Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18261 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
CVE-2018-8107 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8106 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8105 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2017-18275 1 Qualcomm 42 Mdm9206, Mdm9206 Firmware, Mdm9607 and 39 more 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845.
CVE-2017-18277 1 Qualcomm 46 Mdm9206, Mdm9206 Firmware, Mdm9607 and 43 more 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
When dynamic memory allocation fails, currently the process sleeps for one second and continues with infinite loop without retrying for memory allocation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCN5502, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835.
CVE-2017-18299 1 Qualcomm 38 Mdm9206, Mdm9206 Firmware, Mdm9607 and 35 more 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660
CVE-2018-7911 1 Huawei 10 Alp-al00b, Alp-al00b-rsc, Alp-al00b-rsc Firmware and 7 more 2019-10-03 4.9 MEDIUM 4.6 MEDIUM
Some Huawei smart phones ALP-AL00B 8.0.0.106(C00), 8.0.0.113(SP2C00), 8.0.0.113(SP3C00), 8.0.0.113(SP7C00), 8.0.0.118(C00), 8.0.0.120(SP2C00), 8.0.0.125(SP1C00), 8.0.0.125(SP3C00), 8.0.0.126(SP2C00), 8.0.0.126(SP5C00), 8.0.0.127(SP1C00), 8.0.0.128(SP2C00), ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113(SP7C01), 8.0.0.118(C01), 8.0.0.120(SP2C01), 8.0.0.125(SP1C01), 8.0.0.125(SP2C01), 8.0.0.125(SP3C01), 8.0.0.126(SP2C01), 8.0.0.126(SP5C01), 8.0.0.127(SP1C01), 8.0.0.128(SP2C01), 8.0.0.129(SP2C01), Charlotte-AL00A 8.1.0.105(SP7C00), 8.1.0.106(SP3C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP3C00), 8.1.0.108(SP6C00), 8.1.0.109(SP2C00), Emily-AL00A 8.1.0.105(SP6C00), 8.1.0.106(SP2C00), 8.1.0.107(SP5C00), 8.1.0.107(SP7C00), 8.1.0.108(SP2C00), 8.1.0.108(SP6C00), 8.1.0.109(SP5C00) have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Gaode Map and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
CVE-2018-7901 1 Huawei 4 Alp-al00b, Alp-al00b Firmware, Bla-al00b and 1 more 2019-10-03 5.8 MEDIUM 4.4 MEDIUM
RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key that RCS uses to authenticate the application. Successful exploitation may cause the attacker to control keyboard remotely.
CVE-2017-18322 1 Qualcomm 62 Mdm9206, Mdm9206 Firmware, Mdm9607 and 59 more 2019-10-03 2.1 LOW 5.5 MEDIUM
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016.
CVE-2017-18324 1 Qualcomm 64 Mdm9206, Mdm9206 Firmware, Mdm9607 and 61 more 2019-10-03 2.1 LOW 5.5 MEDIUM
Cryptographic key material leaked in debug messages - GERAN in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, SD 855, SDX24, Snapdragon_High_Med_2016.
CVE-2017-18326 1 Qualcomm 68 Mdm9607, Mdm9607 Firmware, Mdm9615 and 65 more 2019-10-03 2.1 LOW 5.5 MEDIUM
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016.
CVE-2018-7770 1 Schneider-electric 1 U.motion 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
The vulnerability exists within processing of sendmail.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The applet allows callers to select arbitrary files to send to an arbitrary email address.
CVE-2018-7757 1 Linux 1 Linux Kernel 2019-10-03 2.1 LOW 5.5 MEDIUM
Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
CVE-2017-2387 1 Apple 1 Apple Music 2019-10-03 2.9 LOW 4.8 MEDIUM
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2091 1 Cybozu 1 Garoon 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.
CVE-2017-2094 1 Cybozu 1 Garoon 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors.
CVE-2017-2143 1 Frogman Office Inc 2 Cs-cart Japanese Edition, Cs-cart Multivendor Japanese Edition 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.
CVE-2017-2399 1 Apple 1 Iphone Os 2019-10-03 2.1 LOW 4.6 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Pasteboard" component. It allows physically proximate attackers to read the pasteboard by leveraging the use of an encryption key derived only from the hardware UID (rather than that UID in addition to the user passcode).
CVE-2017-2352 1 Apple 2 Iphone Os, Watchos 2019-10-03 2.1 LOW 4.6 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the "Unlock with iPhone" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors.
CVE-2017-2322 1 Juniper 1 Northstar Controller 2019-10-03 2.1 LOW 5.5 MEDIUM
A denial of service vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1, may allow an authenticated user to cause widespread denials of service to system services by consuming TCP and UDP ports which are normally reserved for other system services.
CVE-2018-7472 1 Invt 1 Studio 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
INVT Studio 1.2 allows remote attackers to cause a denial of service during import operations.
CVE-2017-2509 1 Apple 1 Mac Os X 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-2516 1 Apple 1 Mac Os X 2019-10-03 4.3 MEDIUM 5.0 MEDIUM
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
CVE-2017-2596 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 6.5 MEDIUM
The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel through 4.9.8 improperly emulates the VMXON instruction, which allows KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references.
CVE-2017-2671 1 Linux 1 Linux Kernel 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVE-2018-7174 1 Xpdfreader 1 Xpdf 2019-10-03 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
CVE-2017-2710 1 Huawei 4 Beethoven-w09a, Beethoven-w09a Firmware, Crr-l09 and 1 more 2019-10-03 2.1 LOW 4.6 MEDIUM
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed.
CVE-2017-2720 1 Huawei 1 Fusionsphere Openstack 2019-10-03 5.0 MEDIUM 5.3 MEDIUM
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
CVE-2017-2721 1 Huawei 22 Berlin-l21, Berlin-l21 Firmware, Berlin-l21hn and 19 more 2019-10-03 2.1 LOW 4.6 MEDIUM
Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
CVE-2017-2723 1 Huawei 1 Files 2019-10-03 2.1 LOW 6.7 MEDIUM
The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak.
CVE-2017-2727 1 Huawei 2 P9, P9 Firmware 2019-10-03 4.6 MEDIUM 4.3 MEDIUM
Huawei P9 smart phones with software versions earlier before EVA-AL00C00B365, versions earlier before EVA-AL10C00B365,Versions earlier before EVA-CL00C92B365, versions earlier before EVA-DL00C17B365, versions earlier before EVA-TL00C01B365 have a privilege escalation vulnerability. An unauthenticated attacker can bypass phone activation to user management page of the phone and create a new user. Successful exploit could allow the attacker operate part function of the phone.
CVE-2017-2728 1 Huawei 2 Honor 6x, Honor 6x Firmware 2019-10-03 6.9 MEDIUM 6.4 MEDIUM
Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.uawei mobile phones have a Bluetooth unlock bypassing vulnerability due to the lack of validation on Bluetooth devices. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobile phone screen.
CVE-2018-8320 1 Microsoft 5 Windows 10, Windows Server 2008, Windows Server 2012 and 2 more 2019-10-03 4.0 MEDIUM 4.3 MEDIUM
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
CVE-2018-6791 2 Debian, Kde 2 Debian Linux, Plasma-workspace 2019-10-03 7.2 HIGH 6.8 MEDIUM
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
CVE-2018-6597 1 Alcatel 2 A30, A30 Firmware 2019-10-03 7.2 HIGH 6.8 MEDIUM
The Alcatel A30 device with a build fingerprint of TCL/5046G/MICKEY6US:7.0/NRD90M/J63:user/release-keys contains a hidden privilege escalation capability to achieve command execution as the root user. They have made modifications that allow a user with physical access to the device to obtain a root shell via ADB. Modifying the read-only properties by an app as the system user creates a UNIX domain socket named factory_test that will execute commands as the root user by processes that have privilege to access it (as per the SELinux rules that the vendor controls).
CVE-2017-3122 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2019-10-03 4.3 MEDIUM 6.5 MEDIUM
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to Bezier curves. Successful exploitation could lead to arbitrary code execution.
CVE-2018-6501 1 Hp 1 Arcsight Management Center 2019-10-03 4.0 MEDIUM 6.5 MEDIUM
Potential security vulnerability of Insufficient Access Controls has been identified in ArcSight Management Center (ArcMC) for versions prior to 2.81. This vulnerability could be exploited to allow for insufficient access controls.
CVE-2018-6253 5 Freebsd, Linux, Microsoft and 2 more 5 Freebsd, Linux Kernel, Windows and 2 more 2019-10-03 4.9 MEDIUM 5.5 MEDIUM
NVIDIA GPU Display Driver contains a vulnerability in the DirectX and OpenGL Usermode drivers where a specially crafted pixel shader can cause infinite recursion leading to denial of service.
CVE-2017-3246 1 Oracle 1 Application Object Library 2019-10-03 3.2 LOW 6.0 MEDIUM
Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Object Library executes to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Application Object Library accessible data as well as unauthorized access to critical data or complete access to all Oracle Application Object Library accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).
CVE-2017-3247 1 Oracle 1 Glassfish Server 2019-10-03 4.3 MEDIUM 4.3 MEDIUM
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core). Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts).
CVE-2017-3562 1 Oracle 1 Applications Dba 2019-10-03 5.5 MEDIUM 6.5 MEDIUM
Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
CVE-2017-3276 1 Oracle 1 Solaris 2019-10-03 3.0 LOW 5.7 MEDIUM
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS v3.0 Base Score 5.7 (Integrity and Availability impacts).
CVE-2017-3281 1 Oracle 1 Partner Management 2019-10-03 4.3 MEDIUM 4.7 MEDIUM
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).
CVE-2017-3282 1 Oracle 1 Partner Management 2019-10-03 4.3 MEDIUM 4.7 MEDIUM
Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS v3.0 Base Score 4.7 (Integrity impacts).
CVE-2017-3286 1 Oracle 1 Applications Dba 2019-10-03 3.2 LOW 6.0 MEDIUM
Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Applications DBA accessible data as well as unauthorized access to critical data or complete access to all Oracle Applications DBA accessible data. CVSS v3.0 Base Score 6.0 (Confidentiality and Integrity impacts).
CVE-2017-3288 1 Oracle 1 Flexcube Investor Servicing 2019-10-03 5.5 MEDIUM 5.4 MEDIUM
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
CVE-2017-3300 1 Oracle 1 Peoplesoft Enterprise Peopletools 2019-10-03 5.8 MEDIUM 6.1 MEDIUM
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts).
CVE-2017-3304 1 Oracle 1 Mysql Cluster 2019-10-03 5.5 MEDIUM 5.4 MEDIUM
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: DD). Supported versions that are affected are 7.2.27 and earlier, 7.3.16 and earlier, 7.4.14 and earlier and 7.5.5 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).
CVE-2017-3305 2 Debian, Oracle 2 Debian Linux, Mysql 2019-10-03 6.3 MEDIUM 5.3 MEDIUM
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.5.55 and earlier and 5.6.35 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). NOTE: the previous information is from the April 2017 CPU. Oracle has not commented on third-party claims that this issue allows man-in-the-middle attackers to hijack the authentication of users by leveraging incorrect ordering of security parameter verification in a client, aka, "The Riddle".