Vulnerabilities (CVE)

Vendor filter

Oracle Subscribe

Product filter

Secure Global Desktop Subscribe

Filter

5899 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-14324 1 Oracle 1 Glassfish Server 2019-05-20 10.0
The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensitive information, perform database operations,...
CVE-2016-2183 5 Python, Openssl, Cisco and 2 more 8 Content Security Management Appliance, Openssl, Enterprise Linux and 5 more 2019-05-20 5.0
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a...
CVE-2018-2973 1 Oracle 2 Jdk, Jre 2019-05-17 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows...
CVE-2018-2952 1 Oracle 3 Jdk, Jre, Jrockit 2019-05-17 4.3
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18....
CVE-2018-2940 1 Oracle 2 Jdk, Jre 2019-05-17 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Easily exploitable vulnerability...
CVE-2019-2698 2 Oracle, Redhat 3 Jdk, Jre, Openshift Container Platform 2019-05-16 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-2697 1 Oracle 2 Jdk, Jre 2019-05-16 6.8
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-2684 3 Oracle, Redhat, Opensuse 4 Jdk, Jre, Openshift Container Platform and 1 more 2019-05-16 4.3
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows...
CVE-2019-2602 3 Oracle, Redhat, Opensuse 4 Jdk, Jre, Openshift Container Platform and 1 more 2019-05-16 5.0
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Easily exploitable vulnerability allows...
CVE-2019-2449 3 Oracle, Netapp, Redhat 9 Jdk, Oncommand Unified Manager, Oncommand Workflow Automation and 6 more 2019-05-16 2.6
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...
CVE-2019-2422 6 Oracle, Netapp, Canonical and 3 more 15 Jdk, Jre, Oncommand Unified Manager and 12 more 2019-05-16 4.3
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated...
CVE-2018-11212 7 Ijg, Netapp, Oracle and 4 more 13 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 10 more 2019-05-16 4.3
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file.
CVE-2018-8013 4 Apache, Canonical, Debian and 1 more 20 Batik, Ubuntu Linux, Debian Linux and 17 more 2019-05-15 7.5
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type...
CVE-2018-8034 4 Apache, Canonical, Debian and 1 more 4 Tomcat, Ubuntu Linux, Debian Linux and 1 more 2019-05-14 5.0
The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CVE-2018-1000632 3 Debian, Dom4j Project, Oracle 3 Debian Linux, Dom4j, Flexcube Investor Servicing 2019-05-14 6.4
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be...
CVE-2018-16865 5 Freedesktop, Canonical, Debian and 2 more 12 Systemd, Ubuntu Linux, Debian Linux and 9 more 2019-05-13 4.6
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when many entries are sent to the journal socket. A local attacker, or a remote one if...
CVE-2019-0190 4 Apache, Netapp, Openssl and 1 more 4 Http Server, Santricity Cloud Connector, Openssl and 1 more 2019-05-13 5.0
A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP...
CVE-2018-5407 7 Nodejs, Openssl, Canonical and 4 more 20 Node.js, Openssl, Ubuntu Linux and 17 more 2019-05-10 1.9
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-7489 3 Fasterxml, Debian, Oracle 4 Jackson-databind, Debian Linux, Communications Billing And Revenue Management and 1 more 2019-05-10 7.5
FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending...
CVE-2015-9251 2 Jquery, Oracle 40 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 37 more 2019-05-10 4.3
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.