Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-18	CVE-2018-2561	Unspecified vulnerability in Oracle Http Server Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). network low complexity oracle	5.3
2018-01-18	CVE-2018-2560	Unspecified vulnerability in Oracle Solaris 11.3 Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). local high complexity oracle	5.0
2018-01-18	CVE-2017-10273	Path Traversal vulnerability in Oracle Jdeveloper Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). local high complexity oracle CWE-22	4.7
2018-01-18	CVE-2017-10262	Information Exposure vulnerability in Oracle Access Manager 11.1.2.3.0 Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). network high complexity oracle CWE-200	5.9
2018-01-04	CVE-2017-5753	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel canonical debian oracle synology opensuse suse arm pepperl-fuchs netapp phoenixcontact siemens vmware CWE-203	5.6
2018-01-04	CVE-2017-5715	Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. local high complexity intel arm canonical netapp siemens debian oracle CWE-203	5.6
2017-12-29	CVE-2013-4578	Injection vulnerability in Oracle JDK and JRE jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation. network low complexity oracle CWE-74	5.3
2017-12-01	CVE-2017-15707	Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. local low complexity apache netapp oracle CWE-20	6.2
2017-11-14	CVE-2017-10266	Information Exposure vulnerability in Oracle Tuxedo Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware (subcomponent: Core). network low complexity oracle CWE-200	5.3
2017-10-26	CVE-2017-15906	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. network low complexity openbsd oracle debian netapp redhat CWE-732	5.3