Skip to main content
CVE-2017-10417 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10416 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10415 HIGH PATCH This Week

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Isupport
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10414 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10412 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10411 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10410 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10409 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-3446 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3445 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3444 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-10364 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2017-10270 HIGH PATCH This Week

Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Oracle Identity Manager Connector
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2017-10190 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Database
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-10403 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Information Disclosure Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2017-10033 MEDIUM POC PATCH This Month

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Oracle Webcenter Sites
NVD Exploit-DB
CVSS 3.0
4.0
EPSS
0.6%
CVE-2017-10259 HIGH PATCH This Week

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Coreid Access
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-10037 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Business Intelligence Publisher
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-10310 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Hyperion Financial Reporting
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2017-14017 HIGH This Week

An Uncontrolled Search Path Element issue was discovered in Progea Movicon Version 11.5.1181 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Movicon
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-10335 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Elastic Search). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Elastic Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-10332 HIGH PATCH This Week

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: Administration). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Universal Work Queue
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-10328 HIGH PATCH This Week

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Application Object Library
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2017-10260 HIGH PATCH This Week

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Integrated Lights Out Manager Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2017-12260 HIGH This Week

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Spa 501G Firmware Spa 502G Firmware +6
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-12259 HIGH This Week

A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Small Business Ip Phone Firmware
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2017-10155 HIGH PATCH This Week

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Pluggable Auth). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle MySQL
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-10373 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of Oracle PeopleSoft Products (subcomponent: Health Center). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-15650 HIGH This Week

musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Musl
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-10369 HIGH PATCH This Week

Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

Information Disclosure Oracle Virtual Directory
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2012-4380 HIGH PATCH This Week

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2017-10388 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +27
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2017-5635 HIGH PATCH This Week

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Nifi
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-10933 HIGH This Week

All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring system of ZTE energy product, are impacted by directory traversal vulnerability that allows remote attackers to read arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zte Path Traversal Zxdt22 Sf01 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2012-6707 HIGH PATCH This Week

WordPress through 4.8.2 uses a weak MD5-based password hashing algorithm, which makes it easier for attackers to determine cleartext values by leveraging access to the hash values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress PHP Information Disclosure
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2015-4421 HIGH This Week

The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Mate 7 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2017-15609 HIGH PATCH This Week

Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Octopus Deploy
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-10333 HIGH PATCH This Week

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Siebel Ui Framework
NVD
CVSS 3.0
7.4
EPSS
0.4%
CVE-2017-10391 HIGH PATCH This Week

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Glassfish Server
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2017-10265 HIGH PATCH This Week

Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: System Management). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Integrated Lights Out Manager Firmware
NVD
CVSS 3.0
7.3
EPSS
0.7%
CVE-2017-10312 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion (subcomponent: UI and Visualization). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hyperion Bi
NVD
CVSS 3.0
7.1
EPSS
1.6%
CVE-2017-3588 HIGH PATCH This Week

Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: HA for MySQL). Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Oracle Solaris Cluster
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2017-10407 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-10362 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Sawbridge). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.2
EPSS
0.6%
CVE-2017-10392 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-10408 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Denial Of Service Oracle Vm Virtualbox
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2017-10353 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite8/RESTAPI). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Authentication Bypass Oracle Hospitality Hotel Mobile
NVD
CVSS 3.0
7.1
EPSS
0.8%
CVE-2017-10363 HIGH PATCH This Week

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Security). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Flexcube Universal Banking
NVD
CVSS 3.0
7.1
EPSS
0.7%
CVE-2015-4422 HIGH This Week

The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption). Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Huawei Mate 7 Firmware
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-10370 MEDIUM PATCH This Month

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Hospitality Guest Access
NVD
CVSS 3.0
6.9
EPSS
0.3%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy