CVEs from 2017
Total
11,606
critical
critical 1,650
high
high 5,044
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1333 | medium | 5.3 | 5.3 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an unauthenticated user to obtain sensitive information about the server that could be used in future attacks against the system. IBM X-Force … | |||
| CVE-2017-1148 | medium | 5.3 | 5.3 | 9y ago | IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attack… | |||
| CVE-2017-1000122 | medium | 5.3 | 5.3 | 9y ago | The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate certain message metadata, allowing a compromised secondary process to cause a denial of service (release… | |||
| CVE-2017-6161 | medium | 5.3 | 5.3 | 9y ago | In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSy… | |||
| CVE-2017-5107 | medium | 5.3 | 5.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-5061 | medium | 5.3 | 5.3 | 9y ago | multiple issues in chromium | |||
| CVE-2017-1230 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses insufficiently random numbers or values in a security context that depends on unpredictable numbers. This weakness may allow attacke… | |||
| CVE-2017-1225 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs v… | |||
| CVE-2017-1220 | medium | 5.3 | 5.3 | 9y ago | IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID… | |||
| CVE-2017-15906 | medium | 5.3 | 5.3 | 9y ago | The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. | |||
| CVE-2017-9947 | medium | 5.3 | 5.3 | 9y ago | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with netw… | |||
| CVE-2017-7147 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. The Apple Support app before 1.2 for iOS is affected. The issue involves the "Analytics" component. It allows remote attackers to obtain sensitive a… | |||
| CVE-2017-7146 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that le… | |||
| CVE-2017-7145 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location dat… | |||
| CVE-2017-7142 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the "WebKit Storage" component. It allows attackers to bypass the Safari Private Browsing protectio… | |||
| CVE-2017-7141 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load rem… | |||
| CVE-2017-7140 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading k… | |||
| CVE-2017-7078 | medium | 5.3 | 5.3 | 9y ago | An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sens… | |||
| CVE-2017-2131 | medium | 5.3 | 5.3 | 9y ago | Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to bypass access restrictions to view the configuration menu via unspecified vectors. | |||
| CVE-2017-10383 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitab… | |||
| CVE-2017-10357 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded… | |||
| CVE-2017-10350 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAX-WS). Supported versions that are affected are Java SE: 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easil… | |||
| CVE-2017-10349 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. … | |||
| CVE-2017-10348 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u… | |||
| CVE-2017-10347 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. … | |||
| CVE-2017-10342 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.7. Easily explo… | |||
| CVE-2017-10336 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1… | |||
| CVE-2017-10331 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.… | |||
| CVE-2017-10324 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 1… | |||
| CVE-2017-10322 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Common Applications Calendar component of Oracle E-Business Suite (subcomponent: Applications Calendar). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 1… | |||
| CVE-2017-10319 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vul… | |||
| CVE-2017-10300 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulne… | |||
| CVE-2017-10283 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Performance Schema). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Difficult t… | |||
| CVE-2017-10281 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE… | |||
| CVE-2017-10264 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: UIF Open UI). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows un… | |||
| CVE-2017-10203 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unau… | |||
| CVE-2017-10154 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerabil… | |||
| CVE-2017-10066 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Oracle Forms). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 1… | |||
| CVE-2017-12285 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Travers… | |||
| CVE-2017-13088 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response fra… | |||
| CVE-2017-13087 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowin… | |||
| CVE-2017-13081 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio ran… | |||
| CVE-2017-13080 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points… | |||
| CVE-2017-13079 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio rang… | |||
| CVE-2017-13078 | medium | 5.3 | 5.3 | 9y ago | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points … | |||
| CVE-2017-15300 | medium | 5.3 | 5.3 | 9y ago | The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Ser… | |||
| CVE-2017-10621 | medium | 5.3 | 5.3 | 9y ago | A denial of service vulnerability in telnetd service on Juniper Networks Junos OS allows remote unauthenticated attackers to cause a denial of service. Affected Junos OS releases are: 12.1X46 prior t… | |||
| CVE-2017-10616 | medium | 5.3 | 5.3 | 9y ago | The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior … | |||
| CVE-2017-15014 | medium | 4.3 | 5.3 | 9y ago | OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardl… | |||
| CVE-2017-8715 | medium | 5.3 | 5.3 | 9y ago | The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows… | |||
| CVE-2017-11815 | medium | 5.3 | 5.3 | 9y ago | The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and… | |||
| CVE-2017-12849 | medium | 5.3 | 5.3 | 9y ago | Silverstripe CMS User Enumeration | |||
| CVE-2017-10862 | medium | 5.3 | 5.3 | 9y ago | Insufficient Data Verification in io.really:jwt-scala | |||
| CVE-2017-9273 | medium | 5.3 | 5.3 | 9y ago | The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to unauthorized log configuration changes. | |||
| CVE-2017-12267 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Independent Computing Architecture (ICA) accelerator feature for the Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an ICA… | |||
