Lucene search
K
OracleUtilities Network Management System

5 matches found

CVE
CVE
added 2018/07/09 8:0 p.m.284 views

CVE-2018-1000613

CVE-2018-1000613 concerns Legion of the Bouncy Castle Java Cryptography APIs (BC) 1.58–1.59 up to, but not including, 1.60. It is a CWE-470 Unsafe Reflection vulnerability in XMSS/XMSS^MT private key deserialization, which can allow a remote attacker to execute arbitrary code by crafting a privat...

9.8CVSS8.6AI score0.04767EPSS
CVE
CVE
added 2018/06/25 3:0 p.m.180 views

CVE-2018-11039

CVE-2018-11039 affects the Spring Framework, where the HiddenHttpMethodFilter in Spring MVC allows web apps to change the HTTP request method to any method (including TRACE). This can enable an attacker with an existing XSS vulnerability to escalate to an XST (Cross Site Tracing) attack. Affected...

5.9CVSS6.9AI score0.02781EPSS
CVE
CVE
added 2018/05/11 8:0 p.m.143 views

CVE-2018-1257

CVE-2018-1257 affects Spring Framework: vulnerable in Spring Messaging when using an in-memory STOMP broker exposed via STOMP over WebSocket. A malicious user can craft a message to the broker that triggers a regular-expression denial of service. Affected versions are Spring Framework 5.0.x befor...

6.5CVSS7AI score0.03279EPSS
CVE
CVE
added 2018/06/25 3:0 p.m.135 views

CVE-2018-11040

CVE-2018-11040 affects Spring Framework: 5.0.x before 5.0.7 and 4.3.x before 4.3.18 (and older unsupported versions). The issue arises because JSONP support can be enabled via JSONP parameters when MappingJackson2JsonView is configured, allowing cross-domain requests through AbstractJsonpResponse...

7.5CVSS8.3AI score0.03244EPSS
CVE
CVE
added 2018/10/17 1:0 a.m.78 views

CVE-2018-3246

CVE-2018-3246 affects Oracle WebLogic Server (Fusion Middleware), specifically the Web Services subcomponent (WLS - Web Services). The vulnerability is exploitable remotely by an unauthenticated attacker over HTTP and targets affected versions 12.1.3.0 and 12.2.1.3, potentially leading to unautho...

7.5CVSS7.4AI score0.0289EPSS