Skip to main content
CVE-2017-5043 HIGH This Week

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2017-2332 HIGH This Week

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Northstar Controller
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2017-5034 HIGH This Week

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5032 HIGH This Week

PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made to increment off the end of a buffer, which allowed a remote attacker to potentially exploit heap corruption via a crafted PDF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Microsoft Google Chrome
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-5031 HIGH This Week

A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +1
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2017-3543 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3542 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.7%
CVE-2017-3523 HIGH PATCH This Week

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Connector J
NVD
CVSS 3.0
8.5
EPSS
1.6%
CVE-2017-3540 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Webcenter Sites
NVD
CVSS 3.0
8.6
EPSS
1.1%
CVE-2017-8101 HIGH PATCH This Week

There is CSRF in Serendipity 2.0.5, allowing attackers to install any themes via a GET request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Serendipity
NVD GitHub
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-3691 HIGH PATCH This Week

Routes in Kallithea before 0.3.2 allows remote attackers to bypass the CSRF protection by using the GET HTTP request method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Kallithea
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3578 HIGH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit Software
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-3500 HIGH PATCH This Week

Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Primavera Gateway
NVD
CVSS 3.0
8.7
EPSS
0.5%
CVE-2017-3545 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Blob Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
3.0%
CVE-2017-2321 HIGH This Week

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various system. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2017-2317 HIGH This Week

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
8.6
EPSS
0.5%
CVE-2017-3493 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
8.5
EPSS
0.7%
CVE-2017-3580 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.3
EPSS
1.6%
CVE-2017-3514 HIGH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 3.0
8.3
EPSS
1.2%
CVE-2017-3582 HIGH PATCH This Week

Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite (subcomponent: Backup/Restore Utility). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Supercluster Specific Software
NVD
CVSS 3.0
8.4
EPSS
0.2%
CVE-2017-2319 HIGH This Week

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious attacker to compromise the systems confidentiality or integrity. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Northstar Controller
NVD
CVSS 3.0
8.3
EPSS
0.6%
CVE-2017-3306 HIGH PATCH This Week

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Server). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Mysql Enterprise Monitor
NVD
CVSS 3.0
8.3
EPSS
0.5%
CVE-2017-3601 HIGH PATCH This Week

Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Api Gateway
NVD
CVSS 3.0
8.1
EPSS
1.4%
CVE-2017-3541 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-3625 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3583 HIGH PATCH This Week

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
8.1
EPSS
0.9%
CVE-2017-3564 HIGH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-3602 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-3472 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Private Banking
NVD
CVSS 3.0
8.1
EPSS
0.5%
CVE-2017-3554 HIGH This Week

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Catalog Mover). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
8.1
EPSS
0.4%
CVE-2017-5035 HIGH This Week

Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Microsoft Information Disclosure Chrome +4
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2017-3555 HIGH This Week

Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Ireceivables
NVD
CVSS 3.0
7.5
EPSS
2.9%
CVE-2017-3547 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: MultiChannel Framework). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.4
EPSS
3.1%
CVE-2017-3329 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Thread Pooling). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle MySQL Debian Linux
NVD
CVSS 3.0
7.5
EPSS
2.6%
CVE-2017-3511 HIGH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +1
NVD
CVSS 3.0
7.7
EPSS
1.6%
CVE-2017-3565 HIGH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: RBAC). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Oracle Solaris
NVD
CVSS 3.0
7.9
EPSS
0.1%
CVE-2017-3559 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.9), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.0
7.9
EPSS
0.1%
CVE-2017-3621 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-3518 HIGH PATCH This Week

Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Discovery Framework). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Enterprise Manager Base Platform
NVD
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-5039 HIGH This Week

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to potentially exploit heap corruption via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5037 HIGH This Week

An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Microsoft Buffer Overflow Google Chrome +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-5036 HIGH This Week

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +5
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2017-3254 HIGH PATCH This Week

Vulnerability in the Oracle Retail Invoice Matching component of Oracle Retail Applications (subcomponent: Security). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Retail Invoice Matching
NVD
CVSS 3.0
7.6
EPSS
1.2%
CVE-2017-3572 HIGH PATCH This Week

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component of Oracle Commerce (subcomponent: MDEX). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Commerce
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-3233 HIGH PATCH This Week

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Automatic Service Request
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-3584 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: RAS subsystems). Rated high severity (CVSS 7.8).

Information Disclosure Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3620 HIGH PATCH This Week

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Automatic Service Request
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-3581 HIGH PATCH This Week

Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Automatic Service Request
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6915 HIGH This Week

Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Nvidia Google Shield Tablet Firmware Shield Tablet Tk1 Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6917 HIGH This Week

Buffer overflow in nvhost_job.c in the NVIDIA video driver for Android, Shield TV before OTA 3.3, Shield Table before OTA 4.4, and Shield Table TK1 before OTA 1.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Nvidia Google Shield Tablet Firmware Shield Tablet Tk1 Firmware +2
NVD
CVSS 3.0
7.8
EPSS
0.1%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy