CyberSecurityBoard
Sponsor Register Login

CVE-2018-2984

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). The supported version that is affected is 9.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management System. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Cruise Fleet Management System accessible data as well as unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management System accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).

Publication date: Wed, 18 Jul 2018 18:29:00 +0000


Cyber News related to CVE-2018-2984

CVE-2018-1000672 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16391, CVE-2018-16392, CVE-2018-16393, CVE-2018-16418, CVE-2018-16419, CVE-2018-16420, CVE-2018-16421, CVE-2018-16422, CVE-2018-16423, CVE-2018-16424, CVE-2018-16425, ...
54 years ago Tenable.com
CVE-2009-2984 - Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. Per: ...
5 years ago
CVE-2018-2984 - Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications (subcomponent: Gangway Activity Web App). The supported version that is affected is 9.x. Easily exploitable vulnerability allows low ...
4 years ago
CVE-2014-2984 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and ...
54 years ago Tenable.com
CVE-2010-2984 - Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on 4404 series controllers does not properly implement the WEBAUTH_REQD state, which allows remote attackers to bypass intended access restrictions via WLAN traffic, aka Bug ID ...
13 years ago
CVE-2012-2984 - Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter. ...
11 years ago
CVE-2015-2984 - I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. ...
7 years ago
CVE-2016-2984 - IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ ...
7 years ago
CVE-2005-2984 - Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port. ...
6 years ago
CVE-2007-2984 - Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method. ...
6 years ago
CVE-2013-2984 - Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to read or modify files via unspecified vectors. ...
6 years ago
CVE-2011-2984 - Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges ...
6 years ago
CVE-2008-2984 - Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter. ...
6 years ago
CVE-2006-2984 - Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. ...
5 years ago
CVE-2017-11156 - Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code by uploading an executable via unspecified ...
4 years ago
CVE-2017-11149 - Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary local files via crafted URI. ...
4 years ago
CVE-2020-2984 - Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker ...
3 years ago
CVE-2019-2984 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to ...
3 years ago
CVE-2022-2984 - In jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel. ...
1 year ago
CVE-2017-2984 - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the h264 decoder routine. Successful exploitation could lead to arbitrary code execution. ...
1 year ago
CVE-2023-2984 - Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. ...
1 year ago
CVE-2024-2984 - A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been classified as critical. This affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is ...
2 months ago
CVE-2024-26725 - In the Linux kernel, the following vulnerability has been resolved: dpll: fix possible deadlock during netlink dump operation Recently, I've been hitting following deadlock warning during dpll pin dump: [52804.637962] ...
2 months ago Tenable.com
CVE-2018-0912 - Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege ...
4 years ago
CVE-2018-0923 - Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)