Skip to main content
CVE-2019-2734 MEDIUM PATCH This Month

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Database Server
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2019-10457 MEDIUM This Month

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Oracle Oracle Cloud Infrastructure Compute Classic
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10456 MEDIUM This Month

A cross-site request forgery vulnerability in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Oracle CSRF Oracle Cloud Infrastructure Compute Classic
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10455 MEDIUM PATCH This Month

A missing permission check in Jenkins Rundeck Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2019-10454 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins Rundeck Plugin allows attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rundeck
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10452 MEDIUM This Month

Jenkins View26 Test-Reporting Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure View26 Test Reporting
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10451 MEDIUM This Month

Jenkins SOASTA CloudTest Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Soasta Cloudtest
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10447 MEDIUM This Month

Jenkins Sofy.AI Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Sofy Ai
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2019-10445 MEDIUM PATCH This Month

A missing permission check in Jenkins Google Kubernetes Engine Plugin 0.7.0 and earlier allowed attackers with Overall/Read permission to obtain limited information about the scope of a credential. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Kubernetes Google Google Kubernetes Engine
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10442 MEDIUM PATCH This Month

A missing permission check in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Icescrum
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10441 MEDIUM PATCH This Month

A cross-site request forgery vulnerability in Jenkins iceScrum Plugin 1.1.5 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Icescrum
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-10439 MEDIUM PATCH This Month

A missing permission check in Jenkins CRX Content Package Deployer Plugin 1.8.1 and earlier in various 'doFillCredentialsIdItems' methods allowed users with Overall/Read access to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Jenkins Crx Content Package Deployer
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2019-2996 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Deployment). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +12
NVD
CVSS 3.1
4.2
EPSS
2.2%
CVE-2019-2959 MEDIUM PATCH This Month

Vulnerability in the Hyperion Financial Reporting product of Oracle Hyperion (component: Security Models). Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Hyperion Financial Reporting
NVD
CVSS 3.1
4.2
EPSS
1.0%
CVE-2019-2941 MEDIUM PATCH This Month

Vulnerability in the Hyperion Profitability and Cost Management product of Oracle Hyperion (component: Modeling). Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Hyperion Enterprise Performance Management Architect
NVD
CVSS 3.1
4.0
EPSS
0.7%
CVE-2019-2955 LOW PATCH Monitor

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
3.9
EPSS
0.4%
CVE-2019-2954 LOW PATCH Monitor

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Denial Of Service Oracle Database Server
NVD
CVSS 3.1
3.9
EPSS
0.4%
CVE-2019-2992 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2988 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2019-2987 LOW PATCH Monitor

Vulnerability in the Java SE product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +10
NVD
CVSS 3.1
3.7
EPSS
3.4%
CVE-2019-2983 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2981 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2978 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.3%
CVE-2019-2973 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +18
NVD
CVSS 3.1
3.7
EPSS
3.7%
CVE-2019-2964 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2962 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.7
EPSS
3.5%
CVE-2019-2910 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +3
NVD
CVSS 3.1
3.7
EPSS
1.7%
CVE-2019-2894 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +4
NVD
CVSS 3.1
3.7
EPSS
3.2%
CVE-2019-2961 LOW PATCH Monitor

Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). Rated low severity (CVSS 3.6).

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
3.6
EPSS
0.3%
CVE-2019-10450 LOW Monitor

Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Elasticbox Ci
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2019-2945 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Java Denial Of Service Oracle Jdk Jre +17
NVD
CVSS 3.1
3.1
EPSS
3.4%
CVE-2019-2933 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Java Oracle Jdk Jre +3
NVD
CVSS 3.1
3.1
EPSS
2.3%
CVE-2019-2911 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
2.7
EPSS
2.1%
CVE-2019-2872 LOW PATCH Monitor

Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Rated low severity (CVSS 2.7).

Authentication Bypass Oracle Retail Xstore Point Of Service
NVD
CVSS 3.1
2.7
EPSS
0.4%
CVE-2019-2899 LOW PATCH Monitor

Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: OAM). Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Application Development Framework Jdeveloper Hyperion Financial Management +1
NVD
CVSS 3.1
2.4
EPSS
0.9%
CVE-2019-2940 LOW PATCH Monitor

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Authentication Bypass Oracle Database Server
NVD
CVSS 3.1
2.3
EPSS
0.4%
CVE-2019-2926 LOW PATCH Monitor

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.1
2.3
EPSS
0.6%
CVE-2019-3008 LOW PATCH Monitor

Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). Rated low severity (CVSS 1.8).

Denial Of Service Oracle Solaris
NVD
CVSS 3.1
1.8
EPSS
0.4%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy