Design/Logic Flaw

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Basic component of Oracle Financial Services Applications subcomponent: Portfolio, Attribution. The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network...

CVE-2018-2563

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Library. Supported versions that are affected are 10 and 11.3. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Solaris. Successful attacks of...

CVE-2018-2856

Vulnerability in the Oracle Financial Services Basel Regulatory Capital Internal Ratings Based Approach component of Oracle Financial Services Applications subcomponent: Portfolio, Attribution. The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged...

CVE-2018-2742

Vulnerability in the Enterprise Manager Ops Center component of Oracle Enterprise Manager Products Suite subcomponent: Framework. Supported versions that are affected are 12.2.2 and 12.3.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2018-2752

CVE-2018-2752 affects the Oracle PeopleSoft Enterprise HCM component (subcomponent: Security) in PeopleSoft Products, with version 9.2 reported as affected. The vulnerability allows a low-privilege, network-accessible attacker (HTTP) to access HCM data, with attacks requiring user interaction. Im...

UBUNTU-CVE-2018-2786

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks o...

UBUNTU-CVE-2018-2787

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

MySQL -- multiple vulnerabilities

Oracle reports: MySQL Multiple Flaws Let Remote Authenticated Users Access and Modify Data, Remote and Local Users Deny Service, and Local Users Access Data and Gain Elevated Privileges A local user can exploit a flaw in the Replication component to gain elevated privileges CVE-2018-2755. A remot...

PT-2018-3021 · Mysql Server +4 · Mysql Server +4

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.6.39 and prior MySQL Server versions 5.7.21 and prior Description: The issue is related to inadequate access control in the InnoDB component of MySQL Server, allowing a high-privileged attacker with network access via...

CVE-2018-2409

Improper session management when using SAP Cloud Platform 2.0 Connectivity Service and Cloud Connector. Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform...

CVE-2017-1000244

Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF resulting in data modification...

PT-2018-1254 · Microsoft · Office Excel +1

Name of the Vulnerable Software and Affected Versions: Microsoft Excel affected versions not specified Description: The issue is related to a remote code execution vulnerability in Microsoft Excel software. It occurs when the software fails to properly handle objects in memory, allowing an attack...

mysql: InnoDB unspecified vulnerability (CPU Jan 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: Server: Replication unspecified vulnerability (CPU Jan 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Replication. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...

mysql: InnoDB unspecified vulnerability (CPU Jan 2018)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

Etcd REST API Unauthorized Access Vulnerability

etcd is an open source distributed key-value store database. It provides a reliable way to store data across clusters of machines. By default it returns administrative credentials for queries without authentication. An unauthorized access vulnerability exists in the Etcd REST API. An attacker cou...

mysql: Client programs unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Client programs. Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Server execut...

mysql: Server: DDL unspecified vulnerability (CPU Jul 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protoco...

Tuleap 9.17.99.189 - Blind SQL Injection

=============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found: 2018-02-24 by: Cristiano Maruti @cmaruti...

Dongdao network cms has SQL injection vulnerability

Dongdao Network is committed to e-commerce and network product development, business content includes professional website construction and maintenance, B2B B2C e-commerce platform development, construction and operation of large-scale portals, planning and development, B / S-type OA system...