2245 matches found
CVE-2018-3046
Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network...
CVE-2018-3043
Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker wi...
CVE-2018-2928
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: RAD. The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks...
CVE-2018-2892
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Availability Suite Service. Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to...
UBUNTU-CVE-2018-1000548
Umlet version 14.3 contains a XML External Entity XXE vulnerability in File parsing that can result in disclosure of confidential data, denial of service, server side request forgery. This attack appear to be exploitable via Specially crafted UXF file. This vulnerability appears to have been fixe...
DEBIAN-CVE-2017-7466
Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the...
CVE-2018-4930
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...
CVE-2018-0280
A vulnerability in the Real-Time Transport Protocol RTP bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker...
UBUNTU-CVE-2018-11102
An issue was discovered in Libav 12.3. A read access violation in the movprobe function in libavformat/mov.c allows remote attackers to cause a denial of service application crash, as demonstrated by avconv...
Dell EMC RSA Authentication Manager Security Console, Operation Console and Self-Service Console Host Header Injection Vulnerability
Dell EMC RSA Authentication Manager is a centralized set of binary authentication software from Dell Dell. The software allows for centralized management of binary authentication, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the...
CloudBees Jenkins Google Login Plugin Session Fixation Vulnerability
CloudBees Jenkins is a set of Java-based continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks.Google Login Plugin is used in one of the support for the use of Google accounts to log in to Jenkins...
Denial of Service Vulnerability in RSA Authentication Manager
Dell EMC RSA Authentication Manager is a centralized suite of binary authentication software from Dell USA. The software centralizes the management of binary identities, security tokens, methods, and users across physical sites.RSA Authentication Manager Security Console is one of the security...
Apple iOS Telephony Buffer Overflow Vulnerability
Apple iOS is an operating system developed by Apple Inc. for mobile devices.APNs are a component of the push notification service.Telephony is a component that provides telephony functionality. A buffer overflow vulnerability exists in the Telephony component in Apple iOS versions prior to 11.3. ...
Apple iOS Find My iPhone Denial of Service Vulnerability
Apple iOS is an operating system developed by Apple for mobile devices.Find My iPhone is one of the components that provides the ability to retrieve an accidentally lost iPhone. A security vulnerability exists in the Find My iPhone component in Apple iOS versions prior to 11.3. The vulnerability...
SAP Business One Cross-Site Scripting Vulnerability
SAP Business One is a business management software for small businesses. The software includes features such as financial management, customer relationship management and human resource management. A cross-site scripting vulnerability exists in SAP Business One versions 9.2 and 9.3, which arises...
Apple Xcode LLVM Component Design Vulnerability
Apple Xcode is the United States Apple Apple company's set of integrated development environment for developers, it is mainly used for the development of Mac OS X and iOS applications. LLVM Low Level Virtual Machine is a set of LLVM team developed a framework for framing the compiler compiler...
Apple iOS, Safari and tvOS JavaScriptCore Cross-Site Scripting Vulnerability
Apple iOS, Safari, and tvOS are all products of Apple Inc. Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems; iOS is a set of operating systems developed for mobile devices; and tvOS is a set of operating systems for smart TVs...
DEBIAN-CVE-2013-6876
The 1 ptyinitterminal and 2 pipeinitterminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the...
UBUNTU-CVE-2018-4146
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "WebKit"...
Unspecified Vulnerability in inversoft prime-jwt
inversoft prime-jwt is an open source Java 8-based JWT library . A security vulnerability exists in JWTDecoder.decode in versions prior to inversoft prime-jwt 1.3.0 and commit 0d94dcef0133d699f21d217e922564adbb83a227. No details of the vulnerability are provided at this time...