CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3197
https://notcve.org/view.php?id=CVE-2018-3197
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105606 http://www.securitytracker.com/id/1041896 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-3249
https://notcve.org/view.php?id=CVE-2018-3249
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105643 http://www.securitytracker.com/id/1041896 •
CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2018-3246
https://notcve.org/view.php?id=CVE-2018-3246
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 12.1.3.0 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/105628 http://www.securitytracker.com/id/1041896 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11771 – apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip
https://notcve.org/view.php?id=CVE-2018-11771
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package. Cuando se lee un archivo ZIP especialmente manipulado, el método read de ZipArchiveInputStream de Apache Commons Compress desde la versión 1.7 hasta la 1.17 puede fracasar a la hora de devolver la indicación EOF correcta después de llegar al final de la transmisión. Cuando se combina con un java.io.InputStreamReader, puede conducir a una transmisión infinita que se puede usar para montar un ataque de denegación de servicio (DoS) contra servicios que usan el paquete ZIP de Compress. • http://www.securityfocus.com/bid/105139 http://www.securitytracker.com/id/1041503 https://lists.apache.org/thread.html/0adb631517766e793e18a59723e2df08ced41eb9a57478f14781c9f7%40%3Cdev.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/3565494c263dfeb4dcb2a71cb24d09a1ca285cd6ac74edc025a3af8a%40%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/35f60d6d0407c13c39411038ba1aca71d92595ed7041beff4d07f2ee%40%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/6c79965066c30d4e330e04d911d3761db41b82c89ae38d9a6b37a6f1%40%3Cdev.tinkerpop. • CWE-400: Uncontrolled Resource Consumption CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2018-2933 – Oracle Fusion Middleware 12c (12.2.1.3.0) WebLogic SAML Issues
https://notcve.org/view.php?id=CVE-2018-2933
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104763 http://www.securitytracker.com/id/1041301 •