Skip to main content
CVE-2017-10271 HIGH POC KEV PATCH THREAT Act Now

Oracle WebLogic Server allows unauthenticated remote code execution through the WLS Security component's T3 protocol, massively exploited for cryptocurrency mining and botnet recruitment from 2017 onward.

Oracle Authentication Bypass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
94.4%
Threat
9.3
CVE-2015-6668 HIGH POC THREAT Act Now

The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.0%.

WordPress Information Disclosure Job Manager
NVD
CVSS 3.0
7.5
EPSS
84.0%
Threat
5.5
CVE-2017-15647 HIGH POC THREAT Act Now

On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.9%.

Path Traversal Routerfiberhome Firmware
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
38.9%
Threat
4.2
CVE-2017-10955 HIGH Act Now

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor 6.3.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.5% and no vendor patch available.

Dell Command Injection RCE Data Protection Advisor
NVD
CVSS 3.1
8.8
EPSS
33.5%
CVE-2017-15644 HIGH POC PATCH THREAT Act Now

SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.2%.

SSRF Webmin
NVD GitHub Exploit-DB
CVSS 3.0
8.6
EPSS
13.2%
CVE-2017-15645 HIGH POC PATCH This Week

CSRF exists in Webmin 1.850. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Webmin
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-15643 HIGH POC This Week

An active network attacker (MiTM) can achieve remote code execution on a machine that runs IKARUS Anti Virus 2.16.7. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

RCE Microsoft Request Smuggling Ikarus Antivirus
NVD Exploit-DB
CVSS 3.0
7.4
EPSS
7.3%
CVE-2017-12579 HIGH POC This Week

An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Hashicorp VMware Information Disclosure Vagrant Vmware Fusion
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.1%
CVE-2017-15649 HIGH POC PATCH This Week

net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Race Condition Linux Information Disclosure Linux Kernel
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.4%
CVE-2017-10309 HIGH POC PATCH This Week

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Java Oracle Jdk Jre +24
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
1.8%
CVE-2017-10424 HIGH PATCH This Week

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Web). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Mysql Enterprise Monitor
NVD
CVSS 3.0
8.8
EPSS
1.0%
CVE-2017-12293 HIGH This Week

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Webex Meetings Server
NVD
CVSS 3.0
8.6
EPSS
1.6%
CVE-2017-3883 HIGH This Week

A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Firepower Extensible Operating System Fxos Nx Os
NVD
CVSS 3.0
8.6
EPSS
1.5%
CVE-2017-12271 HIGH This Week

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2017-10321 HIGH PATCH This Week

Vulnerability in the Core RDBMS component of Oracle Database Server. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Oracle Database
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-10372 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Oracle Hospitality Guest Access
NVD
CVSS 3.0
8.7
EPSS
0.3%
CVE-2017-10401 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). Rated high severity (CVSS 8.7), this vulnerability is low attack complexity.

Denial Of Service Oracle Hospitality Cruise Materials Management
NVD
CVSS 3.0
8.7
EPSS
0.0%
CVE-2017-10034 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Core Formatting API). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.0
8.2
EPSS
1.8%
CVE-2017-10065 HIGH PATCH This Week

Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Retail Point Of Service
NVD
CVSS 3.0
8.5
EPSS
0.2%
CVE-2017-10354 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10338 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Prtl Interaction Hub
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10326 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications Calendar
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10325 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Common Applications Calendar
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10303 HIGH PATCH This Week

Vulnerability in the Oracle Interaction Center Intelligence component of Oracle E-Business Suite (subcomponent: Setup). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Interaction Center Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10026 HIGH PATCH This Week

Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Soa Suite
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10323 HIGH PATCH This Week

Vulnerability in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite (subcomponent: Application Service). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Web Applications Desktop Integrator
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10060 HIGH PATCH This Week

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10398 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). Rated high severity (CVSS 8.4), this vulnerability is low attack complexity.

Authentication Bypass Oracle Hospitality Cruise Fleet Management
NVD
CVSS 3.0
8.4
EPSS
0.1%
CVE-2017-10263 HIGH PATCH This Week

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Siebel Ui Framework
NVD
CVSS 3.0
8.2
EPSS
1.0%
CVE-2017-10050 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: WebConnect). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Hospitality Suite8
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10413 HIGH PATCH This Week

Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Mobile Field Service
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10360 HIGH PATCH This Week

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10417 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10416 HIGH PATCH This Week

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: Setup and Configuration). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Advanced Outbound Telephony
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10415 HIGH PATCH This Week

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Others). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Isupport
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10414 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10412 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10411 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10410 HIGH PATCH This Week

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: Search). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Knowledge Management
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-10409 HIGH PATCH This Week

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.9%
CVE-2017-3446 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3445 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-3444 HIGH PATCH This Week

Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Trade Management
NVD
CVSS 3.0
8.2
EPSS
0.6%
CVE-2017-10364 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Environment Mgmt). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.1
EPSS
1.0%
CVE-2017-10270 HIGH PATCH This Week

Vulnerability in the Oracle Identity Manager Connector component of Oracle Fusion Middleware (subcomponent: Microsoft Active Directory). Rated high severity (CVSS 8.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Oracle Identity Manager Connector
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2017-10190 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Java Oracle Database
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2017-10403 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: iQuery). Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable.

Information Disclosure Oracle Hospitality Reporting And Analytics
NVD
CVSS 3.0
8.0
EPSS
0.9%
CVE-2017-10259 HIGH PATCH This Week

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Coreid Access
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-10037 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Service API). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Business Intelligence Publisher
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-10310 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Financial Reporting component of Oracle Hyperion (subcomponent: Security Models). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Oracle Authentication Bypass Information Disclosure Hyperion Financial Reporting
NVD
CVSS 3.0
7.5
EPSS
2.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy