CVE Daily
← All tags

Tag: Unauthenticated/Unauthorized Access

All CVEs associated with "Unauthenticated/Unauthorized Access". Page 102/128 • 15320 CVEs.

Subscribe CVEs: RSS for “Unauthenticated/Unauthorized Access”  ·  RSS (High+Critical only)

About “Unauthenticated/Unauthorized Access”

A curated feed of “Unauthenticated/Unauthorized Access”-related CVEs appears below. We currently track 15320 CVEs for this tag (all time). In the last 365 days, 3827 were published. Average CVSS is 7.4 (all time; 7.4 over 365d), and 61% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-862 - Missing Authorization, CWE-306 - Missing Authentication for Critical Function, CWE-639 - Authorization Bypass Through User-Controlled Key.

In our taxonomy this topic maps to a HIGH impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2019-05-22
Critical

CVE-2018-7842

A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege b…

CVSS: 9.8 CWE: CWE-290 - Authentication Bypass by Spoofing View on NVD
Medium

CVE-2018-7822

An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause unauthor…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerabi…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2019-12102

Kentico 11 through 12 lets attackers upload and explore files without authentication via the cmsmodules/medialibrary/formcontrols/liveselectors/insertimageormedia/tabs_media.aspx URI. NOTE: The vendo…

CVSS: 9.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-05-17
Critical

CVE-2019-0153

Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS: 9.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2019-0132

Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2019-0099

Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physica…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2019-0098

Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via p…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2019-0094

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of servic…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2019-0092

Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of pr…

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2019-0090

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version S…

CVSS: 7.1 CWE: N/A View on NVD
2019-05-16
Critical

CVE-2019-0708

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends speciall…

CVSS: 9.8 CWE: CWE-416 - Use After Free View on NVD
2019-05-15
High

CVE-2019-9196

The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level f…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2019-3724

RSA Netwitness Platform versions prior to 11.2.1.1 is vulnerable to an Authorization Bypass vulnerability. A remote low privileged attacker could potentially exploit this vulnerability to gain access…

CVSS: 6.5 CWE: N/A View on NVD
2019-05-14
Critical

CVE-2019-10922

A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 and newer (All versions), SIMATIC WinCC V7.2 and earlier (All versions), SIMATIC WinCC V7.3 an…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2019-10921

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Unencrypted storage of passwords in the project could allow an attacker with access to port 10005/tcp…

CVSS: 7.5 CWE: CWE-256 - Plaintext Storage of a Password View on NVD
High

CVE-2019-10920

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Project data stored on the device, which is accessible via port 10005/tcp, can be decrypted due to a h…

CVSS: 7.5 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
Critical

CVE-2019-10919

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Attackers with access to port 10005/tcp could perform device reconfigurations and obtain project files…

CVSS: 9.4 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Medium

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.

CVSS: 5.3 CWE: N/A View on NVD
2019-05-13
High

CVE-2019-7404

An issue was discovered on LG GAMP-7100, GAPM-7200, and GAPM-8000 routers. An unauthenticated user can read a log file via an HTTP request containing its full pathname, such as http://192.168.0.1/var…

CVSS: 7.5 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2018-12296

Insufficient access control in /api/external/7.0/system.System.get_infos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST…

CVSS: 7.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-05-10
Critical

CVE-2018-7084

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating s…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2019-1867

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API. The vulnerability is due to improp…

CVSS: 10.0 CWE: CWE-287 - Improper Authentication View on NVD
2019-05-09
Medium

CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that is_admin() verifies that the request comes from an admin user (it actually only verifies that the reques…

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-1568

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Demisto 4.5 build 40249 may allow an unauthenticated attacker to run arbitrary JavaScript or HTML.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value…

CVSS: 7.1 CWE: CWE-287 - Improper Authentication View on NVD
2019-05-08
Critical

CVE-2019-7442

An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass a…

CVSS: 9.8 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Critical

CVE-2019-9505

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not sanitize special characters allowing for remote unauthorized changes to configuration files. An unauthenti…

