Skip to main content
CVE-2018-3272 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones Virtualized NIC Driver). Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.0
6.2
EPSS
0.5%
CVE-2018-15435 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Socialminer
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2018-15973 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15972 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
2.4%
CVE-2018-15971 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15970 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-15969 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Information Disclosure Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.9%
CVE-2018-18372 MEDIUM This Month

A Stored XSS vulnerability has been discovered in KAASoft Library CMS - Powerful Book Management System 2.1.1 via the /admin/book/create/ title parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Library Cms
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-18262 MEDIUM This Month

Zoho ManageEngine OpManager 12.3 before build 123214 has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho XSS Manageengine Opmanager
NVD
CVSS 3.0
6.1
EPSS
2.0%
CVE-2018-17964 MEDIUM This Month

Aryanic HighPortal 12.5 has XSS via an Add Tags action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Highportal
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-15493 MEDIUM PATCH This Month

vBulletin 5.4.3 has an Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Vbulletin
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-3301 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3281 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3257 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3255 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3250 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3241 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3207 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3206 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3205 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3194 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3193 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Activity Guide). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3178 MEDIUM PATCH This Month

Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Common Events
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3177 MEDIUM PATCH This Month

Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Common Events
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3176 MEDIUM PATCH This Month

Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Common Events
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3175 MEDIUM PATCH This Month

Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion Common Events
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3164 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Elastic Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3159 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Sender and Receiver). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Fleet Management
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2018-3154 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3153 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3148 MEDIUM PATCH This Month

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Primavera Unifier
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-3140 MEDIUM PATCH This Month

Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion
NVD
CVSS 3.0
6.1
EPSS
1.5%
CVE-2018-3132 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Rich Text Editor). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-3131 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Gift and Loyalty component of Oracle Food and Beverage Applications. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Oracle Authentication Bypass Hospitality Gift And Loyalty
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2018-3059 MEDIUM PATCH This Month

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Siebel Ui Framework
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2018-7110 MEDIUM This Month

A remote unauthorized disclosure of information vulnerability was identified in HPE Service Governance Framework (SGF) version 4.2, 4.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Authentication Bypass Service Governance Framework
NVD
CVSS 3.0
5.9
EPSS
0.7%
CVE-2018-3144 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.9
EPSS
4.4%
CVE-2018-3141 MEDIUM PATCH This Month

Vulnerability in the Hyperion Essbase Administration Services component of Oracle Hyperion (subcomponent: EAS Console). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hyperion
NVD
CVSS 3.0
5.8
EPSS
2.0%
CVE-2018-3274 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.0
5.7
EPSS
1.8%
CVE-2018-3263 MEDIUM PATCH This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Sudo). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Solaris
NVD
CVSS 3.0
5.6
EPSS
1.5%
CVE-2018-3180 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Jdk Jre +12
NVD
CVSS 3.1
5.6
EPSS
3.4%
CVE-2018-3247 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-3195 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-3187 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-3185 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +5
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2018-3181 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: OHC ENOAD). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Oracle Authentication Bypass Hospitality Cruise Shipboard Property Management System
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-15395 MEDIUM This Month

A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Wireless Lan Controller Software
NVD
CVSS 3.0
5.4
EPSS
0.6%
CVE-2018-18373 MEDIUM This Month

In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload WordPress XSS PHP Support Board Chat And Help Desk
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-3215 MEDIUM PATCH This Month

Vulnerability in the Oracle Endeca Information Discovery Integrator component of Oracle Fusion Middleware (subcomponent: Integrator ETL). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Endeca Information Discovery Integrator
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-3130 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Application Portal). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Interaction Hub
NVD
CVSS 3.0
5.4
EPSS
1.2%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy