CVE-2018-2697

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications subcomponent: Emergency Response System. The supported version that is affected is 9.0.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2018-2714

The CVE-2018-2714 entry concerns Oracle Financial Services Market Risk (User Interface subcomponent) in Oracle Financial Services Applications, affected in version 8.0.x. The vulnerability allows an unauthenticated attacker with network access over HTTP to compromise Market Risk, with attacks req...

CVE-2018-2687

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2609

CVE-2018-2609 affects Oracle Agile PLM Security in Oracle Supply Chain Products Suite, with affected versions 9.3.5 and 9.3.6. The vulnerability allows an unauthenticated, network-accessible attacker (via HTTP) to compromise data confidentiality and integrity, potentially enabling unauthorized up...

CVE-2018-2663

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacke...

CVE-2018-2689

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2612

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2018-2603

CVE-2018-2603 is an OpenJDK/Oracle Java Libraries vulnerability: unbounded memory allocation when reading DER-encoded input in the Libraries (and related JNDI/AWT/JMX contexts). This can allow an unauthenticated attacker with network access via multiple protocols to cause a partial denial of serv...

CVE-2018-2686

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2688

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2689

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2622

Removed by vendor...

CVE-2018-2585

Removed by vendor...

CVE-2018-2690

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBo...

CVE-2018-2569

Vulnerability in the Java ME SDK component of Oracle Java Micro Edition subcomponent: Installer. The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Java ME SDK executes to compromise Java ME SDK...

CVE-2018-2640

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols...

CVE-2018-2622

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DDL. Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

CVE-2018-2667

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Optimizer. Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

BuddyBoss Media <= 3.2.3 - Stored XSS

The album description does not perform input / output validation. According to the researcher: No reply from vendor. Issue not patched. Vulnerability can be exploited by any user. Form not vulnerable to CSRF. PoC '"...

designerbox.com XSS vulnerability

Open Bug Bounty ID: OBB-522633 Description| Value ---|--- Affected Website:| designerbox.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...