Total
31934 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10253 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2019-10-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2017-13806 | 1 Apple | 1 Iphone Os | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Profiles" component. It does not enforce the configuration profile's settings for whether pairings are allowed. | |||||
| CVE-2017-13170 | 1 Google | 1 Android | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280. | |||||
| CVE-2017-5802 | 1 Hp | 1 Vertica | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics Platform version v4.1 and later was found. | |||||
| CVE-2017-3618 | 1 Oracle | 1 Automatic Service Request | 2019-10-03 | 3.6 LOW | 7.1 HIGH |
| Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Automatic Service Request (ASR) executes to compromise Automatic Service Request (ASR). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Automatic Service Request (ASR) accessible data as well as unauthorized access to critical data or complete access to all Automatic Service Request (ASR) accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2017-14083 | 1 Trendmicro | 1 Officescan | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file. | |||||
| CVE-2018-15804 | 1 Mapr | 1 Mapr | 2019-10-03 | 4.0 MEDIUM | 8.8 HIGH |
| An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as (aka impersonate) any other user, including cluster administrators, aka bug# 31935. This affects all users who have enabled security on the MapR platform and is fixed in mapr-patch-5.2.1.42646.GA-20180731093831, mapr-patch-5.2.2.44680.GA-20180802011430, mapr-patch-6.0.0.20171109191718.GA-20180802011420, and mapr-patch-6.0.1.20180404222005.GA-20180806214919. | |||||
| CVE-2018-5518 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-10-03 | 2.3 LOW | 5.4 MEDIUM |
| On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in "host-only" or "bridged" mode. VCMP guests which are "isolated" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in "Appliance Mode" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as "host-only" or "bridged" mode is required. | |||||
| CVE-2018-12825 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Mac Os X, Chrome Os and 7 more | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Flash Player 30.0.0.134 and earlier have a security bypass vulnerability. Successful exploitation could lead to security mitigation bypass. | |||||
| CVE-2018-2924 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2019-10-03 | 4.6 MEDIUM | 5.7 MEDIUM |
| Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Sun ZFS Storage Appliance Kit (AK) executes to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Sun ZFS Storage Appliance Kit (AK) accessible data as well as unauthorized read access to a subset of Sun ZFS Storage Appliance Kit (AK) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 5.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L). | |||||
| CVE-2017-10153 | 1 Oracle | 1 Communications Webrtc Session Controller | 2019-10-03 | 3.5 LOW | 6.3 MEDIUM |
| Vulnerability in the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Gson)). Supported versions that are affected are 7.0, 7.1 and 7.2. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise Oracle Communications WebRTC Session Controller. While the vulnerability is in Oracle Communications WebRTC Session Controller, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Communications WebRTC Session Controller. CVSS 3.0 Base Score 6.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2018-4232 | 3 Apple, Canonical, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2019-10-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to overwrite cookies via a crafted web site. | |||||
| CVE-2017-10186 | 1 Oracle | 1 Istore | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-10413 | 1 Oracle | 1 Mobile Field Service | 2019-10-03 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Mobile Field Service component of Oracle E-Business Suite (subcomponent: Multiplatform Based on HTML5). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Mobile Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Mobile Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Mobile Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2017-8720 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | |||||
| CVE-2018-2974 | 1 Oracle | 1 Flexcube Universal Banking | 2019-10-03 | 6.5 MEDIUM | 6.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | |||||
| CVE-2018-16561 | 1 Siemens | 8 Simatic S7-300, Simatic S7-300 Firmware, Simatic S7-300f and 5 more | 2019-10-03 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-300 CPUs (All versions < V3.X.16). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. Successful exploitation requires an attacker to be able to send a specially crafted S7 communication packet to a communication interface of the CPU. This includes Ethernet, PROFIBUS, and Multi Point Interfaces (MPI). No user interaction or privileges are required to exploit the security vulnerability. The vulnerability could allow causing a Denial-of-Service condition of the core functionality of the CPU, compromising the availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-3249 | 1 Oracle | 1 Weblogic Server | 2019-10-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). The supported version that is affected is 10.3.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-14595 | 1 Joomla | 1 Joomla\! | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state. | |||||
| CVE-2018-2750 | 1 Oracle | 1 Enterprise Manager Base Platform | 2019-10-03 | 6.8 MEDIUM | 7.1 HIGH |
| Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Products Suite (subcomponent: UI Framework). The supported version that is affected is 12.1.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). | |||||