UBUNTU-CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

glusterfs: I/O to arbitrary devices on storage server

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (Libraries)

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

curl: Double-free in krb5 code

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

CVE-2018-2450

SAP MaxDB liveCache, versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database...

DEBIAN-CVE-2016-8619

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

CVE-2018-14316

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-3072

Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products subcomponent: Candidate Gateway. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft HRMS. Successful...

CVE-2018-3006

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-2981

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable...

CVE-2018-2994

Vulnerability in the Oracle iStore component of Oracle E-Business Suite subcomponent: Shopping Cart. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via...

CVE-2018-2974

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable...

CVE-2018-2955

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications subcomponent: Integration. The supported version that is affected is 5.5.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-2950

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-2946

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-2921

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: User Interface. The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

EMC RSA Certificate Manager Directory Traversal Vulnerability

EMC RSA Certificate Manager RCM is a product of EMC Corporation.RCM is a digital certificate management system that provides automated implementation of encryption key and digital certificate management. A directory traversal vulnerability exists in RSA Certificate Manager, which can be exploited...

libfsntfs information disclosure vulnerability (CNVD-2018-16527)

libfsntfs is a library for accessing the New Technology File System NTFS. An information disclosure vulnerability exists in the libfsntfsreparsepointvaluesreaddata function in libfsntfsreparsepointvalues.c on 2018-04-20 and earlier. An attacker can exploit this vulnerability to obtain information...

PT-2018-3901 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.11 and prior Description: The issue is related to insufficient protection of service data in the MySQL Server component, specifically in the Server: DDL subcomponent. It allows a high-privileged attacker with network...