Skip to main content
CVE-2017-3600 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

Information Disclosure Oracle MySQL Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2017-3517 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime SEC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Jd Edwards Enterpriseone Tools
NVD
CVSS 3.0
6.5
EPSS
0.9%
CVE-2017-3452 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-3551 MEDIUM This Month

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Smartcard Libraries). Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Oracle Solaris
NVD
CVSS 3.0
6.6
EPSS
0.1%
CVE-2017-3331 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-2325 MEDIUM This Month

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Juniper Northstar Controller
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3577 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Campus Community component of Oracle PeopleSoft Products (subcomponent: Frameworks). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Cs Campus Community
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3570 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: eSettlements). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Esettlements
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3525 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise SCM Service Procurement component of Oracle PeopleSoft Products (subcomponent: Usability). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Services Procurement
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3524 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products (subcomponent: Bidder Registration). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Strategic Sourcing
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3522 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection component of Oracle PeopleSoft Products (subcomponent: Vendor). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Esupplier Connection
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-3521 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of Oracle PeopleSoft Products (subcomponent: Supplier Registration). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Scm Purchasing
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-2312 MEDIUM This Month

On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-2333 MEDIUM This Month

A persistent denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network-based, authenticated attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Juniper Northstar Controller
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-3453 MEDIUM PATCH This Month

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle MySQL Debian Linux MariaDB +6
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2017-3592 MEDIUM PATCH This Month

Vulnerability in the Oracle Payables component of Oracle E-Business Suite (subcomponent: Self Service Manager). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Payroll
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2017-3491 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3534 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Universal Banking
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3568 MEDIUM This Month

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Authentication Bypass Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3488 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Investor Servicing
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-3586 MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Mysql Connectors
NVD
CVSS 3.0
6.4
EPSS
0.8%
CVE-2017-2318 MEDIUM This Month

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to read log files which will compromise the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-2326 MEDIUM This Month

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Juniper Information Disclosure Northstar Controller
NVD
CVSS 3.0
6.5
EPSS
0.3%
CVE-2017-8098 MEDIUM PATCH This Month

e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF E107
NVD GitHub
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-3114 MEDIUM This Month

Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kallithea
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-2316 MEDIUM This Month

A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Juniper Northstar Controller
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2017-5044 MEDIUM This Month

Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Microsoft Google Chrome +4
NVD
CVSS 3.1
6.3
EPSS
1.0%
CVE-2017-5038 MEDIUM This Month

Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Google Microsoft Memory Corruption +5
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2017-3526 MEDIUM This Month

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Java Oracle Jdk Jre +1
NVD
CVSS 3.0
5.9
EPSS
1.9%
CVE-2017-5045 MEDIUM This Month

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Google Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2017-2329 MEDIUM This Month

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Northstar Controller
NVD
CVSS 3.0
6.2
EPSS
0.2%
CVE-2017-2330 MEDIUM This Month

A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, local user, to create a fork bomb scenario,. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Northstar Controller
NVD
CVSS 3.0
6.2
EPSS
0.0%
CVE-2017-3573 MEDIUM This Month

Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3537 MEDIUM PATCH This Month

Vulnerability in the Oracle Real-Time Scheduler component of Oracle Utilities Applications (subcomponent: Mobile Communications Platform). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Real Time Scheduler
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3532 MEDIUM PATCH This Month

Vulnerability in the Oracle Retail Warehouse Management System component of Oracle Retail Applications (subcomponent: Security). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Retail Warehouse Management System
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3501 MEDIUM PATCH This Month

Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera Unifier
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3496 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Flexcube Enterprise Limits And Collateral Management
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3579 MEDIUM PATCH This Month

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Primavera P6 Enterprise Project Portfolio Management
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2017-3530 MEDIUM PATCH This Month

Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Transportation Management
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8085 MEDIUM PATCH This Month

In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Exponent Cms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-7723 MEDIUM This Month

XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Easy Wp Smtp
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2017-8103 MEDIUM PATCH This Month

In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2017-5191 MEDIUM This Month

An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Access Manager
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-7944 MEDIUM This Month

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Xoops
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-3594 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
5.9
EPSS
0.4%
CVE-2016-5016 MEDIUM PATCH This Month

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Elastic Information Disclosure Cloud Foundry Cloud Foundry Elastic Runtime Cloud Foundry Uaa +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.3%
CVE-2017-2324 MEDIUM This Month

A command injection vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a network-based malicious attacker to cause a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Command Injection Northstar Controller
NVD
CVSS 3.0
5.3
EPSS
2.4%
CVE-2017-3597 MEDIUM PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Webcenter Sites
NVD
CVSS 3.0
5.7
EPSS
0.3%
CVE-2017-5042 MEDIUM This Month

Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Google Microsoft Information Disclosure Chrome Enterprise Linux Desktop +3
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2017-3470 MEDIUM PATCH This Month

Vulnerability in the Oracle Communications Security Gateway component of Oracle Communications Applications (subcomponent: Network). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Communications Security Gateway
NVD
CVSS 3.0
5.3
EPSS
1.5%
Prev Page 4 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy