CVE-2018-2963

CVE-2018-2963 affects Oracle Primavera P6 Enterprise Project Portfolio Management (P6 EPPM) Web Access; affected versions are 8.4, 15.x and 16.x. The vulnerability enables a low-privileged, network-remote attacker (via HTTP) to read a subset of data from P6 EPPM. The available documents do not sp...

CVE-2018-3064

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2018-3000

CVE-2018-3000 affects Oracle Hospitality’s Cruise Shipboard Property Management System (SPMS Suite) within Oracle Hospitality Applications. Affects the 8.x release; vulnerability allows an unauthenticated, locally logged-on attacker to compromise SPMS, risking unauthorized access to data. CVSS v3...

CVE-2018-3060

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2018-2948

CVE-2018-2948 affects Oracle JD Edwards EnterpriseOne Tools (Web Runtime) 9.2. An unauthenticated, network-accessible HTTP vulnerability allows data modification and reads via JD Edwards EnterpriseOne Tools, with user interaction required and impact on related products. Root cause and exact explo...

CVE-2018-2946

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-3020

CVE-2018-3020 affects Oracle Banking Payments (Oracle Financial Services Applications), specifically the Payments Core subcomponent. Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The vulnerability is described as easily exploitable with network access over HTTP by a low-privile...

CVE-2018-2945

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-3057

CVE-2018-3057 affects the Sun ZFS Storage Appliance Kit (AK) in Oracle Sun Systems Products Suite (subcomponent: API frameworks). The affected version is prior to 8.7.18. The vulnerability enables a high-privilege attacker who can log on to the infrastructure where Sun ZFS Storage Appliance Kit (...

CVE-2018-3057

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: API frameworks. The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun...

CVE-2018-2923

The CVE-2018-2923 issue affects Oracle Sun ZFS Storage Appliance Kit (AK) within the Sun Systems Products Suite, Core Services, with fixes available for versions prior to 8.7.20. A high-privilege attacker with local access could read a subset of AK data ( confidentiality impact ). The CVSSv3 scor...

CVE-2018-2927

CVE-2018-2927 affects the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: HTTP data path subsystems), with exploitation possible on versions prior to 8.7.18. The vulnerability allows a low-privileged, network-accessible attacker (via HTTP) to gain ...

CVE-2018-3006

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime. The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2018-3002

CVE-2018-3002 affects Oracle Hospitality Cruise Fleet Management System (Fleet Management System Suite) within Oracle Hospitality Applications, with affected version 9.x. The root cause is an access-control issue that lets an unauthenticated attacker with logon access compromise the Fleet Managem...

CVE-2018-3002

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications subcomponent: Fleet Management System Suite. The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the...

CVE-2018-3001

CVE-2018-3001 affects Oracle Hospitality Applications’ Hospitality Cruise Shipboard Property Management System (SPMS Suite), with the SPMS component in the 8.x line. The connected CNVD entry characterizes the flaw as an access control error that could let an attacker gain unauthorized access to d...

CVE-2018-2908

CVE-2018-2908 affects Oracle Solaris 11.3, specifically the Kernel subcomponent of the Solaris/Sun Systems Products Suite. The vulnerability allows a low-privilege, network-access attacker (via RPC) to cause a hang or frequent crash (complete DOS) on Solaris, with potential impact to other produc...

CVE-2018-2991

CVE-2018-2991 affects Oracle E-Business Suite, specifically the Trade Management UI. Affected versions are 12.1.1–12.2.7. The vulnerability is exploitable over HTTP and does not require authentication, with a prerequisite of user interaction; successful exploitation can grant unauthorized access ...

CVE-2018-2916

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: API frameworks. The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols...