Skip to main content

Oncommand Insight

802 CVEs product

Monthly

CVE-2019-5482 CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl Fedora Leap +14
NVD VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2019-16168 MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager E Series Santricity Os Controller Oncommand Insight +16
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2019-5498 MEDIUM This Month

OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2019-5443 HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE Curl Enterprise Manager Ops Center +7
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2019-13118 Ruby MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt Leap Active Iq Unified Manager +22
NVD VulDB
CVSS 3.1
5.3
EPSS
1.0%
CVE-2019-5496 HIGH This Week

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2019-11068 Ruby CRITICAL PATCH GHSA Act Now

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libxslt Ubuntu Linux Debian Linux Fedora +18
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2019-1559 MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle Ubuntu Linux Debian Linux +79
NVD
CVSS 3.1
5.9
EPSS
17.1%
CVE-2019-3822 CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl Ubuntu Linux Debian Linux +13
NVD
CVSS 3.1
9.8
EPSS
12.8%
CVE-2019-7317 MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Libpng Debian Linux +30
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2019-2510 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL MariaDB Enterprise Linux +8
NVD
CVSS 3.1
4.9
EPSS
3.4%
CVE-2019-2503 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Rated medium severity (CVSS 6.4).

Authentication Bypass Oracle MySQL MariaDB Active Iq Unified Manager +10
NVD
CVSS 3.1
6.4
EPSS
2.5%
CVE-2019-2502 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.6%
CVE-2019-2481 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux Oncommand Insight +8
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2019-2455 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Ubuntu Linux MariaDB +10
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-1842 LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack Cognos Analytics Oncommand Insight
NVD
CVSS 3.0
3.6
EPSS
0.3%
CVE-2018-3286 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2018-3285 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Microsoft Denial Of Service MySQL Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2018-3284 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Ubuntu Linux Active Iq Unified Manager +4
NVD
CVSS 3.1
4.4
EPSS
2.3%
CVE-2018-3283 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
4.4
EPSS
2.5%
CVE-2018-3282 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +8
NVD
CVSS 3.1
4.9
EPSS
4.0%
CVE-2018-3280 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2018-3279 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2018-3278 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
4.9
EPSS
3.5%
CVE-2018-3277 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2018-3276 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
4.9
EPSS
3.6%
CVE-2018-3251 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +6
NVD
CVSS 3.1
6.5
EPSS
3.1%
CVE-2018-3247 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-3212 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2018-3203 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3200 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2018-3195 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2018-3187 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.5
EPSS
2.8%
CVE-2018-3186 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2018-3185 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +5
NVD
CVSS 3.1
5.5
EPSS
2.6%
CVE-2018-3182 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Unified Manager Oncommand Insight +2
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3174 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.3).

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +5
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2018-3173 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
2.7%
CVE-2018-3170 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +2
NVD
CVSS 3.1
4.9
EPSS
2.1%
CVE-2018-3162 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
3.3%
CVE-2018-3156 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Debian Linux +6
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-3155 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
7.7
EPSS
3.7%
CVE-2018-3145 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.5%
CVE-2018-3144 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +4
NVD
CVSS 3.0
5.9
EPSS
4.4%
CVE-2018-3143 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +6
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2018-3137 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2018-3133 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Active Iq Unified Manager Oncommand Insight +6
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-11776 Maven HIGH POC KEV PATCH THREAT Act Now

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache RCE Struts Active Iq Unified Manager Oncommand Insight +5
NVD GitHub Exploit-DB
CVSS 3.1
8.1
EPSS
100.0%
CVE-2018-3084 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
2.8
EPSS
0.4%
CVE-2018-3082 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
2.7
EPSS
1.4%
CVE-2018-3081 MEDIUM PATCH This Month

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
5.0
EPSS
2.4%
CVE-2018-3080 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-3079 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-3078 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-3077 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
4.9
EPSS
3.5%
CVE-2018-3075 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-3074 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2018-3073 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2018-3071 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
4.9
EPSS
2.9%
CVE-2018-3070 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +4
NVD
CVSS 3.0
6.5
EPSS
3.6%
CVE-2018-3067 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +2
NVD
CVSS 3.1
4.9
EPSS
2.0%
CVE-2018-3066 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
3.3
EPSS
1.9%
CVE-2018-3065 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
6.5
EPSS
3.7%
CVE-2018-3064 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +5
NVD
CVSS 3.1
7.1
EPSS
3.2%
CVE-2018-3063 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Debian Linux Oncommand Insight +4
NVD
CVSS 3.1
4.9
EPSS
3.2%
CVE-2018-3062 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
5.3
EPSS
3.0%
CVE-2018-3061 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
4.9
EPSS
2.9%
CVE-2018-3060 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +4
NVD
CVSS 3.1
6.5
EPSS
2.9%
CVE-2018-3058 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +8
NVD
CVSS 3.1
4.3
EPSS
2.4%
CVE-2018-3056 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
4.3
EPSS
2.5%
CVE-2018-3054 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight Oncommand Workflow Automation +3
NVD
CVSS 3.0
4.9
EPSS
3.5%
CVE-2018-2973 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
5.9
EPSS
4.7%
CVE-2018-2964 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.8%
CVE-2018-2952 LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service Jdk Jre +24
NVD
CVSS 3.1
3.7
EPSS
4.2%
CVE-2018-2942 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Microsoft Information Disclosure Jdk +14
NVD
CVSS 3.1
8.3
EPSS
1.8%
CVE-2018-2941 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
8.3
EPSS
2.2%
CVE-2018-2940 MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass Jdk Jre +18
NVD
CVSS 3.1
4.3
EPSS
3.1%
CVE-2018-2938 CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +13
NVD
CVSS 3.1
9.0
EPSS
1.9%
CVE-2018-2767 LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL Debian Linux Ubuntu Linux +11
NVD
CVSS 3.1
3.1
EPSS
1.5%
CVE-2018-8014 Maven CRITICAL PATCH Act Now

