Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-23 | CVE-2018-1305 | Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. | 6.5 |
| 2018-02-21 | CVE-2018-1165 | Out-of-bounds Write vulnerability in multiple products This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. | 6.9 |
| 2018-02-20 | CVE-2018-6356 | Path Traversal vulnerability in multiple products Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. | 4.0 |
| 2018-02-16 | CVE-2018-1000068 | Information Exposure vulnerability in multiple products An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. | 5.0 |
| 2018-02-16 | CVE-2018-1000067 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. | 5.0 |
| 2018-02-04 | CVE-2018-6616 | Resource Exhaustion vulnerability in multiple products In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c. | 4.3 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
| 2018-01-18 | CVE-2018-2733 | Unspecified vulnerability in Oracle Hyperion Planning 11.1.2.4.007 Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion (subcomponent: Security). | 4.6 |
| 2018-01-18 | CVE-2018-2732 | Unspecified vulnerability in Oracle Financial Services Analytical Applications Reconciliation Framework Vulnerability in the Oracle Financial Services Analytical Applications Reconciliation Framework component of Oracle Financial Services Applications (subcomponent: User Interface). network oracle | 5.8 |
| 2018-01-18 | CVE-2018-2731 | Unspecified vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.1/9.2 Vulnerability in the PeopleSoft Enterprise SCM eProcurement component of Oracle PeopleSoft Products (subcomponent: Manage Requisition Status). | 5.5 |