Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-25 | CVE-2018-11763 | In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. | 5.9 |
| 2018-09-18 | CVE-2018-16959 | Information Exposure vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.0 |
| 2018-09-18 | CVE-2018-16958 | Incorrect Permission Assignment for Critical Resource vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.8 |
| 2018-09-18 | CVE-2018-16956 | Improper Input Validation vulnerability in Oracle Webcenter Interaction 10.3.3 The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. | 4.0 |
| 2018-09-18 | CVE-2018-16955 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 4.3 |
| 2018-09-18 | CVE-2018-16954 | Open Redirect vulnerability in Oracle Webcenter Interaction 10.3.3 An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. | 5.8 |
| 2018-09-18 | CVE-2018-16953 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 4.3 |
| 2018-09-18 | CVE-2018-16952 | Cross-Site Request Forgery (CSRF) vulnerability in Oracle Webcenter Interaction 10.3.3 The Oracle WebCenter Interaction Portal 10.3.3 does not implement protection against Cross-site Request Forgery in its design. | 6.8 |
| 2018-08-31 | CVE-2018-11057 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. | 4.3 |
| 2018-08-31 | CVE-2018-11056 | Resource Exhaustion vulnerability in multiple products RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. | 4.0 |