Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10248 | 1 Oracle | 1 Peoplesoft Enterprise Prtl Interaction Hub | 2019-10-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: EPPCM_HIER_TOP). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2017-10242 | 1 Oracle | 1 Vm Virtualbox | 2019-10-03 | 4.6 MEDIUM | 7.3 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). | |||||
| CVE-2018-4174 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface. | |||||
| CVE-2018-2566 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2019-10-03 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the Integrated Lights Out Manager (ILOM) component of Oracle Sun Systems Products Suite (subcomponent: Remote Console Application). Supported versions that are affected are 3.x and 4.x. Difficult to exploit vulnerability allows low privileged attacker with network access via TLS to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized access to critical data or complete access to all Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.0 Base Score 7.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N). | |||||
| CVE-2017-3579 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2019-10-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2017-12568 | 1 Brother | 2 Dcp-j132w, Dcp-j132w Firmware | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother DCP-J132W (and probably other DCP models) allows remote attackers to hang the printer (disrupting its network connection) by sending a large amount of HTTP packets. | |||||
| CVE-2018-11542 | 1 Ribboncommunications | 6 Sbc Swe Lite, Sbc Swe Lite Firmware, Sonus Sbc 1000 and 3 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Command Execution (RCE) vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web interface allows for the execution of arbitrary commands via an unspecified vector. It affects the 1000 and 2000 devices 6.0.x up to Build 446, 6.1.x up to Build 492, and 7.0.x up to Build 485. It affects the SWe Lite devices 6.1.x up to Build 111 and 7.0.x up to Build 140. | |||||
| CVE-2017-3484 | 1 Oracle | 1 Flexcube Enterprise Limits And Collateral Management | 2019-10-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2017-10187 | 1 Oracle | 1 Vm Virtualbox | 2019-10-03 | 3.6 LOW | 4.6 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 4.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L). | |||||
| CVE-2017-1000438 | 1 Openmicroscopy | 1 Omero | 2019-10-03 | 6.5 MEDIUM | 8.3 HIGH |
| In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data. | |||||
| CVE-2017-0024 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | |||||
| CVE-2018-6826 | 1 Omninova | 2 Vobot, Vobot Firmware | 2019-10-03 | 7.6 HIGH | 7.5 HIGH |
| An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response. | |||||
| CVE-2018-12016 | 1 Gnome | 1 Epiphany | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via certain window.open and document.write calls. | |||||
| CVE-2017-10234 | 1 Oracle | 1 Solaris Cluster | 2019-10-03 | 4.4 MEDIUM | 7.3 HIGH |
| Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: NAS device addition). The supported version that is affected is 4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris Cluster executes to compromise Solaris Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Solaris Cluster. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | |||||
| CVE-2017-0456 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm IPA driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33106520. References: QC-CR#1099598. | |||||
| CVE-2017-6247 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process in the kernel. Product: Android. Versions: N/A. Android ID: A-34386301. References: N-CVE-2017-6247. | |||||
| CVE-2017-3514 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2019-10-03 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-13167 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993. | |||||
| CVE-2017-0791 | 1 Google | 1 Android | 2019-10-03 | 5.8 MEDIUM | 8.8 HIGH |
| A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. | |||||
| CVE-2018-0682 | 1 Neo | 2 Debun Imap, Debun Pop | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) does not properly manage sessions, which allows remote attackers to read/send mail or change the configuration via unspecified vectors. | |||||