CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2019-2974

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2019-2960

CVE-2019-2960 refers to a vulnerability in Oracle MySQL Server (Server: Replication). Affected versions are MySQL 5.7.27 and prior and 8.0.17 and prior. The issue is exploitable with network access via multiple protocols by a high-privilege attacker and can lead to a hang or frequently repeatable...

CVE-2019-2955

CVE-2019-2955 affects Oracle Database Server — Core RDBMS component. Vulnerable are Oracle DB versions 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c, and 19c. The flaw allows a low-privilege attacker with Local Logon and user interaction to update, insert, or delete Core RDBMS data and potentially cause a pa...

CVE-2019-2955

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS...

CVE-2019-2953

CVE-2019-2953 affects Oracle Hospitality Cruise Dining Room Management (Web Service) in Oracle Hospitality Applications, version 8.0.80. A low-privileged attacker with HTTP network access can obtain unauthorized data access and may perform updates/deletes on affected data. CVSS v3.1 base score 7....

CVE-2019-2966

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

CVE-2019-2966

CVE-2019-2966 affects Oracle MySQL Server (component: Server: Optimizer). Affected versions are 8.0.17 and earlier. It is remotely exploitable by a low-privilege attacker via multiple network protocols to cause a hang or complete denial of service of MySQL Server. Connected advisories (MiracleLin...

CVE-2019-2942

CVE-2019-2942 affects Oracle E-Business Suite – Advanced Outbound Telephony (UI component). Affected versions include 12.1.1–12.1.3 and 12.2.3–12.2.8. The issue allows an unauthenticated attacker with network access over HTTP to compromise Oracle Advanced Outbound Telephony, with user interaction...

CVE-2019-2934

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker having Admin - Configuration privilege with network access via HTTP ...

CVE-2019-2948

CVE-2019-2948 is a vulnerability in Oracle MySQL Server (component: Server: Optimizer). Affected versions are 5.7.26 and earlier, and 8.0.16 and earlier. It permits a high-privilege attacker with network access via multiple protocols to cause a hang or frequently repeatable crash (DoS). The conne...

CVE-2019-2944

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2019-2925

CVE-2019-2925 affects Oracle E-Business Suite, Oracle Workflow, Worklist component. Affected versions: 12.1.3 and 12.2.3–12.2.8. The vulnerability allows an unauthenticated attacker with network access via HTTP to compromise Oracle Workflow, with exploitation requiring human interaction. Conseque...

CVE-2019-2913

CVE-2019-2913 affects Oracle Database Server (Core RDBMS). Affected: 12.2.0.1, 18c, 19c. Attacker with Create Session privilege and network access via OracleNet can read a subset of Core RDBMS data due to a Core RDBMS component flaw (CVSS 3.0 base 5.0; Confidentiality impact LOW). Root cause deta...

CVE-2019-2913

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While th...

CVE-2019-2901

CVE-2019-2901 affects Oracle Outside In Technology (Outside In Filters) within Oracle Fusion Middleware; affected version is 8.5.4. An unauthenticated attacker with network access via HTTP can update/insert/delete data, read data, and potentially cause partial denial of service. CVSS 3.0 Base Sco...

CVE-2019-6474 A packet containing a malformed DUID can cause the kea-dhcp6 server to terminate

A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded limit in the Kea cod...

MySQL -- Multiple vulerabilities

Oracle reports: This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials...

Oracle Java SE/Java SE Embedded CVE-2019-2958 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Libraries' component. This vulnerability affects the following supported versions: Java SE: 7u231, 8u221, 11.0.4, 13;...

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...