CVE-2018-2781

Removed by vendor...

CVE-2018-2830

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2836

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2747

Oracle Financial Services Applications – Banking Corporate Lending Core module (versions 12.3.0, 12.4.0, 12.5.0 and 14.0.0) is affected by CVE-2018-2747. A low-privilege, network-accessible attacker via HTTP can access data in the Banking Corporate Lending component, leading to potential unauthor...

CVE-2018-2844

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2844

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

SAP BPC Web Application Information Disclosure Vulnerability

Talos Vulnerability Report SAP SAP BPC Web Application Information Disclosure Vulnerability April 19, 2018 CVE Number CVE-2017-16349 Summary An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external...

CVE-2018-2844

CVE-2018-2844 affects Oracle VM VirtualBox (Core) with vulnerable 5.1.x < 5.1.36 and 5.2.x

CVE-2018-2844

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBo...

Cross site scripting

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

CVE-2018-1000163

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

CVE-2018-1000161

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against...

CVE-2018-1000160

RisingStack protect version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in isXss function in lib/rules/xss.js that can result in dangerous XSS strings being validated as safe. This attack appears to be exploitable via A number of XSS strings26 detailed in the GitHub issue ...

CVE-2018-1000163

Floodlight version 1.2 and earlier contains a Cross Site Scripting XSS vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console...

CVE-2018-1000161

nmap version 6.49BETA6 through 7.60, up to and including SVN revision 37147 contains a Directory Traversal vulnerability in NSE script http-fetch that can result in file overwrite as the user is running it. This attack appears to be exploitable via a victim that runs NSE script http-fetch against...

CVE-2018-2819

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2018-2815

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerability allows unauthenticated attack...

CVE-2018-2781

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocol...

CVE-2018-3839

CVE-2018-3839 is an exploitable code execution in SDL2_image-2.0.2’s XCF image rendering. A specially crafted XCF image can cause an out-of-bounds write on the heap, enabling remote code execution when the image is processed. Multiple connected advisories confirm the issue and indicate fixes in S...

CVE-2018-3837

An exploitable information disclosure vulnerability exists in the PCX image rendering functionality of Simple DirectMedia Layer SDL2image-2.0.2. A specially crafted PCX image can cause an out-of-bounds read on the heap, resulting in information disclosure . An attacker can display a specially...