Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3037 | 1 Oracle | 1 Flexcube Enterprise Limits And Collateral Management | 2019-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.3.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Enterprise Limits and Collateral Management. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2018-7472 | 1 Invt | 1 Studio | 2019-10-03 | 4.9 MEDIUM | 5.5 MEDIUM |
| INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations. | |||||
| CVE-2018-2959 | 1 Oracle | 1 Siebel Ui Framework | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). The supported version that is affected is 18.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | |||||
| CVE-2017-18076 | 2 Debian, Omniauth | 2 Debian Linux, Omniauth | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value is improperly protected because POST (in addition to GET) parameters are stored in the session and become available in the environment of the callback phase. | |||||
| CVE-2017-10025 | 1 Oracle | 1 Business Intelligence Publisher | 2019-10-03 | 6.4 MEDIUM | 8.2 HIGH |
| Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2017-3767 | 2 Lenovo, Realtek | 47 Thinkpad 10, Thinkpad 11e, Thinkpad 13 and 44 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. | |||||
| CVE-2018-3222 | 1 Oracle | 1 Outside In Technology | 2019-10-03 | 5.8 MEDIUM | 7.1 HIGH |
| Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H). | |||||
| CVE-2017-14369 | 1 Rsa | 1 Archer Grc Platform | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege escalation vulnerability. A low privileged RSA Archer user may potentially exploit this vulnerability to elevate their privileges and export certain application records. | |||||
| CVE-2017-10013 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit Software | 2019-10-03 | 7.6 HIGH | 8.3 HIGH |
| Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-0880 | 1 Google | 1 Android | 2019-10-03 | 7.1 HIGH | 6.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. | |||||
| CVE-2017-3478 | 1 Oracle | 1 Flexcube Private Banking | 2019-10-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2017-3746 | 1 Lenovo | 1 Thinkpad Usb 3.0 Ethernet Adapter Driver | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, various versions, was found to contain a privilege escalation vulnerability that could allow a local user to execute arbitrary code with administrative or system level privileges. | |||||
| CVE-2018-2729 | 1 Oracle | 1 Financial Services Funds Transfer Pricing | 2019-10-03 | 5.8 MEDIUM | 8.1 HIGH |
| Vulnerability in the Oracle Financial Services Funds Transfer Pricing component of Oracle Financial Services Applications (subcomponent: User Interface). Supported versions that are affected are 6.1.x and 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Funds Transfer Pricing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Funds Transfer Pricing accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Funds Transfer Pricing accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-0454 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm audio driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33353700. References: QC-CR#1104067. | |||||
| CVE-2018-3087 | 1 Oracle | 1 Vm Virtualbox | 2019-10-03 | 4.4 MEDIUM | 8.6 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-7790 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Firefox < 55. | |||||
| CVE-2018-3662 | 1 Intel | 1 Saffron Memorybase | 2019-10-03 | 7.7 HIGH | 8.0 HIGH |
| Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. | |||||
| CVE-2017-10217 | 1 Oracle | 1 Hospitality Guest Access | 2019-10-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | |||||
| CVE-2017-3335 | 1 Oracle | 1 Marketing | 2019-10-03 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). | |||||
| CVE-2018-6302 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of service by blocking of new camera registration on the cloud server in Hanwha Techwin Smartcams | |||||