| CVE-2017-12264 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the Web Admin Interface of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficie… | |||
| CVE-2017-9628 | medium | 5.3 | 5.3 | 9y ago | An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames… | |||
| CVE-2017-1000105 | medium | 5.3 | 5.3 | 9y ago | Missing Authorization in Jenkins Blue Ocean Plugin | |||
| CVE-2017-1000089 | medium | 5.3 | 5.3 | 9y ago | Jenkins Build Step Plugin fails to check Item/Build permission | |||
| CVE-2017-1126 | medium | 5.3 | 5.3 | 9y ago | IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could allow an unauthorized user to obtain sensitive information about software versions that could lead to further attacks. IBM X-Forc… | |||
| CVE-2017-13991 | medium | 5.3 | 5.3 | 9y ago | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features. | |||
| CVE-2017-13990 | medium | 5.3 | 5.3 | 9y ago | An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of Apache Tomcat application server version. | |||
| CVE-2017-14748 | medium | 5.3 | 5.3 | 9y ago | Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific t… | |||
| CVE-2017-9960 | medium | 5.3 | 5.3 | 9y ago | An information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the system response to error provides more information than should b… | |||
| CVE-2017-12250 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the HTTP web interface for Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause an HTTP Application Optimization (AO) related proces… | |||
| CVE-2017-14513 | medium | 5.3 | 5.3 | 9y ago | Directory traversal vulnerability in MetInfo 5.3.17 allows remote attackers to read information from any ini format file via the f_filename parameter in a fingerprintdo action to admin/app/physical/p… | |||
| CVE-2017-1490 | medium | 5.3 | 5.3 | 9y ago | An unspecified vulnerability in the Lifecycle Query Engine of Jazz Reporting Service 6.0 through 6.0.4 could disclose highly sensitive information. | |||
| CVE-2017-8746 | medium | 5.3 | 5.3 | 9y ago | Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "De… | |||
| CVE-2017-8716 | medium | 5.3 | 5.3 | 9y ago | Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles … | |||
| CVE-2017-8713 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulner… | |||
| CVE-2017-8712 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated… | |||
| CVE-2017-8711 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user o… | |||
| CVE-2017-8707 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an i… | |||
| CVE-2017-8706 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from … | |||
| CVE-2017-8704 | medium | 5.3 | 5.3 | 9y ago | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a gu… | |||
| CVE-2017-8695 | medium | 5.3 | 5.3 | 9y ago | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607, 1703, and Server 2016; Off… | |||
| CVE-2017-11761 | medium | 5.3 | 5.3 | 9y ago | Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 allow an input sanitization issue with Microsoft Exchange that could potentially result in unintended Information Disclosure, aka "Mi… | |||
| CVE-2017-14231 | medium | 5.3 | 5.3 | 9y ago | GeniXCMS denial of service (account blockage) | |||
| CVE-2017-5147 | medium | 5.3 | 5.3 | 9y ago | An Uncontrolled Search Path Element issue was discovered in AzeoTech DAQFactory versions prior to 17.1. An uncontrolled search path element vulnerability has been identified, which may execute malici… | |||
| CVE-2017-12217 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the General Packet Radio Service (GPRS) Tunneling Protocol ingress packet handler of Cisco ASR 5500 System Architecture Evolution (SAE) Gateways could allow an unauthenticated, rem… | |||
| CVE-2017-12211 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) code of Cisco IOS and Cisco IOS XE Software could allow an authenticated, remote attacker to cause high CPU usage or a reload of … | |||
| CVE-2017-3735 | medium | 5.3 | 5.3 | 9y ago | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been pres… | |||
| CVE-2017-12709 | medium | 5.3 | 5.3 | 9y ago | A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials,… | |||
| CVE-2017-8446 | medium | 5.3 | 5.3 | 9y ago | Improper Privilege Management in X-Pack | |||
| CVE-2017-6784 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could us… | |||
| CVE-2017-6781 | medium | 5.3 | 5.3 | 9y ago | A vulnerability in the management of shell user accounts for Cisco Policy Suite (CPS) Software for CPS appliances could allow an authenticated, local attacker to gain elevated privileges on an affect… | |||
| CVE-2017-9662 | medium | 5.3 | 5.3 | 9y ago | An Improper Privilege Management issue was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. Monitouch V-SFT is installed in a directory with weak access controls by def… | |||
| CVE-2017-8644 | medium | 4.3 | 5.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Mi… | |||
| CVE-2017-8637 | medium | 5.3 | 5.3 | 9y ago | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler,… | |||
| CVE-2017-3637 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: X Plugin). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low privil… | |||
| CVE-2017-3636 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.56 and earlier and 5.6.36 and earlier. Easily exploitable vul… | |||
| CVE-2017-3635 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/C). Supported versions that are affected are 6.1.10 and earlier. Difficult to exploit vulnerability allows low… | |||
| CVE-2017-3529 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: UDF). Supported versions that are affected are 5.7.18 and earlier. Difficult to exploit vulnerability allows low pri… | |||
| CVE-2017-10244 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Attachments). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12… | |||
| CVE-2017-10207 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Utilities). The supported version that is affected is 2.9. Easily exploitable vulnerabilit… | |||
| CVE-2017-10192 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2… | |||
| CVE-2017-10186 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User and Company Profile). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2… | |||
| CVE-2017-10184 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 an… | |||
| CVE-2017-10117 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.6. Easily explo… | |||
| CVE-2017-10109 | medium | 5.3 | 5.3 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Em… |