Page 7 of 328 results (0.009 seconds)

CVSS: 8.2EPSS: 0%CPEs: 9EXPL: 0

CVE-2019-2498

https://notcve.org/view.php?id=CVE-2019-2498

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: Partner Dash board). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Partner Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106620 •

CVSS: 5.9EPSS: 0%CPEs: 44EXPL: 0

CVE-2018-0734 – Timing attack against DSA

https://notcve.org/view.php?id=CVE-2018-0734

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p). • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html http://www.securityfocus.com/bid/105758 https://access.redhat.com/errata/RHSA-2019:2304 https://access.redhat.com/errata/RHSA-2019:3700 https://access.redhat.com/errata/RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3935 https://git.openssl.org/gitweb/?p=openssl.git%3Ba • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-2934

https://notcve.org/view.php?id=CVE-2018-2934

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104836 http://www.securitytracker.com/id/1041309 • CWE-665: Improper Initialization •

CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0

CVE-2018-2873

https://notcve.org/view.php?id=CVE-2018-2873

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Account Hierarchy Manager). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle General Ledger. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle General Ledger accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103867 http://www.securitytracker.com/id/1040694 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-2874

https://notcve.org/view.php?id=CVE-2018-2874

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Logging). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows physical access to compromise Oracle Application Object Library. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.securityfocus.com/bid/103878 http://www.securitytracker.com/id/1040694 •