924 matches found
CVE-2017-3626
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Java Server Faces. The supported version that is affected is 3.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle...
CVE-2017-3598
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI. Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP t...
CVE-2017-3579
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite subcomponent: Web Access. Supported versions that are affected are 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows unauthenticated attacker with...
CVE-2017-3517
Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products subcomponent: Web Runtime SEC. The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...
CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...
CVE-2017-3469
Vulnerability in the MySQL Workbench component of Oracle MySQL subcomponent: Workbench: Security : Encryption. Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
UBUNTU-CVE-2017-3513
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM...
UBUNTU-CVE-2017-3469
Vulnerability in the MySQL Workbench component of Oracle MySQL subcomponent: Workbench: Security : Encryption. Supported versions that are affected are 6.3.8 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...
Apache Tomcat Information Disclosure Vulnerability (CNVD-2017-05037)
Apache Tomcat is the United States Apache Apache Software Foundation under the Jakarta project of a lightweight Web application server , it is mainly used for the development and debugging of JSP programs for small and medium-sized systems. A security vulnerability exists in the handling of...
CVE-2016-8926
IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 could allow a remote attacker to read system files or data that is restricted to authorized users. IBM X-Force ID: 118539...
CVE-2017-2989
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database...
Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes
The vulnerability of the Java Mission Control component of the Java Platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain read access to data through network packets...
Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes
The vulnerability of the Networking component of the Java Platform is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through network packets...
Vulnerability of the Java Platform software platform, which allows a perpetrator to gain access to data for reading purposes
The vulnerability of the Java Platform’s networking software components is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to data through network packets...
CVE-2017-3300
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Multichannel Framework. Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2016-8299
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with...
CVE-2016-8307
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications subcomponent: Core. Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with...
JDK: unspecified vulnerability fixed in 6u141, 7u131, and 8u121 (Deployment)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE...
UBUNTU-CVE-2017-3231
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple...
php: Out-of-bounds heap memory read in exif_read_data() caused by malformed input
The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...