CVE-2018-1288 | In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. | 5.4 |
| 2018-07-23 | CVE-2018-1999007 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. | 5.4 |
| 2018-07-23 | CVE-2018-1999005 | Cross-site Scripting vulnerability in multiple products A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 5.4 |
| 2018-07-23 | CVE-2018-1999004 | Incorrect Authorization vulnerability in multiple products A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. | 4.3 |
| 2018-07-23 | CVE-2018-1999003 | Incorrect Authorization vulnerability in multiple products A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. | 4.3 |
| 2018-07-18 | CVE-2018-3105 | Unspecified vulnerability in Oracle SOA Suite Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Health Care FastPath). | 4.3 |
| 2018-07-18 | CVE-2018-3101 | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). | 5.3 |
| 2018-07-18 | CVE-2018-3091 | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). | 6.3 |
| 2018-07-18 | CVE-2018-3081 | Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). | 5.0 |