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Tomcat Ubuntu Linux Debian Linux +5
NVD
CVSS 3.0
9.8
EPSS
22.0%
CVE-2018-1258 Maven HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security Spring Framework Agile Plm +39
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2018-1413 MEDIUM This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cognos Analytics Oncommand Insight
NVD
CVSS 3.0
5.4
EPSS
1.1%
CVE-2018-2846 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Oncommand Insight +4
NVD
CVSS 3.0
4.9
EPSS
2.9%
CVE-2018-2839 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Oncommand Insight +4
NVD
CVSS 3.0
4.9
EPSS
2.9%
CVE-2018-2826 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
5.0%
CVE-2018-2825 HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure Jdk Jre +15
NVD
CVSS 3.1
8.3
EPSS
4.1%
CVE-2018-2819 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL MariaDB Ubuntu Linux +12
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2018-2818 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Debian Linux +5
NVD
CVSS 3.0
4.9
EPSS
3.6%
CVE-2018-2817 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Debian Linux +12
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2018-2816 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Ubuntu Linux Oncommand Insight +4
NVD
CVSS 3.0
4.9
EPSS
2.9%
EPSS 7% CVSS 9.8
CRITICAL PATCH Act Now

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Heap Overflow Buffer Overflow Curl +16
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Sqlite Active Iq Unified Manager +18
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM This Month

OnCommand Insight versions through 7.3.6 may disclose sensitive account information to an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine"). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection OpenSSL RCE +9
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Information Disclosure Memory Corruption Libxslt +24
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Oncommand Insight versions prior to 7.3.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncommand Insight
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Libxslt Ubuntu Linux +20
NVD VulDB
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

OpenSSL Information Disclosure Oracle +81
NVD
EPSS 13% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Stack Overflow Libcurl +15
NVD
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Use After Free Information Disclosure Memory Corruption +32
NVD GitHub VulDB
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 2% CVSS 6.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Connection Handling). Rated medium severity (CVSS 6.4).

Authentication Bypass Oracle MySQL +12
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +4
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +10
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL +12
NVD
EPSS 0% CVSS 3.6
LOW PATCH Monitor

IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. Rated low severity (CVSS 3.6).

IBM Authentication Bypass Jwt Attack +2
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Microsoft Denial Of Service +6
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Logging). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +6
NVD
EPSS 4% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Storage Engines). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +10
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: RBR). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 4% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +8
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Merge). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Information Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +7
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.3).

Oracle Denial Of Service MySQL +7
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +8
NVD
EPSS 4% CVSS 7.7
HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 4% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Audit). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service MySQL +6
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +8
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +8
NVD
EPSS 100% CVSS 8.1
HIGH POC KEV PATCH THREAT Act Now

Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible Remote Code Execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then:. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Apache RCE Struts +7
NVD GitHub Exploit-DB
EPSS 0% CVSS 2.8
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Shell: Core / Client). Rated low severity (CVSS 2.8), this vulnerability is low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +4
NVD
EPSS 2% CVSS 5.0
MEDIUM PATCH This Month

Vulnerability in the MySQL Client component of Oracle MySQL (subcomponent: Client programs). Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +10
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +4
NVD
EPSS 2% CVSS 3.3
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +10
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 7.1
HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +7
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 3% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Memcached). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +10
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass MySQL +5
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +5
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass +20
NVD
EPSS 3% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +15
NVD
EPSS 4% CVSS 3.7
LOW PATCH Monitor

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Denial Of Service +26
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Microsoft +16
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +15
NVD
EPSS 3% CVSS 4.3
MEDIUM PATCH This Month

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Oracle Authentication Bypass +20
NVD
EPSS 2% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +15
NVD
EPSS 2% CVSS 3.1
LOW PATCH Monitor

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption). Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Oracle Authentication Bypass MySQL +13
NVD
EPSS 22% CVSS 9.8
CRITICAL PATCH Act Now

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Tomcat +7
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Spring Security +41
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Cognos Analytics +1
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
EPSS 5% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +17
NVD
EPSS 4% CVSS 8.3
HIGH PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Information Disclosure +17
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +14
NVD
EPSS 4% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Security : Privileges). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +7
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +14
NVD
EPSS 3% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL +6
NVD
Prev Page 8 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy