Total
31711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-2569 | 1 Oracle | 1 Java Me | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java ME SDK. Note: This applies to the Windows platform only. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2018-2568 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Integrated Lights Out Manager (ILOM). CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2018-2567 | 1 Oracle | 1 Communications Order And Service Management | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Oracle Communications Order and Service Management component of Oracle Communications Applications (subcomponent: Portal). Supported versions that are affected are 7.2.4.1.x, 7.2.4.2.x, 7.3.0.x.x and 7.3.0.1.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2018-2566 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N). | |||||
| CVE-2018-2565 | 1 Oracle | 1 Mysql | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2564 | 1 Oracle | 1 Webcenter Content | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N). | |||||
| CVE-2018-2563 | 1 Oracle | 1 Solaris | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Library). Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2018-2562 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2024-11-21 | 7.5 HIGH | 7.1 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). | |||||
| CVE-2018-2561 | 1 Oracle | 1 Http Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-2560 | 1 Oracle | 1 Solaris | 2024-11-21 | 1.2 LOW | 5.0 MEDIUM |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N). | |||||
| CVE-2018-2500 | 1 Sap | 1 Mobile Secure | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Under certain conditions SAP Mobile Secure Android client (before version 6.60.19942.0 SP28 1711) allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2018-2499 | 1 Sap | 2 Financial Consolidation Cube Designer, Financial Consolidation Cube Designer Bobj Eades | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security weakness in SAP Financial Consolidation Cube Designer (BOBJ_EADES fixed in versions 8.0, 10.1) may allow an attacker to discover the password hash of an admin user. | |||||
| CVE-2018-2497 | 1 Sap | 1 Hana | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE <table_name> AS SELECT. | |||||
| CVE-2018-2488 | 1 Sap | 1 Fiori Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| It is possible for a malware application installed on an Android device to send local push notifications with an empty message to SAP Fiori Client and cause the application to crash. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | |||||
| CVE-2018-2487 | 1 Sap | 1 Disclosure Management | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| SAP Disclosure Management 10.x allows an attacker to exploit through a specially crafted zip file provided by users: When extracted in specific use cases, files within this zip file can land in different locations than the originally intended extraction point. | |||||
| CVE-2018-2485 | 1 Sap | 1 Fiori Client | 2024-11-21 | 6.4 MEDIUM | 7.7 HIGH |
| It is possible for a malicious application or malware to execute JavaScript in a SAP Fiori application. This can include reading and writing of information and calling device specific JavaScript APIs in the application. SAP Fiori Client version 1.11.5 in Google Play store addresses these issues and users must update to that version. | |||||
| CVE-2018-2482 | 1 Sap | 1 Mobile Secure | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SAP Mobile Secure Android Application, Mobile-secure.apk Android client, before version 6.60.19942.0, allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. Install the Mobile Secure Android client released in Mid-Oct 2018. | |||||
| CVE-2018-2478 | 1 Sap | 1 Basis | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands executed depend upon the privileges of the <sid>adm user. | |||||
| CVE-2018-2475 | 1 Gardener | 1 Gardener | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
| Following the Gardener architecture, the Kubernetes apiserver of a Gardener managed shoot cluster resides in the corresponding seed cluster. Due to missing network isolation a shoot's apiserver can access services/endpoints in the private network of its corresponding seed cluster. Combined with other minor Kubernetes security issues, the missing network isolation theoretically can lead to compromise other shoot or seed clusters in the "Gardener" context. The issue is rated high due to the high impact of a potential exploitation in "Gardener" context. This was fixed in Gardener release 0.12.4. | |||||
| CVE-2018-2473 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. | |||||