Total
31844 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-0791 | 1 Google | 1 Android | 2025-04-20 | 5.8 MEDIUM | 8.8 HIGH |
| A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-37306719. References: B-V2017052302. | |||||
| CVE-2017-1468 | 1 Ibm | 2 Infosphere Information Server, Softlayer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a local user to gain elevated privileges by placing arbitrary files in installation directories. IBM X-force ID: 128467. | |||||
| CVE-2017-10041 | 1 Oracle | 1 Business Intelligence Publisher | 2025-04-20 | 4.9 MEDIUM | 7.6 HIGH |
| Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all BI Publisher accessible data as well as unauthorized update, insert or delete access to some of BI Publisher accessible data. CVSS 3.0 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2017-8859 | 1 Veritas | 1 Netbackup Appliance | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | |||||
| CVE-2017-10007 | 1 Oracle | 1 Flexcube Private Banking | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2017-0392 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290. | |||||
| CVE-2017-10214 | 1 Oracle | 1 Retail Xstore Point Of Service | 2025-04-20 | 6.4 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Xstore Office). Supported versions that are affected are 6.0.x, 6.5.x, 7.0.x, 7.1.x, 15.0.x and 16.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Xstore Point of Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Retail Xstore Point of Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2017-1000361 | 1 Opendaylight | 1 Opendaylight | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| DOMRpcImplementationNotAvailableException when sending Port-Status packets to OpenDaylight. Controller launches exceptions and consumes more CPU resources. Component: OpenDaylight is vulnerable to this flaw. Version: The tested versions are OpenDaylight 3.3 and 4.0. | |||||
| CVE-2017-17553 | 1 Changyou | 1 Dolphin | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities within the Dolphin Browser. | |||||
| CVE-2017-3369 | 1 Oracle | 1 Isupport | 2025-04-20 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). | |||||
| CVE-2017-10039 | 1 Oracle | 1 Agile Plm | 2025-04-20 | 3.5 LOW | 6.8 MEDIUM |
| Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Web Client). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N). | |||||
| CVE-2017-10148 | 1 Oracle | 1 Weblogic Server | 2025-04-20 | 5.0 MEDIUM | 5.8 MEDIUM |
| Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.1 and 12.2.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N). NOTE: the previous information is from the July 2017 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to inject special data into log files via a crafted T3 request. | |||||
| CVE-2017-0408 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670. | |||||
| CVE-2017-10209 | 1 Oracle | 1 Vm Virtualbox | 2025-04-20 | 3.6 LOW | 5.2 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 5.2 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L). | |||||
| CVE-2017-10203 | 1 Oracle | 1 Mysql Connector\/net | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2017-0281 | 1 Microsoft | 8 Office, Office Online Server, Office Web Apps and 5 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Server 2010 SP2, Word 2016, and Skype for Business 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-0261 and CVE-2017-0262. | |||||
| CVE-2017-0800 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| A elevation of privilege vulnerability in the MediaTek teei. Product: Android. Versions: Android kernel. Android ID: A-37683975. References: M-ALPS03302988. | |||||
| CVE-2017-7999 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-20 | 3.5 LOW | 6.5 MEDIUM |
| Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors. | |||||
| CVE-2017-3441 | 1 Oracle | 1 Customer Interaction History | 2025-04-20 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Customer Interaction History accessible data as well as unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). | |||||
| CVE-2017-10375 | 1 Oracle | 1 Hospitality Guest Access | 2025-04-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | |||||