Moderate severity vulnerability that affects org.apache.qpid:proton-j

The 1 proton.reactor.Connector, 2 proton.reactor.Container, and 3 proton.utils.BlockingConnection classes in Apache Qpid Proton before 0.12.1 improperly use an unencrypted connection for an amqps URI scheme when SSL support is unavailable, which might allow man-in-the-middle attackers to obtain...

PT-2018-16056 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 8.0.12 and prior Description: The issue allows a low privileged attacker with network access via multiple protocols to compromise the MySQL Server, resulting in unauthorized update, insert, or delete access to some of th...

UBUNTU-CVE-2018-3187

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

UBUNTU-CVE-2018-3185

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

UBUNTU-CVE-2018-3150

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Utility. The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

CVE-2018-0435

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...

CVE-2018-0436

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between use...

Authentication flaw

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...

Design/Logic Flaw

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between use...

CVE-2018-0435 Cisco Umbrella API Unauthorized Access Vulnerability

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...

CVE-2018-0436 Cisco Webex Teams Information Disclosure and Modification Vulnerability

A vulnerability in Cisco Webex Teams, formerly Cisco Spark, could allow an authenticated, remote attacker to view and modify data for an organization other than their own organization. The vulnerability exists because the affected software performs insufficient checks for associations between use...

CVE-2018-0435 Cisco Umbrella API Unauthorized Access Vulnerability

A vulnerability in the Cisco Umbrella API could allow an authenticated, remote attacker to view and modify data across their organization and other organizations. The vulnerability is due to insufficient authentication configurations for the API interface of Cisco Umbrella. An attacker could...

CVE-2018-0436

CVE-2018-0436 concerns Cisco Webex Teams (formerly Cisco Spark). The issue arises from insufficient checks for associations between user accounts and organization accounts, enabling an authenticated, remote attacker with administrator or compliance officer privileges for one organization to view ...

CVE-2018-0435

CVE-2018-0435 (Cisco Umbrella API Unauthorized Access) affects Cisco Umbrella API due to insufficient authentication configurations, enabling an authenticated remote attacker to read and potentially modify data across their own organization and other organizations. The connected documents confirm...

CVE-2018-1819

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.2, 3.0.4, 3.0.6, and 3.2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end databas...

WordPress plugin Booking Calendar SQL injection vulnerability (CNVD-2018-19591)

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.Booking Calendar is one of the booking systems for making online reservations and checking the...

CVE-2018-7923

Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150C432 have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to...

Frappe ERPNext SQL Injection Vulnerability

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A SQL injection vulnerability exists in the 'sortby' paramete...

Cisco Umbrella API Unauthorized Access Vulnerability

Cisco Umbrella is a cloud security platform. An unauthorized access vulnerability exists in the Cisco Umbrella API due to insufficient authentication configuration of Cisco Umbrella's API interface, which allows an authenticated, remote attacker to view and modify data in his or her organization...

Cisco Webex Teams Information Disclosure and Modification Vulnerability

Cisco Webex Teams is a team collaboration application from Cisco USA. The program includes features such as video conferencing, group messaging and file sharing. An information disclosure and modification vulnerability exists in Cisco Webex Teams, which stems from the affected software performing...