Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-23 | CVE-2019-2558 | Unspecified vulnerability in Oracle Retail Point-Of-Service 13.4/14.0/14.1 Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Infrastructure). | 7.5 |
| 2019-04-23 | CVE-2019-2517 | Unspecified vulnerability in Oracle Database Server 12.2.0.1/18C Vulnerability in the Core RDBMS component of Oracle Database Server. | 7.5 |
| 2019-04-23 | CVE-2019-2424 | Unspecified vulnerability in Oracle Retail Convenience Store Back Office 3.6 Vulnerability in the Oracle Retail Convenience Store Back Office component of Oracle Retail Applications (subcomponent: Level 3 Maintenance Functions). | 7.5 |
| 2019-04-23 | CVE-2019-11076 | Command Injection vulnerability in Cribl 1.5.0 Cribl UI 1.5.0 allows remote attackers to run arbitrary commands via an unauthenticated web request. | 7.5 |
| 2019-04-23 | CVE-2019-0223 | While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. | 7.4 |
| 2019-04-23 | CVE-2018-1317 | Improper Authentication vulnerability in Apache Zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. | 8.8 |
| 2019-04-23 | CVE-2017-12619 | Session Fixation vulnerability in Apache Zeppelin Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. | 8.1 |
| 2019-04-23 | CVE-2013-7470 | Resource Exhaustion vulnerability in Linux Kernel cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310. | 7.1 |
| 2019-04-22 | CVE-2019-5427 | XML Entity Expansion vulnerability in multiple products c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. | 7.5 |
| 2019-04-22 | CVE-2019-6155 | Unspecified vulnerability in IBM products A potential vulnerability was found in an SMI handler in various BIOS versions of certain legacy IBM System x and IBM BladeCenter systems that could lead to denial of service. | 7.8 |