CVSS: 9.8 CWE: CWE-159 - Improper Handling of Invalid Use of Special Elements View on NVD
2019-05-07
Critical

CVE-2019-11560

A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP pa…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2019-05-02
Critical

CVE-2018-16988

An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires…

CVSS: 9.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
Critical

CVE-2017-18369

The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user.…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2017-18368

The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is access…

CVSS: 9.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2019-04-30
High

CVE-2019-3936

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition int…

CVSS: 7.5 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2019-3935

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to act as a moderator to a slide show via crafted HTTP POST requests to conference.cgi. A remote, unauthenticated…

CVSS: 9.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-3934

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attack…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2019-3933

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2019-3932

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to authentication bypass due to a hard-coded password in return.tgi. A remote, unauthenticated attacker can use t…

CVSS: 9.8 CWE: CWE-249 View on NVD
Critical

CVE-2019-3930

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 fir…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Critical

CVE-2019-3929

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 fir…

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2019-3928

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attack…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2019-3927

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 anyone can change the administrator and moderator passwords via the iso.3.6.1.4.1.3212.100.3.2.8.1 and iso.3.6.1.4.1.3212.100.3.…

CVSS: 9.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2019-3926

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.14.1. A remote, unauthenticated attacker can use thi…

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2019-3925

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 are vulnerable to command injection via SNMP OID iso.3.6.1.4.1.3212.100.3.2.9.3. A remote, unauthenticated attacker can use this…

CVSS: 9.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2019-11616

doorGets 7.0 has a sensitive information disclosure vulnerability in /setup/temp/admin.php and /setup/temp/database.php. A remote unauthenticated attacker could exploit this vulnerability to obtain t…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-11614

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information.

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2019-11612

doorGets 7.0 has an arbitrary file deletion vulnerability in /fileman/php/deletefile.php. A remote unauthenticated attacker can exploit this vulnerability to delete arbitrary files.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11611

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/download.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11610

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/downloaddir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive informat…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11609

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/movefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11608

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/renamefile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive informati…

CVSS: 8.2 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11607

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
High

CVE-2019-11606

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copyfile.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information.

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2019-04-29
High

CVE-2019-5492

Element Plug-in for vCenter Server versions prior to 4.2.3 may disclose sensitive account information to an unauthenticated attacker. NetApp HCI Compute Node versions prior to 1.4P2 bundle affected v…

CVSS: 7.5 CWE: N/A View on NVD
2019-04-26
High

CVE-2019-3707

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to t…

CVSS: 8.6 CWE: N/A View on NVD
High

CVE-2019-3706

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to byp…

CVSS: 8.6 CWE: N/A View on NVD
Critical

CVE-2019-2725

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable…

CVSS: 9.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2019-04-25
High

CVE-2019-3788

Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a…

CVSS: 8.7 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
High

CVE-2019-3721

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain an Improper Range Header Processing Vulnerability. A remote unauthenticated attacker may send crafted requests with ov…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2019-3720

Dell EMC Open Manage System Administrator (OMSA) versions prior to 9.3.0 contain a Directory Traversal Vulnerability. A remote authenticated malicious user with admin privileges could potentially exp…

CVSS: 4.9 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Critical

CVE-2018-18285

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the login interface…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2018-16219

A missing password verification in the web interface in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an remote attacker (in the same network as the device) to change the admin password wit…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2018-18286

SQL injection vulnerabilities in CMG Suite 8.4 SP2 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for the changepwd inter…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2019-10955

In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and e…

CVSS: 6.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
High

CVE-2018-1360

A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to…

CVSS: 8.1 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2019-04-24
Critical

CVE-2019-8993

The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveM…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
Critical

CVE-2019-9950

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is…

CVSS: 9.8 CWE: CWE-521 - Weak Password Requirements View on NVD
Critical

CVE-2019-3793

Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unau…

CVSS: 9.8 CWE: CWE-300 - Channel Accessible by Non-Endpoint View on NVD
Critical

CVE-2019-7214

SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on the server when port 17001 was remotely accessible. This po…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2019-7212

SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails and file attachments. It was also possible to interact with mai…

CVSS: 8.2 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2019-04-23
Medium

CVE-2019-2719

Vulnerability in the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: Web Applications (InfoCenter)). Supported versions that are affected are 8.5.1.0 - 8.5.1.7, 8.6.0 and 8.6.1. Easily…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2019-2713

Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability all…

CVSS: 6.5 CWE: N/A View on NVD
Medium

CVE-2019-2712

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). Supported versions that are affected are 11.2.0.3 and 11.3.1. Easily exploitab…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2019-2709

Vulnerability in the Oracle Transportation Management component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.3.7, 6.4.2 and 6.4.3. Easily…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2019-2707

Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management component of Oracle PeopleSoft Products (subcomponent: Application Search). The supported version that is affected is 9.2…

CVSS: 6.1 CWE: N/A View on NVD
High

CVE-2019-2706

Vulnerability in the Oracle Business Process Management Suite component of Oracle Fusion Middleware (subcomponent: BPM Foundation Services). The supported version that is affected is 11.1.1.9.0. Easi…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2705

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.3 and 8.5.4. Easily exploitabl…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2704

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS Package Manager). The supported version that is affected is 11. Easily exploitable vulnerability…

CVSS: 5.3 CWE: N/A View on NVD
Critical

CVE-2019-2702

Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easil…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2019-2699

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Windows DLL). The supported version that is affected is Java SE: 8u202. Difficult to exploit vulnerability allows unauthenticat…

CVSS: 9.0 CWE: N/A View on NVD
High

CVE-2019-2698

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticat…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2019-2697

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticat…

CVSS: 8.1 CWE: N/A View on NVD
Medium

CVE-2019-2684

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201.…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2019-2682

Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Attachments / File Upload). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2678

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.28 and prior to 6.0.6. Easily exploitable vuln…

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2019-2677

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2676

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2019-2675

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2674

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2019-2673

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2019-2671

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2670

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2019-2669

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2019-2665

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2664

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Marketing Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2663

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 1…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2662

Vulnerability in the Oracle Territory Management component of Oracle E-Business Suite (subcomponent: Territory Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2661

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2660

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Setup, Admin). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12…

CVSS: 8.2 CWE: N/A View on NVD
Medium

CVE-2019-2659

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework). The supported version that is affected is 11.2.0.3. Easily exploitable vulnera…

CVSS: 6.1 CWE: N/A View on NVD
Critical

CVE-2019-2658

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily explo…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-2655

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Business Intelligence (OLTP)). Supported versions that are affected are 12.1.1, 12.1.2…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2654

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2653

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2652

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2651

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5,…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2650

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. E…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2019-2649

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. E…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2019-2648

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. E…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2019-2647

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. E…

CVSS: 7.5 CWE: N/A View on NVD
Critical

CVE-2019-2646

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: EJB Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily…

CVSS: 9.8 CWE: N/A View on NVD
Critical

CVE-2019-2645

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0.…

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2019-2643

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2642

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2641

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2640

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2…

CVSS: 8.2 CWE: N/A View on NVD
High

CVE-2019-2639

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Preferences). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6,…

CVSS: 8.2 CWE: N/A View on NVD
Critical

CVE-2019-2638

Vulnerability in the Oracle General Ledger component of Oracle E-Business Suite (subcomponent: Consolidation Hierarchy Viewer). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3…

CVSS: 9.9 CWE: N/A View on NVD
Medium

CVE-2019-2637

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55, 8.56 and 8.57. Easil…

CVSS: 6.1 CWE: N/A View on NVD
Medium

CVE-2019-2634

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows u…

CVSS: 5.1 CWE: N/A View on NVD
Critical

CVE-2019-2633

Vulnerability in the Oracle Work in Process component of Oracle E-Business Suite (subcomponent: Messages). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.…

CVSS: 9.9 CWE: N/A View on NVD